Hi [[ session.user.profile.firstName ]]

Best Practices for Getting Better at Threat Hunting in 2020

SecOps teams that embrace proactive threat hunting have a huge opportunity to improve their effectiveness in 2020 and beyond. 44% of respondents to the Cybersecurity Insiders Threat Hunting survey indicated that threat hunting should be a top priority, and 71% said their SOC doesn't spend enough time searching for emerging and advanced threats. This webinar will cover:

- 2020 Cybersecurity Insiders Threat Hunting Survey Results
- Trends, gaps, and areas for improvement in threat hunting
- Proven best practices security operations teams can use to accelerate and improve their threat hunting practices using existing data sources and tools.
Recorded Feb 18 2020 49 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Tanner Payne, Sr. Sales Engineer at ExtraHop and Holger Schulze, CEO at Cybersecurity Insiders
Presentation preview: Best Practices for Getting Better at Threat Hunting in 2020

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • FEDTalks Ep. #1: A Killer Combination - Proactive Threat Hunting and Modern NDR Dec 10 2020 5:00 pm UTC 60 mins
    ExtraHop
    See how the ExtraHop Network Detection & Response (NDR) platform can be used, not only to automatically detect the latest threats, but also for proactive Threat Hunting workflows. Hear from ExtraHop engineering on how to leverage both techniques in order to secure even the most sensitive Federal networks.
  • Technology Sprawl: The Hidden Disease of IT and What to do About it Recorded: Dec 3 2020 61 mins
    John Matthews, CIO, ExtraHop; Michael Weisberg, CISO, Garnet River; Eric Gauthier, VP, Technical Ops, Burning Glass, B Dunlap
    In most enterprises, you have the phenomenon of tool sprawl - the overlapping abundance of technology in which only 20-30% of a product’s functionality is being used. A product is acquired for a particular use case, then another use case and another, resulting in a potpourri of tools with overlapping capabilities and features. Whether its instances in the cloud, security tools, network management or even the proliferation of personal productivity and LOB SaaS applications, the consequence of technology sprawl is not only financial waste, but also user frustration, security risks, operational inefficiencies, technical debt and lack of visibility into the organization’s processes and functions. Join ExtraHop and (ISC)2 on December 3, 2020 at 1:00pm Eastern as a panel of IT and Security executives discuss the root causes of technology sprawl, a path out of this cycle and the benefits to be achieved.
  • How ExtraHop & AWS Power Frictionless Security in the Cloud Recorded: Dec 1 2020 29 mins
    Sarah Gray, Enterprise Solutions Architect at Amazon Web Services and Ryan Davis, Sr. Cloud Product Manager at ExtraHop
    The cloud is proven to spur innovation and efficiency for DevOps and IT Ops, but for many security teams, moving and securing workloads to the cloud spurs thoughts of new vulnerabilities and attack vectors. With SecOps taking the blame for stalled migration efforts and losing control over securing cloud workloads, an increasing number of organizations recognize the need to take a cloud-native approach to securing data and workloads.

    Learn how AWS and ExtraHop empower security teams to stop breaches, not business, with frictionless network detection and response (NDR). Amazon VPC Traffic Mirroring enables NDR solutions to help secure cloud environments with agentless visibility and threat detection.
  • Ransomware Prevention Panel: How to Address a Pervasive & Unrelenting Threat Recorded: Nov 30 2020 66 mins
    Kris Yach, Solutions Engineer at ExtraHop and Justin Henderson, Instructor at SANS
    Ransomware is a fast-growing threat affecting thousands of government agencies and municipalities and now its even targeting itself toward halting critical ICS/SCADA operations.

    This webcast takes a deeper dive into the whitepaper, How to Address a Pervasive and Unrelenting Threat, written by SANS instructor and blue team member Justin Henderson. Justin will moderate a panel that includes sponsor representatives as they explore major themes of the paper.
  • Enabling Detection & Response Across Data Center and Cloud Apps Recorded: Nov 30 2020 58 mins
    David-John Fernandez, IT Security Engineer at Grand Canyon Uni. and John Pescatore, Director of Security at SANS
    Detection and response capabilities to the cloud, while retaining an integrated view across cloud and on-premises systems and networks. One effective and efficient way of achieving this visibility is for network operations and security operations to use common tools that support the views and insight into both performance issues and security-relevant changes and anomalies.

    During this SANS WhatWorks webcast, SANS Director of Emerging Security Trends John Pescatore interviews D.J. Fernandez, IT Security Engineer at Grand Canyon Education, to gain Fernandezs insight into the business justification for advanced network detection and response (NDR) capabilities and the key evaluation factors that resulted in the election and deployment of ExtraHop's Reveal(x) platform to increase visibility into network traffic to secure Grand Canyon's business and customer systems.

