Is This Thing On? How To Test Your EDR

How can you make sure that your endpoint detection and response tool will alert you about security threats when they inevitably appear in your environment?  

Not all EDRs are created equal. Sadly, some are far behind the curve when it comes to providing actionable alerts, detection depth, or simply prevention effectiveness. Testing an EDR tool can ensure that the tool delivers on the vendor’s promise and detects the attacker behaviors that it should. 

Join Joff Thyer, Penetration Tester, Developer and Researcher at Black Hills Information Security, along with Blumira’s Brian Laskowski, Incident Detection Engineer, as they go through ways to test your EDR. 

They’ll cover:

• Configuration requirements to get started with EDR emulation
• How to determine whether an EDR will pick up on behaviors like process activity, network connections and registry content rather than just raw file inspection
• Free tools like Sysmon and Windows Defender that can assist in the testing process

This interactive, conversational-style session encourages questions and engagement with viewers – so sign up today for access to our security experts.

Participants

Joff Thyer, Penetration Tester, Developer and Researcher, Black Hills Information Security

Joff Thyer has been a Penetration Tester and Security Analyst with Black Hills Information Security (BHIS) since 2013. He has an associate in Computer Science, a B.S. in Mathematics, and an M.S. in Computer Science, as well as several certifications (listed below). The best part of a penetration test for Joff is developing sophisticated malware that tackles defensive solutions, ultimately delivering exciting wins for company engagements. He has extensive experience covering intrusion prevention/detection systems, infrastructure defense, vulnerability analysis, defense bypass, source code analysis, and exploit research. When Joff isn’t working or co-hosting the Security Weekly podcast, he enjoys making music and woodworking.

Certifications: 

• GXPN: GIAC Certified Exploit Researcher and Advanced Penetration Tester
• GWAPT: GIAC Certified Web Application Penetration Tester
• GPEN: GIAC Certified Penetration Tester
• GCIA: GIAC Certified Intrusion Analyst
• GCIA Gold: GIAC Covert Data Storage Channel using IP Headers certification

Brian Laskowski, Incident Detection Engineer, Blumira

Brian has 5 years of experience in IT, with prior work including linux systems administration to most recently leading the threat intelligence program at the State of Michigan security operations center. Other areas of focus have included, incident response, threat hunting, memory analysis, adversary emulation, and SOC metrics. Brian currently holds SANS certifications for the GCIH, GCTI, and most recently the GDAT.

Erica Mixon, Content Marketing Manager, Blumira

Erica has over five years of experience covering the tech industry. Prior to joining Blumira, she was a senior editor at TechTarget, where she wrote about enterprise IT topics such as virtualization, Windows 10, and data center management. She holds a Bachelor’s degree in writing, literature and publishing from Emerson College.

About Blumira’s Security Advisors Series

Blumira’s Security Advisor Series is a virtual roundtable with experts in the information security and compliance industry offering insight into timely security topics. These interactive sessions encourage questions from the audience and engagement with viewers. Our mission is to bring awareness to current cybersecurity issues and provide trusted security advisors to the broader community.