How National Grid gains rich attacker insight from Threat Response alerts

Logo
Presented by

Frank Furlo, Principal CSIRT Analyst, National Grid and Scott McCarthy, Senior SOAR Engineer, National Grid

About this talk

Alert fatigue and desensitization, high false-positives, confirmation bias...sound familiar? One-for-one alerting models come with a lengthy list of cons compared to pros. For National Grid’s CSIRT team, too many questions were left unanswered. It was time for a more in-depth analysis of their attack surface. Leveraging their Tanium instance and the ‘Tanium MITRE Rule,’ they were able to apply additional correlation logic that reduced false positives, increased alert abilities, and get the most out of the telemetry coming from Tanium. Watch this short presentation to learn more.
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (93)
Subscribers (4853)
Tanium is the world’s first converged endpoint management solution: a single platform that can identify where all your data is, patch every device you own in seconds, implement critical security control tools and do it all within a single pane of glass. See our latest online events, webinars, and more. You can also find more on our website: www.tanium.com