Hi [[ session.user.profile.firstName ]]

Practical Advice for the Proactive SOC: How to Escape The Vicious Cycle of React

In this session, ExtraHop Deputy CISO Jeff Costlow will discuss how security operations teams can escape the cycle of reactivity characterized by constantly responding to a flood of alerts, and move toward a more proactive stance by using the right data sources and workflows, driven by network traffic analysis, to focus on developing proactive capabilities like continuous encryption auditing, policy auditing, and more advanced use cases like threat hunting.

Moderator:
Mikhael Felker, Director of Information Security & Risk Management for Farmers Insurance

Speakers:
Jeff Costlow, CISO, ExtraHop
Michael Wylie, Director of Cybersecurity Services, Richey May Technology Solutions.
Recorded Apr 17 2019 56 mins
Your place is confirmed,
we'll send you email reminders
Presented by
ISSA International
Presentation preview: Practical Advice for the Proactive SOC: How to Escape The Vicious Cycle of React

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • CrowdStrike & ExtraHop Partner to Stop Breaches with Integrated Cloud-Native EDR Jun 24 2020 5:00 pm UTC 45 mins
    Phil Shigo, VP Business Development, ExtraHop & Darcelle Dunn Sr. Manager, Business Development Program | CrowdStrike
    The integration between ExtraHop Reveal(x) and CrowdStrike Falcon Insight merges complete network visibility, machine learning behavioral threat detection and real-time decryption with powerful endpoint security and instant remediation.

    Attendees of this webinar will learn directly from ExtraHop and CrowdStrike about how our Fortune 100 customers are already using this recently launched solution, and how the integration can provide enterprise security operations teams with capabilities and immediate value like:

    Instant and automated detection, validation, and containment of network threats like ransomware, privilege escalation, and data exfiltration, as well as endpoint threats, for complete attack surface coverage.

    Automatic discovery and device identification of everything communicating on the network, including IoT-connected devices, remote connections, devices incompatible with agent installation, and devices impacted by threats where no CrowdStrike agent was yet installed.

    Broad MITRE ATT&CK Framework coverage of both network-focused and endpoint-focused tactics, techniques, and procedures.
  • Unifying Security Across Multicloud, Hybrid, & Remote Deployment Jun 11 2020 5:00 pm UTC 60 mins
    Ryan Davis, Sr. Cloud Product Manager at ExtraHop
    In the first quarter of 2020, organizations around the world experienced massive disruption as workforces rapidly transitioned to remote work and operations shifted off-premises. While the first phase of this shift focused primarily on making critical assets available to employees, the next phase will focus on how to enable that model long term and at scale. At the center of that transformation are cloud and IoT.

    Join this webinar to learn about Reveal(x) 360 and how ExtraHop’s SaaS offering is natively delivered from the cloud and provides Network Detection and Response capabilities to create faster time to value without management burden. Organizations benefit from unified 360-degree visibility and situational intelligence spanning from the edge (IoT and remote workforce) to the core (data centers and branch offices) to the cloud (AWS, Azure, and Google Cloud) to monitor and respond to actual threats.
  • The State of IT Operations and Cybersecurity Operations Recorded: May 22 2020 58 mins
    Sri Sundaralingam - ExtraHop / Shamus McGillicuddy, VP of Research & Network Management at EMA / Lee Chieffalo - Viasat
    Strategies for Optimizing Teams, Toolsets, and Budgets

    ExtraHop partnered with Dark Reading for a webinar to discuss how as companies tighten their belts, the need for coordination between operations and security has never been more urgent. This webinar explores the state of the relationship between IT Ops and SecOps through an in-depth Dark Reading survey

