There has been a huge explosion of different free and open-source options for EDR in the security space. Which is nice because the commercial offerings are stupid expensive. In this Black Hills Information Security (BHIS) webcast, we look at OpenEDR, Elastic, and Velociraptor. With all these great options, there is no reason your organization should not have one of these offerings. Further, they are essential for any IR gig you may do.
You may be a shop that is looking at commercial offerings, however, you should always look at the free offerings first. Remember, you are not paying for what the commercial product offers, you are paying for what it does versus what the free offerings do not.
Join the BHIS Community Discord: https://discord.gg/bhis
0:00:00 – FEATURE PRESENTATION: Your Free & Open EDR Options!
0:02:03 – Why We here?
0:04:46 – EDR? Like that there electronic music?
0:11:48 – Vendors
0:14:21 – MITRE Evaluations
0:19:17 – So, Why EDR?
0:23:05 – Free and Open Source?
0:28:48 – OSSEC
0:31:12 – So, WAZUH
0:38:28 – Velociraptor
0:41:09 – DEMO: Velociraptor
0:48:35 – Vendors and Free/OS
0:49:57 – Elastic (Formerly Endgame)
0:55:09 – OPEN EDR – From Comodo
0:58:41 – Conclusions
1:01:53 – Backdoors & Breaches Virtual
Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2021/03/SLIDES_OpenandFreeEDR.pdf
Want to level up your skills and learn more straight from John himself?
You can check out his classes below!
Available live/virtual and on-demand