Detecting and responding to threats is a core function of cybersecurity, but it’s more complex than it sounds. While buzzwords like Extended Detection & Response (XDR), Endpoint Detection & Response (EDR), and Network Detection & Response (NDR) are often discussed, understanding how to apply them to enrich investigations is key. Every environment has unique variables and goals, but they all share one common element: endpoints. Securing these devices, whether they’re on-site or remote, starts with fundamental visibility.

This session will show you how EDR serves as the cornerstone for all detection and response methodologies. We’ll start with an overview of various frameworks, focusing on both the endpoint and the network. Then, we’ll dive into a real-world forensic investigation of a Remote Access Trojan (RAT) called SharpRhino. Using the MITRE ATT&CK® Framework, we’ll demonstrate best practices for detection and response, including a look at the tactics, techniques, and procedures used in this exploit, along with recommended mitigations.

WiCyS is proud to provide members the opportunity to earn CPE/CEU credits for attending WiCyS Webinars live.

To earn CPE/CEU credits with the following providers, you must meet the minimum requirements:

• GIAC/(ISC)2: attend for a minimum of 45 minutes or the entirety of the webinar
• CompTIA: attend for a minimum of 60 minutes or the entirety of the webinar (webinar topic must relate to the certificate being renewed)

Attendees who meet the requirements can log into BrightTALK to print out their attendance certificates to submit for CPE/CEU credits.

Register for this webinar and view the recording if you are unable to join live.