Malicious Traffic: Understanding What Does and Doesn’t Belong on Your Unique Net

Logo
Presented by

Rick Fernandez (LogRhythm) and Randy Franklin Smith (UWS)

About this talk

Too often, when looking for malicious network traffic, you either search for known bad network traffic or investigate anomalous traffic that doesn’t look normal. That reactive approach is time consuming, and potentially over-reliant on searching for larger concerns. Fortunately, new solutions use advanced network analytics to proactively identify, enrich and alert on malicious traffic. Why is this important? Detecting known bad network traffic is great when it works, but it’s a lot like signature-based AV (which is rigid and unable to detect unknown threats). Often it is only really effective for widespread, generalized attacks – not so great for unique targeted attacks. Further, there’s an indefinite amount of time before the malicious traffic signature, domain name or IP makes it into the pattern updates and threat intel feeds from your vendors. Detecting anomalous traffic can address the aforementioned weaknesses, but in practice it depends heavily on how – and how well – you define anomalous traffic, and how quickly (accurately) you can spot it. Security practitioners are getting better by the day at looking for anomalies. Here’s just a few we’ll focus on in our webinar: - Unrecognized port protocol numbers - Malformed/non-compliant traffic compared to protocol expected on known port - Protocols you don’t want or at least don’t expect to see in the given context - Disproportionate inbound/outbound bandwidth usage for a given endpoint - Suspicious Destination/Source IP combinations In this webinar, Randy Franklin Smith (of Ultimate Windows Security) and Rick Fernandez (of LogRhythm) will explore how to analyze your network so that you can learn and understand its traffic patterns and get a handle for what’s normal. You’ll then be able to take this information and look for anomalous traffic, build known-bad detections and make your network detection and response (NDR) technologies and efforts smarter.
Related topics:

More from this channel

Upcoming talks (2)
On-demand talks (259)
Subscribers (76735)
LogRhythm helps security teams stop breaches by turning disconnected data and signals into trustworthy insights. From connecting the dots across diverse log and threat intelligence sources to using sophisticated machine learning that spots suspicious anomalies in network traffic and user behavior, LogRhythm accurately pinpoints cyberthreats and empowers professionals to respond with speed and efficiency. With cloud-native and self-hosted deployment flexibility, out-of-the-box integrations, and advisory services, LogRhythm makes it easy to realize value quickly and adapt to an ever-evolving threat landscape. Together, LogRhythm and our customers confidently monitor, detect, investigate, and respond to cyberattacks. Learn more at logrhythm.com