Automating and streamlining security investigations.
This channel provides educational webinars about security analytics and investigation automation, and product info about ExtraHop Reveal(x), the network security analytics platform powered by AI, providing unprecedented visibility, advanced behavioral analytics, and investigation automation capabilities. Using real-time analytics and ML-driven anomaly detection, ExtraHop Reveal(x) enables security teams to accelerate investigations, reduce false positives, and optimize the capabilities of expert security analysts. To learn more visit www.extrahop.com/revealx
John Smith, Princ Sales Eng, ExtraHop; Caroline Saxon, Sr Advisor to CIO, TSYS; Glenn Leifheit, Microsoft; B. Dunlap
The siloed, standalone operations of security operations (SecOps) and network operations (NetOps) resulted in teams with their own culture, technologies, processes, skillsets and lexicons. When SecOps and NetOps each have their own tools and workflows, this results in slower detection and response, higher costs and an ineffective use of cybersecurity personnel. Security has also become complex, fast moving and critical to all organizations and it no longer makes sense for the two functions to remain siloed. Join ExtraHop and (ISC)2 on July 18, 2019 at 1:00PM Eastern for a discussion on how to increase collaboration between SecOps and NetOps and the benefits derived from that.
Jeff Costlow (Deputy CISO at ExtraHop Networks), John Pescatore (Director of Emerging Technologies at SANS)Recorded: Jul 11 201962 mins
This webcast digs more deeply into the results of the SANS 2019 SOC Survey. A panel moderated by SANS Director of Emerging Technologies John Pescatore and comprised of survey author Chris Crowley and representatives from ExtraHop, Siemplify and ThreatConnect will touch on key themes developed through analyzing the results of the survey.
Key areas of discussion include:
- Best practices of those organizations that are able to maintain accurate and up-to-date asset inventories on-premises and in the cloud
- Best practices of SOC managers who have successfully incorporated SOAR technologies and metrics that show measurable business benefit
- Areas of SOC operations impacted by staffing concerns and definitions of those concerns as a quantity or skills problem
John Smith, Principal Sales Engineer at ExtraHop; Chris Crowley, Senior Instructor at SANSRecorded: Jun 24 201963 mins
The MITRE ATT&CK Framework is a useful tool for SecOps teams trying to understand their security posture against common adversary tactics, techniques, and procedures (TTPs). In this presentation you'll learn how to take your ATT&CK understanding and coverage to the next level with network traffic analysis. You'll also learn:
- Key tips for understanding the MITRE ATT&CK Framework and how to use it as a tool to improve your security posture.
- What the framework is optimized for, and where it has room to grow
- Which security tools and data sources you'll need to achieve the best coverage against TTPs in all 12 categories of the MITRE ATT&CK Framework
Matt Cauthorn, VP Sales Engineering, Security Evangelist at ExtraHop NetworksRecorded: Jun 4 201933 mins
Investigating and responding to security incidents can take hours or days if analysts are forced to manually correlate data and contact other teams to access secondary system logs or even packet captures they need to be confident about what actually happened.
In this SC Media-hosted webinar, we step through a rapid, end-to-end investigation and response process, from early breach detection to forensic analysis in just minutes, relying on Network Traffic Analysis for authoritative and detailed data.
- Identify which devices and users were involved in an incident
- Dig into transaction records and layer 7 payloads to see exactly what users and resources were involved
- Access packets and decryption keys for incontrovertible proof and root cause analysis
Jeff Costlow, ExtraHop; John Sawyer, IOActiveRecorded: May 15 201963 mins
For years, most IT security organizations have waited to detect new threats and then moved swiftly to defend against them. Today, however, there is a new wave of “threat hunting,” in which the security team takes a more proactive approach --seeking out potential threats before the attackers have a chance to act. How do enterprises build threat hunting programs? How do they staff them, and what tools do they need? What skills and training does a great threat hunter need? In this Dark Reading webinar, a top expert discusses the process for building a threat hunting program, and for optimizing the efforts of designated threat hunters in the organization.