    Speakers
    Sri Sundaralingam, VP of Product and Solutions Marketing, ExtraHop
    Lee Chieffalo, Network and Security Engineer, Viasat
    Shamus McGillicuddy, VP of Research & Network Management, EMA
  • Discover What You’ve Been Missing in Your Google Cloud Deployments Recorded: May 21 2020 57 mins
    Dan Frey and Vince Stross of ExtraHop & Shishir Agrawal and Yang Liang of Google Cloud
    The modern enterprise encompasses a complex web of workloads consisting of hardware, applications, and data spread across edge, core, and cloud deployments. Add a growing remote workforce using a wide variety of devices, and the security challenges multiply quickly. With the release of Google Cloud’s Packet Mirroring feature, accessing network packets in VPCs just became much easier. Cloud-native NDR was the missing piece that prevented SecOps from completing Gartner’s SOC Cloud Visibility Triad. Now, enterprises can combine NDR, SIEM, and EDR, enabling SecOps and DevOps to achieve a holistic approach to cloud security and eliminate the risks of misconfiguration, undetected attacks, lateral movement, and data exfiltration.

    Join this webinar to experience a presentation and live demo that will show how you can gain complete visibility into traffic traversing your Google Cloud workloads by leveraging Google Cloud’s Packet Mirroring service. During this session, join Dan Frey (Cloud PMM, ExtraHop), Vince Stross (Principal Sales Engineer, ExtraHop), Shishir Agrawal (PM Cloud Networking, Google Cloud), and Yang Liang (PMM, Google Cloud) will present the benefits of adopting a cloud-native approach to Network Detection and Response (NDR) and will share insights about how SecOps and DevOps teams can hold up their side of the shared responsibility model and deliver unified security across the hybrid attack surface.
  • Migrating to the Cloud while Maintaining Security and Network Performance Recorded: Apr 30 2020 53 mins
    John Pescatore, Emerging Trends Director at SANS; Juan Canales, Sr. Manager of Enterprise Security and Architecture at HPMG
    WhatWorks in Migrating to the Cloud while Maintaining Security and Network Performance (with a remote workforce)

    The need for businesses to rapidly move to near 100% work at home has increased the importance of detailed and accurate visibility into user activity in remote connections to both on-premises data centers and public cloud-based services. One effective and efficient way of achieving this visibility is for network operations and security operations to use common tools that support the views and insight into both performance issues and security-relevant changes and anomalies.

    During this SANS WhatWorks webcast, SANS Director of Emerging Security Trends John Pescatore interviews Juan Canales, Sr. Manager of Enterprise Security and Architecture at Hill Physicians Medical Group (HPMG), to gain Mr. Canales' insight on what he went through in the business justification and deployment of ExtraHops Reveal(x) to increase visibility into network traffic during HPMG's transition to cloud-based computing. This visibility has already proved invaluable in maintaining reliability and security of remote communications as HPMG runs completely remote operations during the current health crisis.

    Join SANS Pescatore and Juan Canales to hear details on his selection, deployment and experience using ExtraHop. The webcast includes a discussion of lessons learned and best practices and gives you the opportunity to ask questions to get deeper insight.
  • Office Shutdown: Securing an Increased Remote Workforce Recorded: Apr 16 2020 64 mins
    John Smith, ExtraHop; Glenn Leifheit, Microsoft; Tim Campo, (ISC)2; Diane Brown, Ulta; Brandon Dunlap (Moderator)
    The COVID-19 virus outbreak has put immense pressure on IT organizations who now need to scale remote access quickly to thousands of users working from home. Many organizations did not have a plan in place for this and are doing the best they can. Many remote workers haven’t been issued laptops or are using unmanaged devices that may not have adequate protections. Some companies are running into licensing issues for things like their VPN connections. Join ExtraHop and (ISC)2 on April 16, 2020 at 1:00PM Eastern for a timely discussion on how you can deal with performance and security implications of this shift and receive tips and best practices on how to deal with the situation we find ourselves in.
  • New IT Realities: A Panel Discussion on Rapidly Scaling Remote Access Recorded: Apr 2 2020 45 mins
    John Smith, Principal Engineer at ExtraHop; Bri Hatch, Director of IT at ExtraHop
    The COVID-19 pandemic is straining remote access infrastructure and the IT organizations that support them. Many IT teams are doing the best they can to accommodate thousands of users working from home, while Security teams are preparing to defend a newly enlarged and more porous attack surface. Join our expert panel on a timely discussion and best practices on how to handle the performance and security implications of this shift.
  • Network Visibility and Threat Detection: A SANS Survey Recorded: Apr 1 2020 62 mins
    Ian Reynolds, Certified Instructor at SANS; John Smith, Principal Engineer at ExtraHop
    As organizations continue to move to the cloud, encrypt communications, adopt IoT and manage third-party vendors, the complexity of the network increases, impeding visibility, slowing operations and impacting security. This survey is designed to understand the current state of visibility and how organizations can make better use of network data to detect threats and troubleshoot connectivity problems. In this webcast, we explore the biggest issues facing network and security teams to offer insight into improving security operations.

