ThreatFeed
Linkedin-in Youtube Facebook-f
VMRay Pricing
Try VMRay

SANS Webcast: The Real “F-Word”: Understanding the source of false positives

[SANS Webcast] The Real “F-Word”

Understanding the Source of False Positives from EDR Systems & How to Ease the Pain

False positives can be overwhelming. With a finite number of hours in the day and a limited amount of resources, it’s a daily challenge to validate the vast number of alerts coming into the organization. One source of these alerts, EDR systems.

Advancements in EDR technology have improved detection rates over the past several years, which is a good thing! But increased detection rates do not come without their tradeoffs.

Our customers are seeing a high number of alerts coming in from their EDR system. “We’ll see files that our EDR says are malicious and should be blocked. But when we look at the surface information, they sometimes appear to be benign.”

This level of manual investigation for every alert coming in from an EDR system puts a strain on the security organization. In this webcast learn how to introduce an automated process to reduce the number of alerts coming in from your EDR system without having to sacrifice your detection rate.

In this webcast you’ll learn…

  • Expectations vs reality of EDR solutions
  • Why you might be experiencing many false positives and why it matters
  • Why behavioral insights are important

Featured speakers:

Jake Williams – SANS

Andrey Voitenko – VMRay

Additional resources:

Introducing VMRay Analyzer

Augment your EDR with VMRay Analyzer

Try VMRay

Covered in The Webinar

About The Speakers

No data found
Patrick Staubmann

Threat Researcher

Patrick Staubmann joined VMRay as a threat researcher back in 2019. As part of the Threat Analysis team, he continuously researches the threat landscape and conducts analyses of malware samples in depth. To further improve the companies’ product, he also extends its detection capabilities in form of behaviour-based rules, YARA rules, and configuration extractors. He is especially interested in reverse-engineering, low-level system security and exploitation.

Fatih Akar

Security Product Manager

As the Security Product Manager of VMRay, Fatih Akar leads the Advanced Threat Detection & Analysis related product initiatives. Before joining the products team, he worked as a Solution Engineer at VMRay, liaising between customers, quality assurance, and product management. Before joining VMRay, Fatih held various security engineering roles in large enterprises which operate in multi-national locations.

Explore Valuable Cybersecurity Resources

Request A Free Trial Now

Subscribe to our Newsletter:

Linkedin-in Youtube Facebook-f

Solutions

Products

Why VMRay

Resources

Missed the headlines?

We’re featured in:

image 15
image 16
image 17
image 18
© Copyright 2013-2025 VMRay

ThreatFeed

Linkedin-in Youtube Facebook-f
VMRay Pricing
Try VMRay

Tech Insights Deep Dive of April:
Detection Strategies & Operational Excellence

join VMRay for two powerhouse webinars designed to sharpen your threat detection and response capabilities — featuring a special joint session with Red Canary:

Live session's over. Watch the on-demand video to learn how VMRay and Red Canary combine forces to deliver faster, smarter threat detection!

Watch The Video

Learn how to cut phishing triage time with automated detonation and deep analysis — quickly uncover threats while improving response accuracy!

Watch The Video