The hard part about security is to do simple things at scale", in this talk we will discuss the gotchas of building endpoint protection at scale. The talk is focused on the engineering aspects of building an EDR (endpoint detection and response) solution as opposed to the security requirements.
EDR solutions rest on the idea that collecting as much information as possible from the OS allows to detect malicious patterns. The challenges of that approach are threefold: what and how to collect, where and how to store and how to analyze what has been collected. All these questions become non-trivial past a certain scale. In this talk we will cover some of those challenges and lessons learned while implementing such a solution.

Vincenzo is an entrepreneur and investor. He currently serves as a Senior Director at CrowdStrike following the sale of his company Iperlane in 2017. Vincenzo is also a Network Leader at Village Global, a seed stage VC fund based in Silicon Valley. In addition, Vincenzo is an Associate Researcher at the MIT Media Lab and serves as a committee member on the Black Hat Conference board. Vincenzo co-authored the “iOS Hacker’s Handbook” (Wiley, 2012) and the winning attacks against Firefox, iOS and Blackberry OS at Pwn2Own between 2010-2012.