How can you make sure that your endpoint detection and response tool will alert you about security threats when they inevitably appear in your environment?
Not all EDRs are created equal. Sadly, some are far behind the curve when it comes to providing actionable alerts, detection depth, or simply prevention effectiveness. Testing an EDR tool can ensure that the tool delivers on the vendor’s promise and detects the attacker behaviors that it should.
Join Joff Thyer, Penetration Tester, Developer and Researcher at Black Hills Information Security, along with Blumira’s Brian Laskowski, Incident Detection Engineer, as they go through ways to test your EDR.
They’ll cover:
- Configuration requirements to get started with EDR emulation
- How to determine whether an EDR will pick up on behaviors like process activity, network connections and registry content rather than just raw file inspection
- Free tools like Sysmon and Windows Defender that can assist in the testing process
This interactive, conversational-style session encourages questions and engagement with viewers – so sign up today for access to our security experts.
Participants
Joff Thyer, Penetration Tester, Developer and Researcher, Black Hills Information Security
Joff Thyer has been a Penetration Tester and Security Analyst with Black Hills Information Security (BHIS) since 2013. He has an associate in Computer Science, a B.S. in Mathematics, and an M.S. in Computer Science, as well as several certifications (listed below). The best part of a penetration test for Joff is developing sophisticated malware that tackles defensive solutions, ultimately delivering exciting wins for company engagements. He has extensive experience covering intrusion prevention/detection systems, infrastructure defense, vulnerability analysis, defense bypass, source code analysis, and exploit research. When Joff isn’t working or co-hosting the Security Weekly podcast, he enjoys making music and woodworking.
Certifications:
- GXPN: GIAC Certified Exploit Researcher and Advanced Penetration Tester
- GWAPT: GIAC Certified Web Application Penetration Tester
- GPEN: GIAC Certified Penetration Tester
- GCIA: GIAC Certified Intrusion Analyst
- GCIA Gold: GIAC Covert Data Storage Channel using IP Headers certification
Brian Laskowski, Incident Detection Engineer, Blumira
Brian has 5 years of experience in IT, with prior work including linux systems administration to most recently leading the threat intelligence program at the State of Michigan security operations center. Other areas of focus have included, incident response, threat hunting, memory analysis, adversary emulation, and SOC metrics. Brian currently holds SANS certifications for the GCIH, GCTI, and most recently the GDAT.
Erica Mixon, Content Marketing Manager, Blumira
Erica has over five years of experience covering the tech industry. Prior to joining Blumira, she was a senior editor at TechTarget, where she wrote about enterprise IT topics such as virtualization, Windows 10, and data center management. She holds a Bachelor’s degree in writing, literature and publishing from Emerson College.
About Blumira’s Security Advisors Series
Blumira’s Security Advisor Series is a virtual roundtable with experts in the information security and compliance industry offering insight into timely security topics. These interactive sessions encourage questions from the audience and engagement with viewers. Our mission is to bring awareness to current cybersecurity issues and provide trusted security advisors to the broader community.
Erica Mixon
Erica is an award-winning writer, editor and journalist with over ten years of experience in the digital publishing industry. She holds a Bachelor’s degree in writing, literature and publishing from Emerson College. Her foray into technology began at TechTarget, where she provided editorial coverage on a wide variety...
More from the blog
View All Posts12/10 Webinar - Detection and Response Decoded: From AV to XDR
Read MoreOn-Demand - I Log IT A Lot – Free Logging for Duo Security and Umbrella with Blumira
Read MoreOn-Demand - Election-Inspired Incident Response: Lessons from Real-Life Scenarios
Read MoreSubscribe to email updates
Stay up-to-date on what's happening at this blog and get additional content about the benefits of subscribing.