Seattle Children's Gains Complete Citrix VDI Visibility with ExtraHop

Tired of stalled cloud migrations because of security concerns? Frustrated by a lack of visibility that leaves your data and applications exposed to threats?

Join this webinar and live Q&A to see how ExtraHop Reveal(x) Cloud helps enterprises like yours secure cloud workloads and accelerate cloud migration.

In just 30 minutes, we’ll show you how the only SaaS-based network detection and response (NDR) solution on Amazon Marketplace uses Amazon VPC Traffic Mirroring to provide complete visibility into network traffic.

Reveal(x) Cloud deploys instantly, passively analyzes network traffic, and delivers immediate asset discovery, real-time threat detection, and machine learning-powered responses.

Cloud-native NDR was the missing piece that prevented SecOps from completing Gartner’s SOC Cloud Visibility Triad. Learn how combining NDR, SIEM, and EDR makes it possible for SecOps to achieve a holistic approach to cloud security and eliminate the risks of misconfiguration, undetected attacks, lateral movement, and data exfiltration.

Security has become one of the most pressing issues for organizations that are moving to the cloud. In this webinar, industry analyst Fernando Montenegro from 451 Research and Rachel Pepple from ExtraHop will take us through the cloud security journey that many enterprises have been on during the past years, looking at the realities of the high points and low points. Based on this look back, Rachel and Fernando will then pivot to what organizations can expect in 2020, where investments should be made, what trends should be closely monitored, and what best practices security teams should consider for a stronger security posture in the cloud.

Tired of stalled cloud migrations because of security concerns? Frustrated by a lack of visibility that leaves your data and applications exposed to threats?

Join this webinar and live Q&A to see how ExtraHop Reveal(x) Cloud helps enterprises like yours secure cloud workloads and accelerate cloud migration.

In just 30 minutes, we’ll show you how the only SaaS-based network detection and response (NDR) solution on Amazon Marketplace uses Amazon VPC Traffic Mirroring to provide complete visibility into network traffic.

Reveal(x) Cloud deploys instantly, passively analyzes network traffic, and delivers immediate asset discovery, real-time threat detection, and machine learning-powered responses.

Cloud-native NDR was the missing piece that prevented SecOps from completing Gartner’s SOC Cloud Visibility Triad. Learn how combining NDR, SIEM, and EDR makes it possible for SecOps to achieve a holistic approach to cloud security and eliminate the risks of misconfiguration, undetected attacks, lateral movement, and data exfiltration.

The 2019 SANS Security Operations Center survey showed that SOC managers list lack of integration between security and IT and network operations as one of the major obstacles to both their effectiveness in dealing with evolving threats and their ability to efficiently protect the business in constrained budget environments. Less than 40% of SOC managers say that the SOC and the NOC are effectively integrated, and those who report higher levels of integration show improvement in reducing time to detect, respond and contain.

During this SANS What Works webcast Mitch Roberson, Director for Enterprise Systems at Curo Financial, will provide details of the selection and deployment of ExtraHops Reveal(x) to increase visibility into network traffic, gaining detailed and timely insight into performance and security issues and crossing organizational siloes by using a common tool and dashboard for application owners, network administrators and security analysts.

Join SANS Director of Emerging Security Trends John Pescatore and Mitch Roberson to hear details on the selection, deployment and experience using ExtraHop. The webcast will contain a discussion of lessons learned and best practices as well as detail the metrics used to demonstrate the value of improved email authentication and trust.

This webcast digs more deeply into the results of the SANS 2019 Threat Hunting Survey. Survey authors Mathias Fuchs and Joshua Lemon will discuss key themes that emerged during their analysis of survey results, joined by a panel of representatives from DomainTools, ExtraHop and ThreatConnect.

