Hi [[ session.user.profile.firstName ]]

Rise Above Complex Workflows: Practical Ways to Accelerate Incident Response

Does your security investigation and incident response workflow "spark joy," or does it just leave you with more questions that are tough to answer? How do you improve your current data collection, tools, and workflows? In this session, ExtraHop’s VP of Cyber Security Engineering, Matt Cauthorn, will provide practical advice for how to identify areas for improvement in your incident response practice. Learn how Network Traffic Analysis can provide the visibility and data access needed to take investigations from many hours to just a few clicks.
Recorded Feb 15 2019 61 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Matt Cauthorn, ExtraHop Networks; Paul Asadoorian. Security Weekly; Matt Alderman, Security Weekly
Presentation preview: Rise Above Complex Workflows: Practical Ways to Accelerate Incident Response

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Diversify Defense — Improving Cybersecurity Through Smart Consolidation Recorded: Oct 15 2019 53 mins
    Jeff Costlow, Deputy CISO, ExtraHop & Craig Balding of CSA
    The rush to innovate has resulted in more sophisticated threat defenses, but it has also created a complex web of tools that must be managed by an already overworked and understaffed security team. Heterogeneity of defense systems is itself a defense, so modern security teams need to approach consolidation differently.

    In this session, Jeff Costlow, Deputy CISO at ExtraHop will give an abbreviated version of his keynote presentation at the upcoming CSA Summit at (ISC)² and share insights about how data-first approaches and cross-collaboration improve security posture and help reduce tool sprawl.
  • Nice to Have or Have to Have? The Case for Cyber Insurance Recorded: Oct 10 2019 59 mins
    John Smith, Prin. Sec. Engr, ExtraHop; Sean Scranton, RLI Cyber; William Boeck, Lockton; Brandon Dunlap, Moderator
    More and more companies are offering cyber insurance policies to help mitigate the financial losses an organization might suffer from a cyber incident. With the increase in breaches, intrusions and ransomware incidents, cyber insurance could be right for your organization as a part of the risk mitigation strategy. But there’s a lot of confusion for organizations in determining what a company’s exposure is and what exceptions and exclusions might be in a policy. Organizations are almost forced to think like an underwriter to address these concerns. Join ExtraHop and (ISC)2 October 10, 2019 at 1PM Eastern for a discussion on cyber insurance, demystifying the current insurance landscape and what are the right questions to answer.
  • ExtraHop Reveal(x) Expands Attack Investigations to Cover All Vectors Recorded: Oct 3 2019 57 mins
    Tom Stitt, Senior Director of Security Product Marketing at ExtraHop Networks and Dave Shackleford, Analyst at SANS
    ExtraHop Reveal(x) is a Network Detection and Response (NDR) system that provides machine learning-driven detection and guided investigation. ExtraHop's platform discovers and maps all connections, devices, users and dependencies in an environment, grouped by how critical they are to a business, so that everything that matters to an organization can be seen in one intuitive interface. In this SANS webcast, expert Dave Shackleford and Tom Stitt from ExtraHop, discuss how Reveal(x) can help an organization evaluate threat activity in multiple scenarios, and how key new features make doing so easier than ever. Among the features we'll explore are:

    - Interface improvements that provide better insight into the environment
    - Detections, metrics and records that reveal systemic weakness
    - Machine learning that bolsters overall security and the platform's ability to monitor and respond to threats
  • NetSecOps - Scaling Your Security Talent Recorded: Sep 30 2019 60 mins
    Tom Stitt, Senior Director of Security Product Marketing at ExtraHop Networks
    With an ever-increasing security skills gap, how do you scale your existing security resources, effectively analyze data, and decide when to act vs. when to automate response? In this webinar, Paul Asadoorian and Matt Alderman will discuss the challenges and opportunities facing security and IT teams when it comes to scaling talent. Tom Stitt, Senior Director of Security Product Marketing from ExtraHop, will discuss holistic and innovative methods of addressing the skills gap, including topics such as:

    - When to lean on the IT team to notice strange behavior on the network, plus strategies for consolidating data and tools
    - How to evaluate machine learning offerings that claim to make life easier on security analysts, but may not actually demonstrate value
    - How to determine where automated response capabilities will help your team the most, and evaluate potential tools accordingly
  • ISSA International Series: New Trends in Security - Outsourcing and Other Tech Recorded: Sep 24 2019 82 mins
    ISSA International
    As deployment models evolve so does the need for our responses. With technology such as Cloud, containers, and rapid update deployment rolling out, what's going on with security?
  • Black Hat Webcast Series: Ransomware Network Behavior and Defense Recorded: Sep 23 2019 70 mins
    Vince Stross, Principal Security SE at ExtraHop Networks; Sherri Davidoff, CEO at Brightwise & LMG Security
    Ransomware has evolved. The advance of targeted attack tools like Ryuk, Dharma and BitPaymer have paved the way for massive demands of six-figures or more. Often, criminals lurk inside corporate networks for weeks or months, analyzing financial data in order to set the ransom price. Modern ransomware strains such as Sodinokobi have exploit kits built in, enabling them to automatically spread laterally throughout a network prior to detonation.

    Advanced features include key differentiation and new tactics designed to evade your monitoring systems. Driven by the success of GandCrab and similar strains, ransomware-as-a-service is booming, with a flood of new products competing on the dark web. Other new ransomware strains have been rushed to market, resulting in sloppy coding that can accidentally render your data unrecoverable no matter what you pay.

    We’ll show you the latest ransomware in action, with videos and screenshots from actual cases, and discuss strategies for monitoring and detecting ransomware, including mistakes to avoid and tactics for thwarting the stealthiest new threats.
  • Achieving Cloud Visibility With Cloud-Native Network Detection & Response Recorded: Aug 29 2019 52 mins
    Amelie Darchicourt, Cloud Product Marketing Manager & Eric Thomas, Director of Cloud Product Marketing, ExtraHop
    Without native network visibility in the cloud, enterprises have been limited to log or agent centric tools to support their cloud migration and to secure their workloads, making it challenging to detect and investigate complex threats in a timely manner. The introduction of Microsoft Azure V-Tap and Amazon VPC Traffic Mirroring finally provides access to context-rich network data for threat detection, investigation and response.

    Join this webinar to learn how to gain visibility in your cloud workloads by leveraging the new network tap features released by the leading public cloud providers. During this session, Amelie Darchicourt, Cloud Product Marketing Manager at ExtraHop, will present the benefits of adopting a cloud-first approach to Network Detection and Response (NDR) and will share insights about how SecOps teams can hold up their side of the shared responsibility model and deliver unified security across the hybrid attack surface.
  • Best Practices for Network Security Threat Hunting with ExtraHop and Ixia Recorded: Aug 26 2019 58 mins
    Tanner Payne, Sr. Sales Engineer at ExtraHop; Greg Copeland, Director of BizDev at Ixia
    Learn how you can go beyond the traditional perimeter security provided by a firewall, IPS, etc. to actively search for threats that have infiltrated your network.

    Threat hunting looks at data at rest (e.g. data lakes) and at data on the move (i.e. the data flowing in and out of servers). This capability allows you to deploy a solution to either analyze data in real-time or at a later date to determine if your network has been compromised.

    This webinar will define the benefits of threat hunting and best practices for deployment of threat hunting.
  • Integrated Incident Response: A Panel Discussion about the SANS 2019 IR Survey Recorded: Aug 7 2019 56 mins
    Matt Bromiley, Digital Forensics and IR instructor at SANS; John Smith, Principal Engineer at ExtraHop Networks
    This webcast takes a deeper dive into the results of the SANS 2019 Incident Response (IR) Survey. A panel moderated by SANS Digital Forensics and Incident Response instructor Matt Bromiley and representatives from DomainTools and ExtraHop will explore major themes developed during analysis of the survey results.
  • Let’s Work Together! How to Drive SecOps and NetOps Collaboration Recorded: Jul 18 2019 59 mins
    John Smith, Princ Sales Eng, ExtraHop; Caroline Saxon, Sr Advisor to CIO, TSYS; Glenn Leifheit, Microsoft; B. Dunlap
    The siloed, standalone operations of security operations (SecOps) and network operations (NetOps) resulted in teams with their own culture, technologies, processes, skillsets and lexicons. When SecOps and NetOps each have their own tools and workflows, this results in slower detection and response, higher costs and an ineffective use of cybersecurity personnel. Security has also become complex, fast moving and critical to all organizations and it no longer makes sense for the two functions to remain siloed. Join ExtraHop and (ISC)2 on July 18, 2019 at 1:00PM Eastern for a discussion on how to increase collaboration between SecOps and NetOps and the benefits derived from that.
  • Common and Best Practices for Security Operations Centers: Panel Discussion Recorded: Jul 11 2019 62 mins
    Jeff Costlow (Deputy CISO at ExtraHop Networks), John Pescatore (Director of Emerging Technologies at SANS)
    This webcast digs more deeply into the results of the SANS 2019 SOC Survey. A panel moderated by SANS Director of Emerging Technologies John Pescatore and comprised of survey author Chris Crowley and representatives from ExtraHop, Siemplify and ThreatConnect will touch on key themes developed through analyzing the results of the survey.