When you attend this webinar, you will learn:
- What tools must be in any threat hunter's toolbox
- How to identify the telltale signs of threat activity, and where to go looking for them
- What skills and qualities make the best threat hunters
- When threat hunting is the best option, and when it isn't
- How to build an efficient threat hunting program (even when you have too much threat intelligence to weed through, and too few security staff to do the weeding)
Jim Reavis, CEO & Co-Founder (Cloud Security Alliance), Eric Thomas, Director of Cloud Products (ExtraHop Networks)Recorded: May 12 201962 mins
This webcast digs more deeply into the results of the SANS 2019 Cloud Security Survey, conducted in cooperation with the Cloud Security Alliance. A panel comprised of survey author Dave Shackleford and representatives from ExtraHop and Sysdig will touch on key themes developed through analyzing the results of the survey.
Sean Metcalf, Trimarc (Founder and Principal Consultant) and Vince Stross, ExtraHop Networks (Principal Security SE)Recorded: Apr 22 201961 mins
Organizations have been forced to adapt to the new reality: Anyone can be targeted and many can be compromised. This has been the catalyst for many to tighten up operations and revamp ancient security practices. They bought boxes that blink and software that floods the SOC with alerts.
Is it enough? The overwhelming answer is: No.
This Black Hat-hosted presentation will:
- explore typical administration methods and how attackers exploit them
- provide the best methods of secure administration to protect privileged credentials
In this session, ExtraHop Deputy CISO Jeff Costlow will discuss how security operations teams can escape the cycle of reactivity characterized by constantly responding to a flood of alerts, and move toward a more proactive stance by using the right data sources and workflows, driven by network traffic analysis, to focus on developing proactive capabilities like continuous encryption auditing, policy auditing, and more advanced use cases like threat hunting.
Mikhael Felker, Director of Information Security & Risk Management for Farmers Insurance
Jeff Costlow, CISO, ExtraHop
Michael Wylie, Director of Cybersecurity Services, Richey May Technology Solutions.
Paula Musich, Enterprise Management Associates (EMA); Barbara Kay, ExtraHop Networks; and Bri Hatch, ExtraHop NetworksRecorded: Mar 19 201961 mins
Groundbreaking new research from Enterprise Management Associates (EMA) shows that encryption is rolling out quickly, with 76% of respondents encrypting within the enterprise network, 71% within the data center, and 58% encrypting email, followed by 55% encrypting web services.
According to the survey of IT respondents responsible for security, companies are adopting wildly divergent strategies on what, where, and how much to encrypt, how to decrypt, and which standards to use.
It’s not a simple topic, especially when you add in factors including cloud, TLS 1.3, and regulations. The choices made in implementation can restrict incident response, business risk management, and application security. Poor decisions can be expensive and difficult to fix.
Join us for a practical discussion with EMA Research Director Paula Musich, ExtraHop Director of IT Operations Bri Hatch, and ExtraHop Head of Security Product Marketing Barbara Kay
- Research findings will help you gain support for a proactive plan and avoid retrofitting security
- Security pros will learn what to consider and prioritize and how to engage productively with IT
- IT and application teams will understand the visibility, performance, and security implications of different approaches to encryption and decryption
Matt Cauthorn, VP of Cyber Security Engineering, ExtraHop; Brandon Dunlap, ModeratorRecorded: Mar 12 201959 mins
Two pillars of a successful and proactive SOC are threat hunting and incident response. The use of network traffic analysis can help improve performance in these two areas. This webcast will examine threat hunting and incident response and how network traffic analysis can make Tier 1 and Tier 3 analysts faster and more effective at validating, investigating, and responding to threats and security incidents
John Pescatore (SANS) and John Matthews (ExtraHop Networks)Recorded: Feb 26 201958 mins
72-Hours-to-Disclose Survival Guide: Accurate Scoping and Impact Assessment of Breaches
With data breach reporting requirements tightening, there even greater pressure on incident response teams to understand the scope and impact of an incident. This webinar will discuss the role that network traffic analysis can play in speeding up incident response. You will learn how network traffic analysis can provide the context needed to empower your analysts to quickly investigate incidents and get definitive answers.