Speakers will share insights on such key issues as:
• Threat hunting as a defined role or a function of security
• Best practices for generating threat hunting hypotheses
• Measuring threat hunting success

Without native network visibility in the cloud, enterprises have been limited to log or agent centric tools to support their cloud migration and to secure their workloads, making it challenging to detect and investigate complex threats in a timely manner. The introduction of Microsoft Azure V-Tap and Amazon VPC Traffic Mirroring finally provides access to context-rich network data for threat detection, investigation and response.

Join this webinar to learn how to gain visibility in your cloud workloads by leveraging the new network tap features released by the leading public cloud providers. During this session, Amelie Darchicourt and Ryan Davis, Cloud Product Marketing Managers at ExtraHop, will present the benefits of adopting a cloud-native approach to Network Detection and Response (NDR) and will share insights about how SecOps teams can hold up their side of the shared responsibility model and deliver unified security across the hybrid attack surface.

The rush to innovate has resulted in more sophisticated threat defenses, but it has also created a complex web of tools that must be managed by an already overworked and understaffed security team. Heterogeneity of defense systems is itself a defense, so modern security teams need to approach consolidation differently.

In this session, Jeff Costlow, Deputy CISO at ExtraHop will give an abbreviated version of his keynote presentation at the upcoming CSA Summit at (ISC)² and share insights about how data-first approaches and cross-collaboration improve security posture and help reduce tool sprawl.

More and more companies are offering cyber insurance policies to help mitigate the financial losses an organization might suffer from a cyber incident. With the increase in breaches, intrusions and ransomware incidents, cyber insurance could be right for your organization as a part of the risk mitigation strategy. But there’s a lot of confusion for organizations in determining what a company’s exposure is and what exceptions and exclusions might be in a policy. Organizations are almost forced to think like an underwriter to address these concerns. Join ExtraHop and (ISC)2 October 10, 2019 at 1PM Eastern for a discussion on cyber insurance, demystifying the current insurance landscape and what are the right questions to answer.

ExtraHop Reveal(x) is a Network Detection and Response (NDR) system that provides machine learning-driven detection and guided investigation. ExtraHop's platform discovers and maps all connections, devices, users and dependencies in an environment, grouped by how critical they are to a business, so that everything that matters to an organization can be seen in one intuitive interface. In this SANS webcast, expert Dave Shackleford and Tom Stitt from ExtraHop, discuss how Reveal(x) can help an organization evaluate threat activity in multiple scenarios, and how key new features make doing so easier than ever. Among the features we'll explore are:

- Interface improvements that provide better insight into the environment
- Detections, metrics and records that reveal systemic weakness
- Machine learning that bolsters overall security and the platform's ability to monitor and respond to threats

With an ever-increasing security skills gap, how do you scale your existing security resources, effectively analyze data, and decide when to act vs. when to automate response? In this webinar, Paul Asadoorian and Matt Alderman will discuss the challenges and opportunities facing security and IT teams when it comes to scaling talent. Tom Stitt, Senior Director of Security Product Marketing from ExtraHop, will discuss holistic and innovative methods of addressing the skills gap, including topics such as:

- When to lean on the IT team to notice strange behavior on the network, plus strategies for consolidating data and tools
- How to evaluate machine learning offerings that claim to make life easier on security analysts, but may not actually demonstrate value
- How to determine where automated response capabilities will help your team the most, and evaluate potential tools accordingly

As deployment models evolve so does the need for our responses. With technology such as Cloud, containers, and rapid update deployment rolling out, what's going on with security?

Ransomware has evolved. The advance of targeted attack tools like Ryuk, Dharma and BitPaymer have paved the way for massive demands of six-figures or more. Often, criminals lurk inside corporate networks for weeks or months, analyzing financial data in order to set the ransom price. Modern ransomware strains such as Sodinokobi have exploit kits built in, enabling them to automatically spread laterally throughout a network prior to detonation.

Advanced features include key differentiation and new tactics designed to evade your monitoring systems. Driven by the success of GandCrab and similar strains, ransomware-as-a-service is booming, with a flood of new products competing on the dark web. Other new ransomware strains have been rushed to market, resulting in sloppy coding that can accidentally render your data unrecoverable no matter what you pay.

