Automating SecOps - Monitoring & Triage for EDR Events

Presented by

Tim Wenzlau, Product Manager and Mike Reynold, Product Marketing

About this talk

Endpoint Detection and Response (EDR) provides security organizations with highly accurate, detailed, low-level OS information, by way of 10s of thousands of events per day. EDR is a key piece for optimal security posture, however, monitoring requires deep OS and security expertise to achieve a quick and effective response. Many organizations have Tier 1 analysts swiveling between consoles, generating manual queries, and incorporating other context and security events; a method that often leaves security teams with more alerts than they can manage. By automating the monitoring & triage of EDR events with Robotic Decision Automation (RDA), security teams can focus on their response actions and other areas that reduce business risk. In this session, you'll learn how Respond Software uses RDA to enhance EDR data by: - Monitoring attacks in realtime - Eliminating false positives using probabilistic models - Leveraging multiple security data sources and automated analysis
Related topics:

More from this channel

Upcoming talks (3)
On-demand talks (346)
Subscribers (127380)
Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response services. By scaling decades of frontline experience, Mandiant helps organizations to be confident in their readiness to defend against and respond to cyber threats. Mandiant is now part of Google Cloud.