Automating SecOps - Monitoring & Triage for EDR Events
Title: Automating SecOps - Monitoring & Triage for EDR Events
Presenters: Tim Wenzlau, Product Manager and Mike Reynold, Product Marketing
Endpoint Detection and Response (EDR) provides security organizations with highly accurate, detailed, low-level OS information, by way of 10s of thousands of events per day. EDR is a key piece for optimal security posture, however, monitoring requires deep OS and security expertise to achieve a quick and effective response. Many organizations have Tier 1 analysts swiveling between consoles, generating manual queries, and incorporating other context and security events; a method that often leaves security teams with more alerts than they can manage.
By automating the monitoring & triage of EDR events with Robotic Decision Automation (RDA), security teams can focus on their response actions and other areas that reduce business risk.
In this session, you'll learn how Respond Software uses RDA to enhance EDR data by:
- Monitoring attacks in realtime
- Eliminating false positives using probabilistic models
- Leveraging multiple security data sources and automated analysis