    Key areas of discussion include:

    - Best practices of those organizations that are able to maintain accurate and up-to-date asset inventories on-premises and in the cloud
    - Best practices of SOC managers who have successfully incorporated SOAR technologies and metrics that show measurable business benefit
    - Areas of SOC operations impacted by staffing concerns and definitions of those concerns as a quantity or skills problem
  • How To Increase MITRE ATT&CK Coverage with Network Traffic Analysis Recorded: Jun 24 2019 63 mins
    John Smith, Principal Sales Engineer at ExtraHop; Chris Crowley, Senior Instructor at SANS
    The MITRE ATT&CK Framework is a useful tool for SecOps teams trying to understand their security posture against common adversary tactics, techniques, and procedures (TTPs). In this presentation you'll learn how to take your ATT&CK understanding and coverage to the next level with network traffic analysis. You'll also learn:

    - Key tips for understanding the MITRE ATT&CK Framework and how to use it as a tool to improve your security posture.
    - What the framework is optimized for, and where it has room to grow
    - Which security tools and data sources you'll need to achieve the best coverage against TTPs in all 12 categories of the MITRE ATT&CK Framework
  • How to Speed Incident Response with Network Data Recorded: Jun 4 2019 33 mins
    Matt Cauthorn, VP Sales Engineering, Security Evangelist at ExtraHop Networks
    Investigating and responding to security incidents can take hours or days if analysts are forced to manually correlate data and contact other teams to access secondary system logs or even packet captures they need to be confident about what actually happened.

    In this SC Media-hosted webinar, we step through a rapid, end-to-end investigation and response process, from early breach detection to forensic analysis in just minutes, relying on Network Traffic Analysis for authoritative and detailed data.

    - Identify which devices and users were involved in an incident
    - Dig into transaction records and layer 7 payloads to see exactly what users and resources were involved
    - Access packets and decryption keys for incontrovertible proof and root cause analysis
  • Becoming a Threat Hunter in Your Enterprise Recorded: May 15 2019 63 mins
    Jeff Costlow, ExtraHop; John Sawyer, IOActive
    For years, most IT security organizations have waited to detect new threats and then moved swiftly to defend against them. Today, however, there is a new wave of “threat hunting,” in which the security team takes a more proactive approach --seeking out potential threats before the attackers have a chance to act. How do enterprises build threat hunting programs? How do they staff them, and what tools do they need? What skills and training does a great threat hunter need? In this Dark Reading webinar, a top expert discusses the process for building a threat hunting program, and for optimizing the efforts of designated threat hunters in the organization.

    When you attend this webinar, you will learn:
    - What tools must be in any threat hunter's toolbox
    - How to identify the telltale signs of threat activity, and where to go looking for them
    - What skills and qualities make the best threat hunters
    - When threat hunting is the best option, and when it isn't
    - How to build an efficient threat hunting program (even when you have too much threat intelligence to weed through, and too few security staff to do the weeding)
  • SANS Webinar: The State of Cloud Security - Panel Discussion Recorded: May 12 2019 62 mins
    Jim Reavis, CEO & Co-Founder (Cloud Security Alliance), Eric Thomas, Director of Cloud Products (ExtraHop Networks)
    This webcast digs more deeply into the results of the SANS 2019 Cloud Security Survey, conducted in cooperation with the Cloud Security Alliance. A panel comprised of survey author Dave Shackleford and representatives from ExtraHop and Sysdig will touch on key themes developed through analyzing the results of the survey.
  • Black Hat Webinar: Securing Active Directory Administration Recorded: Apr 22 2019 61 mins
    Sean Metcalf, Trimarc (Founder and Principal Consultant) and Vince Stross, ExtraHop Networks (Principal Security SE)
    Organizations have been forced to adapt to the new reality: Anyone can be targeted and many can be compromised. This has been the catalyst for many to tighten up operations and revamp ancient security practices. They bought boxes that blink and software that floods the SOC with alerts.

