The Real "F-Word": Understanding the Source of False Positives from EDR Systems & How to Ease the Pain

Thursday, 20 Jan 2022 3:30PM EST (20 Jan 2022 20:30 UTC)
Speakers: Jake Williams, Andrey Voitenko, VMRay

Security teams are overwhelmed. With a finite number of hours in the day and a limited amount of resources, it's a daily challenge to validate the vast number of alerts coming into the organization. One source of these alerts, EDR systems.

Advancements in EDR technology have improved detection rates over the past several years, which is a good thing! But increased detection rates do not come without their tradeoffs.

Our customers are seeing a high number of alerts coming in from their EDR system. "We'll see files that our EDR says are malicious and should be blocked. But when we look at the surface information, they sometimes appear to be benign."

This level of manual investigation for every alert coming in from an EDR system puts a strain on the security organization. In this webcast learn how to introduce an automated process to reduce the number of alerts coming in from your EDR system without having to sacrifice your detection rate.

Viewers of this webcast will learn what tools you can use to validate alerts and how to automate the process.