Enterprises have better sources of endpoint telemetry to respond to intrusions than ever before, yet attackers continue to slip through the cracks, often with surprising ease. And security teams still struggle to fully scope or remediate compromises, even after they’ve been detected.
This presentation will examine why it's so difficult to gather and maintain the right mix of endpoint data for effective incident response. It will then demonstrate how a blended approach — combining technologies like Elasticsearch with distributed, on-endpoint analysis — can offer comprehensive, high-speed, and efficient visibility at any scale. Examples from real-world breaches (including a few that inspired hacks in the latest season of Mr. Robot) will illustrate lessons learned from the field.
Ryan Kazanciyan| Chief Security Architect | Tanium