Detection engineering has evolved into an art, contributing to the success rates of endpoint and network detection and response tooling capabilities. Used to effectively counter the increasing complexity of today’s cyber threat actors, high-fidelity detections can help an organization discover threats earlier, neutralizing them before further damage can occur.
Not all detections are created equally, however, and neither are detection opportunities. While many security stacks focus on endpoint detections, NDR capabilities continue to prove essential for effectively detecting modern threats within an environment.
Join SANS Instructor Matt Bromiley and Corelight’s Senior Director of Product Marketing John Gamble as they discuss the importance of NDR detections-in-depth. They not only will delve into the various available NDR detection methods, examining the benefits and drawbacks of each, but they will also examine key implementation ideas and detection laddering.
SPEAKER:
John Gamble
Director of Product Marketing, Corelight
John Gamble is Director of Product Marketing at Corelight and has spent more than a decade in the data protection industry representing cybersecurity, privacy and identity verification solutions, including his most recent role as Director of Product Marketing at Lookout, a mobile endpoint security company.
SPEAKER:
Matt Bromiley
Instructor, SANS Institute
Matt Bromiley is a SANS digital forensics and incident response (IR) instructor, teaching FOR508 Advanced Incident Response, Threat Hunting, and Digital Forensics and SANS FOR572 Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response. He is also an IR consultant at a global IR and forensic analysis company, combining experience in digital forensics, log analytics, and incident response and management.