The Importance of NDR Detection-in-Depth

2023-08-WB-SANS Importance of NDR Detection-in-Depth


Detection engineering has evolved into an art, contributing to the success rates of endpoint and network detection and response tooling capabilities. Used to effectively counter the increasing complexity of today’s cyber threat actors, high-fidelity detections can help an organization discover threats earlier, neutralizing them before further damage can occur.

Not all detections are created equally, however, and neither are detection opportunities. While many security stacks focus on endpoint detections, NDR capabilities continue to prove essential for effectively detecting modern threats within an environment.

Join SANS Instructor Matt Bromiley and Corelight’s Senior Director of Product Marketing John Gamble as they discuss the importance of NDR detections-in-depth. They not only will delve into the various available NDR detection methods, examining the benefits and drawbacks of each, but they will also examine key implementation ideas and detection laddering.

Watch the recorded webinar

John Gamble - image


John Gamble

Director of Product Marketing, Corelight

John Gamble is Director of Product Marketing at Corelight and has spent more than a decade in the data protection industry representing cybersecurity, privacy and identity verification solutions, including his most recent role as Director of Product Marketing at Lookout, a mobile endpoint security company.

Matt Bromiley - image


Matt Bromiley

Instructor, SANS Institute

Matt Bromiley is a SANS digital forensics and incident response (IR) instructor, teaching FOR508 Advanced Incident Response, Threat Hunting, and Digital Forensics and SANS FOR572 Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response. He is also an IR consultant at a global IR and forensic analysis company, combining experience in digital forensics, log analytics, and incident response and management.


Corelight provides security teams with network evidence so they can protect the world's most critical organizations and companies.