We’ll show you the latest ransomware in action, with videos and screenshots from actual cases, and discuss strategies for monitoring and detecting ransomware, including mistakes to avoid and tactics for thwarting the stealthiest new threats.

Without native network visibility in the cloud, enterprises have been limited to log or agent centric tools to support their cloud migration and to secure their workloads, making it challenging to detect and investigate complex threats in a timely manner. The introduction of Microsoft Azure V-Tap and Amazon VPC Traffic Mirroring finally provides access to context-rich network data for threat detection, investigation and response.

Join this webinar to learn how to gain visibility in your cloud workloads by leveraging the new network tap features released by the leading public cloud providers. During this session, Amelie Darchicourt, Cloud Product Marketing Manager at ExtraHop, will present the benefits of adopting a cloud-first approach to Network Detection and Response (NDR) and will share insights about how SecOps teams can hold up their side of the shared responsibility model and deliver unified security across the hybrid attack surface.

Learn how you can go beyond the traditional perimeter security provided by a firewall, IPS, etc. to actively search for threats that have infiltrated your network.

Threat hunting looks at data at rest (e.g. data lakes) and at data on the move (i.e. the data flowing in and out of servers). This capability allows you to deploy a solution to either analyze data in real-time or at a later date to determine if your network has been compromised.

This webinar will define the benefits of threat hunting and best practices for deployment of threat hunting.

This webcast takes a deeper dive into the results of the SANS 2019 Incident Response (IR) Survey. A panel moderated by SANS Digital Forensics and Incident Response instructor Matt Bromiley and representatives from DomainTools and ExtraHop will explore major themes developed during analysis of the survey results.

The siloed, standalone operations of security operations (SecOps) and network operations (NetOps) resulted in teams with their own culture, technologies, processes, skillsets and lexicons. When SecOps and NetOps each have their own tools and workflows, this results in slower detection and response, higher costs and an ineffective use of cybersecurity personnel. Security has also become complex, fast moving and critical to all organizations and it no longer makes sense for the two functions to remain siloed. Join ExtraHop and (ISC)2 on July 18, 2019 at 1:00PM Eastern for a discussion on how to increase collaboration between SecOps and NetOps and the benefits derived from that.

This webcast digs more deeply into the results of the SANS 2019 SOC Survey. A panel moderated by SANS Director of Emerging Technologies John Pescatore and comprised of survey author Chris Crowley and representatives from ExtraHop, Siemplify and ThreatConnect will touch on key themes developed through analyzing the results of the survey.

Key areas of discussion include:

- Best practices of those organizations that are able to maintain accurate and up-to-date asset inventories on-premises and in the cloud
- Best practices of SOC managers who have successfully incorporated SOAR technologies and metrics that show measurable business benefit
- Areas of SOC operations impacted by staffing concerns and definitions of those concerns as a quantity or skills problem

The MITRE ATT&CK Framework is a useful tool for SecOps teams trying to understand their security posture against common adversary tactics, techniques, and procedures (TTPs). In this presentation you'll learn how to take your ATT&CK understanding and coverage to the next level with network traffic analysis. You'll also learn:

- Key tips for understanding the MITRE ATT&CK Framework and how to use it as a tool to improve your security posture.
- What the framework is optimized for, and where it has room to grow
- Which security tools and data sources you'll need to achieve the best coverage against TTPs in all 12 categories of the MITRE ATT&CK Framework

Investigating and responding to security incidents can take hours or days if analysts are forced to manually correlate data and contact other teams to access secondary system logs or even packet captures they need to be confident about what actually happened.

In this SC Media-hosted webinar, we step through a rapid, end-to-end investigation and response process, from early breach detection to forensic analysis in just minutes, relying on Network Traffic Analysis for authoritative and detailed data.

- Identify which devices and users were involved in an incident
- Dig into transaction records and layer 7 payloads to see exactly what users and resources were involved
- Access packets and decryption keys for incontrovertible proof and root cause analysis