    Is it enough? The overwhelming answer is: No.

    This Black Hat-hosted presentation will:
    - explore typical administration methods and how attackers exploit them
    - provide the best methods of secure administration to protect privileged credentials
  • Practical Advice for the Proactive SOC: How to Escape The Vicious Cycle of React Recorded: Apr 17 2019 56 mins
    ISSA International
    In this session, ExtraHop Deputy CISO Jeff Costlow will discuss how security operations teams can escape the cycle of reactivity characterized by constantly responding to a flood of alerts, and move toward a more proactive stance by using the right data sources and workflows, driven by network traffic analysis, to focus on developing proactive capabilities like continuous encryption auditing, policy auditing, and more advanced use cases like threat hunting.

    Mikhael Felker, Director of Information Security & Risk Management for Farmers Insurance

    Jeff Costlow, CISO, ExtraHop
    Michael Wylie, Director of Cybersecurity Services, Richey May Technology Solutions.
  • Encryption is Eating The Enterprise: Learn How To Thrive In The Age Of TLS 1.3 Recorded: Mar 19 2019 61 mins
    Paula Musich, Enterprise Management Associates (EMA); Barbara Kay, ExtraHop Networks; and Bri Hatch, ExtraHop Networks
    Groundbreaking new research from Enterprise Management Associates (EMA) shows that encryption is rolling out quickly, with 76% of respondents encrypting within the enterprise network, 71% within the data center, and 58% encrypting email, followed by 55% encrypting web services.

    According to the survey of IT respondents responsible for security, companies are adopting wildly divergent strategies on what, where, and how much to encrypt, how to decrypt, and which standards to use.

    It’s not a simple topic, especially when you add in factors including cloud, TLS 1.3, and regulations. The choices made in implementation can restrict incident response, business risk management, and application security. Poor decisions can be expensive and difficult to fix.

    Join us for a practical discussion with EMA Research Director Paula Musich, ExtraHop Director of IT Operations Bri Hatch, and ExtraHop Head of Security Product Marketing Barbara Kay

    - Research findings will help you gain support for a proactive plan and avoid retrofitting security
    - Security pros will learn what to consider and prioritize and how to engage productively with IT
    - IT and application teams will understand the visibility, performance, and security implications of different approaches to encryption and decryption
  • ExtraHop #3: How to Succeed at Threat Hunting & IR: Think Differently about Data Recorded: Mar 12 2019 59 mins
    Matt Cauthorn, VP of Cyber Security Engineering, ExtraHop; Brandon Dunlap, Moderator
    Two pillars of a successful and proactive SOC are threat hunting and incident response. The use of network traffic analysis can help improve performance in these two areas. This webcast will examine threat hunting and incident response and how network traffic analysis can make Tier 1 and Tier 3 analysts faster and more effective at validating, investigating, and responding to threats and security incidents
  • 72-Hours-to-Disclose Survival Guide Recorded: Feb 26 2019 58 mins
    John Pescatore (SANS) and John Matthews (ExtraHop Networks)
    72-Hours-to-Disclose Survival Guide: Accurate Scoping and Impact Assessment of Breaches

    With data breach reporting requirements tightening, there even greater pressure on incident response teams to understand the scope and impact of an incident. This webinar will discuss the role that network traffic analysis can play in speeding up incident response. You will learn how network traffic analysis can provide the context needed to empower your analysts to quickly investigate incidents and get definitive answers.
Automating and streamlining security investigations.
This channel provides educational webinars about security analytics and investigation automation, and product info about ExtraHop Reveal(x), the network security analytics platform powered by AI, providing unprecedented visibility, advanced behavioral analytics, and investigation automation capabilities. Using real-time analytics and ML-driven anomaly detection, ExtraHop Reveal(x) enables security teams to accelerate investigations, reduce false positives, and optimize the capabilities of expert security analysts. To learn more visit www.extrahop.com/revealx

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Rise Above Complex Workflows: Practical Ways to Accelerate Incident Response
  • Live at: Feb 15 2019 9:55 pm
  • Presented by: Matt Cauthorn, ExtraHop Networks; Paul Asadoorian. Security Weekly; Matt Alderman, Security Weekly
  • From:
Your email has been sent.
or close