How National Grid gains rich attacker insight from Threat Response alerts

Logo
Presented by

Frank Furlo, Principal CSIRT Analyst, National Grid and Scott McCarthy, Senior SOAR Engineer, National Grid

About this talk

Alert fatigue and desensitization, high false-positives, confirmation bias...sound familiar? One-for-one alerting models come with a lengthy list of cons compared to pros. For National Grid’s CSIRT team, too many questions were left unanswered. It was time for a more in-depth analysis of their attack surface. Leveraging their Tanium instance and the ‘Tanium MITRE Rule,’ they were able to apply additional correlation logic that reduced false positives, increased alert abilities, and get the most out of the telemetry coming from Tanium. Watch this short presentation to learn more.
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (100)
Subscribers (7402)
Tanium delivers the industry's only true real-time cloud-based endpoint management and security offering. Its converged endpoint management (XEM) platform is real-time, seamless, and autonomous, allowing security-conscious organizations to break down silos between IT and Security operations that results in reduced complexity, cost, and risk.