SANS Webinar & Whitepaper:
Passive Isn't Good Enough: Moving into ActiveEDR

View On-Demand

Get the Webinar & Whitepaper


Endpoint detection and response (EDR) technologies pick up where antivirus technologies leave off. EDR focuses on identifying anomalous activity at scale, but often falls prey to delayed analyses due to cloud management systems and drains on staffing and time. 

View the webinar to learn:

  • What makes Active EDR different from Passive EDR and, therefore, so useful for analysis on a large scale
  • Why known attacks should be handled in Active versus Passive EDR alerts
  • The types of holistic storytelling Active EDR can tell about a given attacks

Register now and get access to the associated paper, including actionable takeaways, written by SANS analyst, instructor and cybersecurity expert Justin Henderson.

Speaker Bios

Justin Henderson
Justin Henderson is a certified SANS instructor who authored the SEC555 (SIEM with Tactical Analytics) course and co-authored SEC455 (SIEM Design and Implementation) and SEC530 (Defensible Security Architecture). He is a member of the SANS Cyber Guardian Blue Team who is passionate about making defense fun and engaging. Justin specializes in threat hunting via SIEM, network security monitoring and ad hoc scripting.


Migo Kedem
Migo Kedem is the senior director of products and marketing at SentinelOne. Before joining SentinelOne, Mr. Kedem spent a decade in building cybersecurity products for Palo Alto Networks and Checkpoint.