[SANS Webcast Recap] The Real “F-Word”: False Positives

[SANS Webcast] The Real “F-Word”

Understanding the Source of False Positives from EDR Systems & How to Ease the Pain

False positives can be overwhelming. With a finite number of hours in the day and a limited amount of resources, it’s a daily challenge to validate the vast number of alerts coming into the organization. One source of these alerts, EDR systems.

Advancements in EDR technology have improved detection rates over the past several years, which is a good thing! But increased detection rates do not come without their tradeoffs.

Our customers are seeing a high number of alerts coming in from their EDR system. “We’ll see files that our EDR says are malicious and should be blocked. But when we look at the surface information, they sometimes appear to be benign.”

This level of manual investigation for every alert coming in from an EDR system puts a strain on the security organization. In this webcast learn how to introduce an automated process to reduce the number of alerts coming in from your EDR system without having to sacrifice your detection rate.

In this webcast you’ll learn…

  • Expectations vs reality of EDR solutions
  • Why you might be experiencing many false positives and why it matters
  • Why behavioral insights are important

Featured speakers:

Jake Williams – SANS

Andrey Voitenko – VMRay

Additional resources:

Introducing VMRay Analyzer

Augment your EDR with VMRay Analyzer 

Autonomous Response to critical malware alerts

VMRay + Palo Alto Networks       JOINT WEBINAR