How National Grid gains rich attacker insight from Threat Response alerts

Logo
Presented by

Frank Furlo, Principal CSIRT Analyst, National Grid and Scott McCarthy, Senior SOAR Engineer, National Grid

About this talk

Alert fatigue and desensitization, high false-positives, confirmation bias...sound familiar? One-for-one alerting models come with a lengthy list of cons compared to pros. For National Grid’s CSIRT team, too many questions were left unanswered. It was time for a more in-depth analysis of their attack surface. Leveraging their Tanium instance and the ‘Tanium MITRE Rule,’ they were able to apply additional correlation logic that reduced false positives, increased alert abilities, and get the most out of the telemetry coming from Tanium. Watch this short presentation to learn more.

Related topics:

More from this channel

Upcoming talks (8)
On-demand talks (46)
Subscribers (1622)
Tanium provides real-time visibility and comprehensive control so you can quickly respond to whatever comes next. Bring greater agility and efficiency to your organization with endpoint knowledge, manageability, and security. See our latest online events, webinars, and more.