Is This Thing On? How To Test Your EDR

Logo
Presented by

Joff Thyer, PenTester and R&D, Black Hills Information Security & Brian Laskowski, Incident Detection Engineer, Blumira

About this talk

How can you make sure that your endpoint detection and response tool will alert you about security threats when they inevitably appear in your environment? Not all EDRs are created equal. Sadly, some are far behind the curve when it comes to providing actionable alerts, detection depth, or simply prevention effectiveness. Testing an EDR tool can ensure that the tool delivers on the vendor’s promise and detects the attacker behaviors that it should. Join Joff Thyer, Penetration Tester, Developer and Researcher at Black Hills Information Security, along with Blumira’s Brian Laskowski, Incident Detection Engineer, as they go through ways to test your EDR. They’ll cover: - Configuration requirements to get started with EDR emulation - How to determine whether an EDR will pick up on behaviors like process activity, network connections and registry content rather than just raw file inspection - Free tools like Sysmon and Windows Defender that can assist in the testing process - And more

Related topics:

More from this channel

Upcoming talks (1)
On-demand talks (4)
Subscribers (277)
Blumira’s automated detection and response platform enables faster resolution of threats to help stop attacks and prevent breaches. Try it free today: blumira.com/trial