The Best Online Cybersecurity Training in the World - SANS OnDemand


To attend this webcast, login to your SANS Account or create your Account.

Real-time Incident Remediation

  • Wednesday, March 28th, 2018 at 1:00 PM EDT (17:00:00 UTC)
  • Jake Williams and Andy Schmid
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.


  • 1E

You can now attend the webcast using your mobile device!


Organizations are under constant attack leaving IT to investigate hundreds of incidents a day. If a breach or malware attack occurs, there are several steps taken before remediation can begin, causing potentially hundreds of thousands of endpoints to endure vulnerability before IT ops can respond the incident. It is important that security can investigate issues in organizational context as quickly as possible. Its also crucial that operations have the right tools to respond to the incident cross-platform at scale within the organization. In addition, the resolution of the incident should become part of the organizational knowledge base so if the incident reoccurs, the resolution can be automated.

We will discuss:          

  • EDR Solution takes too long to respond. Talking to 200 hosts is fine, but talking to 20,000 hosts takes forever. 
  • EDR Solutions have blind spots on Linux clusters and some people are using Macs.
  • Scale of product is very important to be able to roll this out.  
  • Software inventory is very important. We discuss 10 important factors.

Speaker Bios

Jake Williams

Jake Williams is a SANS analyst, senior SANS instructor, course author and designer of several NetWars challenges for use in SANS' popular, "gamified" information security training suite. Jake spent more than a decade in information security roles at several government agencies, developing specialties in offensive forensics, malware development and digital counterespionage. Jake is the founder of Rendition InfoSec, which provides penetration testing, digital forensics and incident response, expertise in cloud data exfiltration, and the tools and guidance to secure client data against sophisticated, persistent attacks on-premises and in the cloud.

Andy Schmid

Andy Schmid, senior vice president of product, leads 1E's product strategy. He is responsible for 1E's go-to-market strategy including analyst relations, product marketing, product management, sales evangelism, and sales and technical enablement globally. Before joining 1E, Andy was responsible for Blue Coat's Asia Pacific/Japan product marketing team, after having led McAfee's Asia Pacific product and solution marketing team. Prior to that, Andy led Symantec's enterprise security product marketing team in the region for five years. He holds an MBA from the Australian Graduate School of Management and a bachelor's degree in computer science from the College of Higher Education in Regensburg, Germany.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.