Save $400 on Cyber Security Training at SANS Seattle Spring 2018. Ends 2/28.


To attend this webcast, login to your SANS Account or create your Account.

Pinpoint and Remediate Unknown Threats: SANS Review of EnCase Endpoint Security 6

  • Thursday, March 15th, 2018 at 1:00 PM EST (17:00:00 UTC)
  • Jake Williams and Charles Choe


  • OpenText Corporation

You can now attend the webcast using your mobile device!


With the increasing prevalence of security incidents that can lead to data breaches, security teams are learning quickly that the endpoint is involved in almost every targeted attack. Recent trends in the SANS 2017 endpoint security survey indicate that despite the best efforts of security teams, employees are more likely than ever to fall victim to phishing and ransomware attacks, putting enterprise data at risk.

With so many warning signs coming in by way of security alerts, why are these attacks getting through and spreading on the network? Simple: Security alert volume is higher than ever and InfoSec time and resources are at a premium. The solution lies in contextual data and automation to help security analysts quickly validate and respond to real threats in their environments. 

This is the purpose of EnCase Endpoint Security, which released its version 6.02. Endpoint Security works with leading security tools to ingest alerts and then apply threat intelligence and scoring so security teams can focus their response on the most critical incidents.

In this webcast, SANS analyst Jake Williams will review his testing results, including how he used EnCase Endpoint Security to:

  • Detect unknown threats through anomalous behavior analysis
  • Validate threats with data enrichment and contextualization
  • Triage alerts and identify gaps in coverage
  • Forensically remediate threats (delete files, reset or delete registry keys, kill processes) without taking down servers

Register for this webcast and receive early access to the whitepaper written by Jake Williams.

Speaker Bios

Jake Williams

Jake Williams is a SANS analyst, certified SANS instructor, course author and designer of several NetWars challenges for use in SANS' popular, "gamified" information security training suite. Jake spent more than a decade in information security roles at several government agencies, developing specialties in offensive forensics, malware development and digital counterespionage. Jake is the founder of Rendition InfoSec, which provides penetration testing, digital forensics and incident response, expertise in cloud data exfiltration, and the tools and guidance to secure client data against sophisticated, persistent attack on-premises and in the cloud.

Charles Choe

Charles Choe, is a senior product marketing manager at OpenText responsible for both the EnCase Endpoint Security and EnForce Risk Manager products. He has almost 10 years of experience in product management and product marketing, with advanced degrees in both law and business. Charles has been with OpenText (formerly Guidance Software) for just under three years.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.