    Attend this webcast to learn more about the:

    - Level of visibility into north-south and east-west traffic
    - Confidence in network visibility to detect threats
    - Concerns over encrypted traffic
    - Use of network and packet data for detection
    - Most commonly used network security tools to detect and investigate threats
    - Adoption of automation for visibility, detection and response
  • Multi-Cloud Security: Removing Friction from the Development Process Recorded: Mar 31 2020 61 mins
    Ryan Davis, Sr. Cloud Product Manager at ExtraHop; Fernando Montenegro, Principal Analyst, at 451 Research
    An estimated 500 million new apps will be created in the next five years—more than the total created in the previous four decades. Cloud workflows have helped organizations of all sizes adopt a DevOps mindset, but for SecOps, digital transformation to the cloud creates new vulnerabilities

    Cloud environments expand the attack surface and erase visibility into critical infrastructure and applications, introducing so much complexity—especially inthe case of multi-cloud, used by many 80 percent of enterprises and growing—that many security leaders are forced to say “no” to progress.

    There is a way to attack this problem from the inside out. Network Detection and Response (NDR) cuts through hybrid, cloud, and multi-cloud complexity to deliver visibility, threat detection, and automated response at scale.

    Join this webinar to learn how cloud deployments are affecting security teams and how they can use agentless NDR to remove friction with developers, help developers bake security into their processes, and gain the speed and agility in threat detection and response they need to secure their growing business.
  • Keeping Network Inspection Visibility in the Age of TLS 1.3 Recorded: Mar 30 2020 63 mins
    Matt Bromiley, Incident Response Instructor at SANS; John Smith, Principal Engineer at ExtraHop
    Keeping Network Inspection Visibility in the Age of TLS 1.3: What To Do When The Network Goes Dark

    Like it or not, TLS 1.3 is coming and will make network traffic opaque to inspection. This discussion will cover lessons learned from real-world, large-scale experience decrypting PFS-encrypted traffic and the various options available, including SSL fingerprinting, proxies and session-key forwarders installed on critical servers. Attendees will be able to formulate a strategy for retaining visibility into encrypted traffic that works for their organization.
  • Using MITRE ATT&CK In Cloud and Hybrid Environments Recorded: Mar 5 2020 59 mins
    Vince Stross, Princ. Security SE, ExtraHop; Blake Strom, ATT&CK Leader, MITRE; Chip Wagner, Cybersecurity Leader, IBM
    The MITRE ATT&CK Framework provides an excellent structure for security professionals to identify the strengths and gaps in their ability to detect attacker tactics, techniques, and procedures (TTPs) in the environment. The framework is applicable for cloud, on-premises, and hybrid environments. Join ExtraHop and (ISC)² on March 5, 2020 at 1:00PM Eastern for a discussion on the MITRE ATT&CK Framework as we look at:

    • How to get the most value from the MITRE ATT&CK Framework in a hybrid environment

    • How upcoming changes in MITRE ATT&CK may affect utilization of the framework by SecOps teams

    • How MITRE ATT&CK fits into an overall framework-driven strategy for improving detection coverage and security maturity in hybrid enterprises of all sizes.
  • Cloud-Native Network Detection and Response Recorded: Feb 19 2020 63 mins
    Sri Sundaralingam, VP of Product Marketing at ExtraHop and Matt Alderman, CEO at Security Weekly
    As more organizations adopt hybrid environments, integrating visibility and control of your cloud assets with your data center assets is challenging. In this webinar, Paul Asadoorian and Matt Alderman will discuss the challenges of visibility and control in the cloud. Sri Sundaralingam, Vice President, Product and Solutions Marketing at ExtraHop, will discuss a cloud native approach to network detection and response across your hybrid environment and demo ExtraHop’s capabilities, including:

