Data breaches and APTs are consistently traced back to an initial, compromised endpoint.
Monitoring workstations is absolutely critical to early stage detection and disruption of attacks. Earlier this year I showed you how to use Windows Event Forwarding to aggregate security logs from computers within your network. But what about all the laptops of mobile and remote users? IT business management needs to realize that these endpoints – even though not physically inside your firewall – are equally a risk. In this webinar I will demonstrate why and then I will show you what many would assume is impossible: how to monitor all endpoints – including those on business trips, in the field at a telecommuter’s home – in near real-time.
You will find out how to be alerted as soon as a new program runs for the first time on a given endpoint. When new applications are installed or when suspicious program crashes occur which are indicative of memory-based malware attacks. I'll provide a list of other events that are critical to monitor on endpoints.
I'll even show you how you can determine who is physically present at their remote computer. All of this and more is possible with Windows Event Forwarding which is available on all supported versions of Windows. In this webinar I'll be focusing on how to implement Windows Event Forwarding over the Internet – securely. What about when laptops aren't connected at all? Windows Event Forwarding automatically saves up events until the computer is back on the Internet. What about laptops that are sometimes at the office, on your network but often remote, too? No problem, I'll show you how to set up event forwarding so that computers automatically handle such changes.
EventTracker has agreed to sponsor this real training for free ™ session and A. N. Ananth will briefly show you how EventTracker can easily consume forwarded events and provide the archival, correlation, alerting and reporting that you need in order to instantly detect threats across all your systems no matter where they are. You can also compare EventTracker's workstation agent's capabilities that beyond native Windows event forwarding. And in general, you'll see that EventTracker is designed for Windows networks from the ground up – unlike many of the other big name SIEMs. Tune in to learn more.
I think this webinar will blow your mind in what is possible and how it can accelerate your detection of intrusions before they get too far. Please register now!