Got GIAC? Free GIAC Cert Attempt Included with OnDemand 5 or 6 Day Training thru July 7


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Why Traditional EDR Is Not Working--and What to Do About It

  • Friday, June 28, 2019 at 1:00 PM EDT (2019-06-28 17:00:00 UTC)
  • Jake Williams, Ismael Valenzuela


  • Mcafee LLC

You can now attend the webcast using your mobile device!



Endpoint detection and response faces many challenges, even as most practitioners deploy some kind of EDR solution. For example, many solutions don't integrate data from other sources, provide low quality data and are too complex to be effective. Join SANS and experts from McAfee to discuss how EDR can be improved and better used not only for detection, but also for investigation and response.

SANS' Jake Williams and McAfee's Ismael Valenzuela will examine how EDR has evolved into not just alerting on suspicious things but also helping you investigate and respond effectively. Hear use cases for evaluating EDR solutions. View the associated whitepaper here.

Speaker Bios

Jake Williams

Jake Williams is a SANS analyst, senior SANS instructor, course author and designer of several NetWars challenges for use in SANS' popular, "gamified" information security training suite. Jake spent more than a decade in information security roles at several government agencies, developing specialties in offensive forensics, malware development and digital counterespionage. Jake is the founder of Rendition InfoSec, which provides penetration testing, digital forensics and incident response, expertise in cloud data exfiltration, and the tools and guidance to secure client data against sophisticated, persistent attacks on-premises and in the cloud.

Ismael Valenzuela

SANS Certified Instructor Ismael Valenzuela ( is coauthor of the CyberDefense and Blue Team Operations course, SANS SEC530: Defensible Security Architecture and Engineering, and holds many professional certifications, including the highly regarded GIAC Security Expert (GSE #132).

Since he founded one of the first IT Security consultancies in Spain, Ismael Valenzuela has participated as a security professional in numerous projects across the globe over the past 19 years. Prior to his current role as Senior Principal Engineer at McAfee, where he leads research on threat hunting using machine-learning and expert-system driven investigations, Ismael led the delivery of SOC, IR & Forensics services for the Foundstone Services team within Intel globally. Previously, Ismael worked as Global IT Security Manager for iSOFT Group Ltd, one of the world's largest providers of healthcare IT solutions, managing their security operations in more than 40 countries.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.