    - Complete visibility, including cloud
    - Real-time threat detections
    - Intelligent response
  • Best Practices for Getting Better at Threat Hunting in 2020 Recorded: Feb 18 2020 49 mins
    Tanner Payne, Sr. Sales Engineer at ExtraHop and Holger Schulze, CEO at Cybersecurity Insiders
    SecOps teams that embrace proactive threat hunting have a huge opportunity to improve their effectiveness in 2020 and beyond. 44% of respondents to the Cybersecurity Insiders Threat Hunting survey indicated that threat hunting should be a top priority, and 71% said their SOC doesn't spend enough time searching for emerging and advanced threats. This webinar will cover:

    - 2020 Cybersecurity Insiders Threat Hunting Survey Results
    - Trends, gaps, and areas for improvement in threat hunting
    - Proven best practices security operations teams can use to accelerate and improve their threat hunting practices using existing data sources and tools.
  • SANS Institute: 2020 Cybersecurity Spending Survey Panel Discussion Recorded: Feb 4 2020 58 mins
    Barbara Filkins, Research Director at SANS; John Smith, Principal Engineer at ExtraHop
    This webcast will more closely examine the results of the SANS 2020 Cybersecurity Spending Survey. A panel of sponsor representatives, led by survey author Barbara Filkins and survey advisor John Pescatore, will explore themes that emerged during the survey.

    In this webcast, Barbara Filkins and John Pescatore will provide analysis of survey results and reveal strategies that organizations can use to justify security spending.
  • Black Hat Webcast Series - Automated Threat Detection and Response Recorded: Jan 29 2020 62 mins
    Ty Miller, Managing Director at Threat Intelligence; Vince Stross, Security SE at ExtraHop Networks
    A survey of 120 Black Hat students across our Black Hat USA and Europe training courses revealed a scary statistic ... Not a single security professional in the training had the in-depth knowledge or skills to effectively carry out an incident response investigation from end-to-end to contain a breach of their organization.

    Unfortunately, this is a true representation of the state of the IT security industry today and is the fundamental reason why the bad guys are winning. Whilst we continue to use traditional security strategies, the bad guys will continue to win.

    With limited security skills, resources and budgets, the only way that your organization will survive moving forward is to modernize your security capabilities through automated threat detection and response.

    We will discuss the problem space in more detail and how you can significantly reduce the cost of a security breach by enhancing your security operations, and streamlining your threat detection, evidence collection, evidence analysis, and automated response for real-time breach containment.
  • How NDR Powers Event-Driven Security in the Cloud Recorded: Jan 28 2020 44 mins
    Ryan Davis, Senior Manager, Cloud Product Marketing & Vince Stross, Principal Security SE at ExtraHop
    For public cloud customers, event-driven security isn’t just practical—it’s expected. Although organizations still rely on perimeter-focused technologies, they’re moving away from a strictly protect-and-prevent mindset to one that includes detect-and-respond capabilities.

    In this webinar, we’ll dig into how network detection and response (NDR) can power event-driven security in the cloud. Topics will include:
    - How virtual taps enable agentless NDR in the public cloud
    - How NDR completes Gartner’s SOC Visibility Triad in the cloud
    - How NDR can be used for response automation
  • Instilling Cyber Hygiene Among Users and Creating a Culture of Cyber Safety Recorded: Dec 20 2019 59 mins
    Arun Vishwanath, President at Avant Research Group; Vince Stross, Principal Security SE at ExtraHop Networks
    Cyber security doctrines around the world have an avowed goal of improving user cyber hygiene in the workforce. But no entity within the government or in the private sector is clear about how to achieve this.

    Outside of a few thumb rules, such as, asking people to use complex passwords, no cybersecurity professional knows the behaviors that users should or shouldn’t engage in to achieve cyber hygiene.

    Often organizations find creative ways of repurposing what they are already doing—such as extending user training or using phish testing performance data—as a proxy for user cyber hygiene. This is the approach taken by the U.S. Department of Homeland Security’s Continuous Diagnostics and Mitigation program.

