Cybersecurity industry and enterprises were shaken with July 2024 CrowdStrike incident, in which its boot time driver failed, bricking systems worldwide and causing billions of dollars in damage. In addition to this making executives’ reading list, drivers continue to end up on analysts’ radar too as variety of Malware is also known to exploit and abuse Drivers. Enterprises began asking, do I've Kernel driver that I don't know about that makes me vulnerable to such impactful incidents? This talk brings forward a customized solution delivered via Tanium – using which attendees will be able to discover drivers in their environment, see if they're expected/authorized. Remediate the unexpected/have greater awareness of their environment and critical points to be watchful of that can cause aforementioned crippling outage in their environment. Attendees will not only learn about this specific use case but also about custom sensor development and ability to run code (and retrieve its output) at scale using Tanium.

Additional details: