Know Your Blind Spots: Better Visibility Through EDR Policy Hardening
Endpoint Detection and Response (EDR) tools identify, detect, and respond to anomalous behavior. They assist blue teams, incident response operations, and threat hunting. However, an EDR is only as effective as the events it can detect. Alerts and actions depend on the tool's detections, which in turn depend on visibility within the environment.
SANS-Know-Your-Blind-Spots-Williams (PDF, 0.83MB)
9 Jun 2026Related Content
SANS 2025 CTI Survey Webcast & Forum: Navigating Uncertainty in Today’s Threat Landscape
Research PaperThis paper explores results from the SANS 2025 CTI Survey, with insights into how cybersecurity...
- 20 May 2025
- Rebekah Brown, Andreas Sfakianakis
Beneath the Mask: Can Contribution Data Unveil Malicious Personas in Open-Source Projects?
Research PaperIn February 2024, after building trust over two years with project maintainers by making a significant volume of legitimate contributions, GitHub user "JiaT75" self-merged a version of the XZ Utils project containing a highly sophisticated well-disguised backdoor targeting sshd processes running on systems with the backdoored package installed.
- 13 May 2025
- SANS Institute
Catching the Hand in the Cookie Jar: Canary Session Cookies
Research PaperThis project demonstrates how even applications secured with MFA are still vulnerable to hijacked session cookies. Given the persistent threats posed to organizations by stolen authentication cookies, this research proposes implementing Canary session cookies to detect the theft and malicious use of credentials.
- 17 Apr 2025
- Caleb Patten
A Pebble In the Ocean: Maximizing Log Fidelity In Container Environments
Research PaperLog fidelity is crucial for Incident Response Teams to investigate and contain cyber incidents but can be difficult to optimize in containerized environments.
- 17 Apr 2025
- Zach Salva
SANS 2025 Threat Hunting Survey: Advancements in Threat Hunting Amid AI and Cloud Challenges
Research PaperThe 2025 SANS Threat Hunting Survey marks a decade of tracking how organizations evolve their threat hunting capabilities.
- 13 Mar 2025
- Josh Lemon
Empowering Responders with Automated Investigation
Research PaperThis white paper investigates how Binalyze’s AIR platform reduces the overhead of forensic investigations by automating the process of collecting artifacts, triaging the data, and identifying next steps.
- 18 Feb 2025
- Megan Roddie-Fonseca
Beyond Detection: Using Real Phishing Data to Gauge Security Training Program Success
Research PaperThis paper defines one method of network security monitoring in an organization to find these existing indicators.
- 7 Jan 2025
- Cory Keller
Hunting the Hound of Hades: Kerberos Delegation Attacks, Detections and Defenses
Research PaperWhen misconfigured, Kerberos delegation in an Active Directory environment can lead to complete domain compromise.
- 23 Dec 2024
- Ben Boyle
Threat Intelligence-Driven Attack Surface Management
Research PaperDefenders struggle to keep up with the pace of digital transformation in the face of an expanding...
- 9 Aug 2022
- Jonathan Matkowsky
How to Build and Use an Incident Response Playbook Effectively
Research PaperAn effective incident response playbook provides structure and clarity during high-pressure security events.
- 25 Jul 2022
- Andreas Seiler
Windows 10 vs. Windows 11, What Has Changed?
Research PaperWindows 10 was released on July 29, 2015. It has since become the most installed desktop operating...
- 25 Jul 2022
- Andrew Rathbun
Malware Function-based encryption technique
Research PaperRecent malware often uses techniques to evade detection by cybersecurity products. One of the...
- 22 Jun 2022
- Hirokazu Murakami
Detecting Unauthorized Behavior From Legitimate Accounts
Research PaperIncident Responders face an almost insurmountable amount of log events, and the move to the Cloud...
- 22 Jun 2022
- Rodney Caudle
Recommendations for small/medium-sized businesses enabling incident response
Research PaperSecurity incidents are inevitable. While large businesses can afford security teams to prepare and...
- 17 Jan 2022
- Luke Pearson
Cloud Forensics Triage Framework (CFTF)
Research PaperDigital media forensic investigations come in multiple forms and span single assets - from thumb...
- 28 Jul 2021
- Michael Beck
EDR Evasion: Stranger Things In A Payload
Research PaperTackling enterprise security has many pitfalls. Yet, the emergence of Endpoint Detection and Response (EDR) products has paved a way for threat hunters to act at scale.
- 28 Jul 2021
- Christopher Watson
CIS CSC Controls vs. Ransomware: An Evaluation
Research PaperCybercriminals continue to develop and enhance both new and existing ransomware variants, exploiting...
- 19 May 2021
- Dylan Malloy
Missing SQLite Records Analysis
Research PaperThis article will specifically discuss the identification of missing records, within the SQLite...
- 12 Mar 2021
- Ian Whiffin, Shafik G Punja, Ian Whiffin
Insider Threat The Theft of Intellectual Property in Windows 10
Research PaperThe prevalence of the theft of intellectual property investigations has grown over the past years...
- 11 Mar 2021
- Eduard Du Plessis
A Forensic Analysis of the Encrypting File System
Research PaperEFS or the Encrypting File System is a feature of the New Technology File System (NTFS). EFS...
- 24 Feb 2021
- Ramprasad Ramshankar