    But such approaches cloak the problem or attempt to reframe it, rather than address it.

    This webinar provides the missing pieces—making it possible for IT managers to better quantify the cyber hygiene levels of users and create an effective culture of cyber safety. Learn how IT managers can implement this method with existing phishing penetration testing and awareness training approaches to instill a culture of cyber safety within the enterprise. No longer does cyber hygiene have to be just a talking point. Instead, using the CHI, CSOs can measure, track, compare, calibrate—and achieve cyber hygiene.
  • A Cloud Carol: Visiting the Ghosts of Cloud Security, Past, Present, and Future Recorded: Dec 12 2019 49 mins
    Ryan Davis, Sr. Product Marketing Manager at ExtraHop Networks; Paula Musich, Research Director at EMA
    Cloud has now been around for nearly two decades, and in that time it has altered the past, present and future and sent enterprises down a new path for how IT services are delivered and how businesses view IT resources.

    While cloud is widely accepted as a business accelerator, it continues to haunt security teams who have gotten a “scrooge” reputation when it comes to cloud migration and adoption.

    In this webcast, industry analyst Paula Musich from EMA and Ryan Davis from ExtraHop will take a Dickensian journey through cloud security past, present, and future, and offer strategies for how security teams change the future state from one of cloud stall to one of cloud as a strategic security driver.
  • Unlocking Cloud-Native NDR: How Reveal(x) Cloud Secures AWS Workloads Recorded: Nov 20 2019 37 mins
    Ryan Davis, Sr. Product Marketing Manager at ExtraHop & Jeff Deininger, Principal Engineer - Cloud at ExtraHop
    Tired of stalled cloud migrations because of security concerns? Frustrated by a lack of visibility that leaves your data and applications exposed to threats?

    Join this webinar and live Q&A to see how ExtraHop Reveal(x) Cloud helps enterprises like yours secure cloud workloads and accelerate cloud migration.

    In just 30 minutes, we’ll show you how the only SaaS-based network detection and response (NDR) solution on Amazon Marketplace uses Amazon VPC Traffic Mirroring to provide complete visibility into network traffic.

    Reveal(x) Cloud deploys instantly, passively analyzes network traffic, and delivers immediate asset discovery, real-time threat detection, and machine learning-powered responses.

    Cloud-native NDR was the missing piece that prevented SecOps from completing Gartner’s SOC Cloud Visibility Triad. Learn how combining NDR, SIEM, and EDR makes it possible for SecOps to achieve a holistic approach to cloud security and eliminate the risks of misconfiguration, undetected attacks, lateral movement, and data exfiltration.
  • Cloud Security Fails of 2019 and Where to Focus in 2020 Recorded: Nov 14 2019 58 mins
    Fernando Montenegro, Principal Analyst, 451 Research and Rachel Pepple, Cloud and Security Marketer, ExtraHop
    Security has become one of the most pressing issues for organizations that are moving to the cloud. In this webinar, industry analyst Fernando Montenegro from 451 Research and Rachel Pepple from ExtraHop will take us through the cloud security journey that many enterprises have been on during the past years, looking at the realities of the high points and low points. Based on this look back, Rachel and Fernando will then pivot to what organizations can expect in 2020, where investments should be made, what trends should be closely monitored, and what best practices security teams should consider for a stronger security posture in the cloud.
Automating and streamlining security investigations.
This channel provides educational webinars about security analytics and investigation automation, and product info about ExtraHop Reveal(x), the network security analytics platform powered by AI, providing unprecedented visibility, advanced behavioral analytics, and investigation automation capabilities. Using real-time analytics and ML-driven anomaly detection, ExtraHop Reveal(x) enables security teams to accelerate investigations, reduce false positives, and optimize the capabilities of expert security analysts. To learn more visit www.extrahop.com/revealx

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Practical Advice for the Proactive SOC: How to Escape The Vicious Cycle of React
  • Live at: Apr 17 2019 5:00 pm
  • Presented by: ISSA International
  • From:
Your email has been sent.
or close