    Watch this webinar to hear details on Grand Canyon's selection, deployment and experience using ExtraHop. The webcast includes a discussion of lessons learned and best practices and gives you the opportunity to ask questions to get deeper insight.
  • Extending DevSecOps Security Controls into the Cloud Recorded: Nov 13 2020 62 mins
    Jim Bird, Analyst at SANS and Dan Frey, Cloud Manager at ExtraHop
    In this webcast, survey authors Jim Bird and Eric Johnson will join security experts representing the survey sponsors to discuss results from the SANS 2020 survey, Extending DevSecOps Security Controls into the Cloud. This roundtable will also explore best practices for DevSecOps teams to follow when leveraging todays cloud-based environments.
  • Packets: A New Hope - Defending the AWS Cloud Using Network Detection & Response Recorded: Nov 5 2020 45 mins
    Jeff Deininger, Principle Cloud SE at ExtraHop
    Securing Cloud workloads presents unique challenges, including friction to make native telemetry sources actionable. Using network packets to drive detection and response workflows offers a way forward. 
     
    Cloud providers offer log-based event and configuration monitoring tools but real-time detection and response, requires the richness and authority of full packet data. The Cloud's event-driven-automation paradigm presents new opportunities to streamline the deployment and use of an NDR system that ingests and analyzes data at scale to contain attacks before they become headline-grabbing breaches.
  • Packets: Defending the Cloud with Network Detection & Response Recorded: Nov 5 2020 46 mins
    Jeff Deininger, Principal Sales Engineer, ExtraHop
    The playing field between attackers and defenders is not level, and it’s only becoming more unbalanced because of the complex, layered nature of attack surfaces in the cloud. Attackers can launch millions of arrows and only need one to find its target, while security teams must stop every attack. And when those attacks are successful, more than half of all data breaches take months to discover, and the average time from detection to containment is 279 days. Join ExtraHop and learn how access to packets in the cloud helps security teams move beyond a protect-and-prevent mindset and adopt a detect-and-respond posture that reduces dwell time and slashes time to contain.
  • Aufdecken und Managen von nicht verwalteten Geräten Recorded: Nov 4 2020 62 mins
    Juergen Morgenstern, Sales Engineering Director at ExtraHop and Christian Reuling, Systems Engineer, Keysight
    Mangelnde Sichtbarkeit und die Unfähigkeit, IoT und nicht verwaltete Geräte zu überwachen, erweitern Ihre Angriffsfläche und stellen eine Bedrohung für die Sicherheit Ihrer Hybridnetzwerke dar. Da IoT-Geräte nicht mit Agenten instrumentiert werden können und ein hohes Datenvolumen generieren, können herkömmliche Sicherheitsansätze nicht implementiert werden. Mit Keysight und ExtraHop können Sie alle Geräte im Kontext Ihres restlichen Netzwerks erkennen und überwachen, um Angriffe zu erkennen und darauf zu reagieren, bevor sie zu einem Verstoß werden. Die Teilnehmer unseres Webinars erfahren:

    • Wie Angreifer IoT und nicht verwaltete Geräte ausnutzen, um nicht autorisierten Zugriff zu erhalten
    • Wie Netzwerkerkennung und -reaktion sowie maschinelles Lernen eine wichtige Rolle bei der Untersuchung von Vorfällen spielen
    • Wie ExtraHop und Keysight zusammen einen umfassenden Überblick über alle Geräte bieten, um Angriffe zu stoppen, bevor sie Schaden verursachen
  • Anomaly Based Malware Detection via the Network Detection and Response Toolkit Recorded: Nov 3 2020 28 mins
    Jesse Munos, Technical Marketing Manager, ExtraHop
    New malware variants appear every day. These new variants are designed with enhanced capabilities and evasion techniques that make traditional signature based detection methods of limited utility. However, they all share one thing in common: they require the network in order to spread, exfiltrate data, receive commands, and more. This session will discuss how to leverage Network Detection and Response based tools to uncover, scope, and respond to new malware variants.
  • Discovering and Securing IoT and Unmanaged Devices with ExtraHop and Keysight Recorded: Nov 3 2020 56 mins
    Jamie Moles, Senior Security Engineer at ExtraHop and Russell Hill, Senior Systems Engineer at Keysight
    A lack of visibility into IoT and an inability to monitor unmanaged devices expands your attack surface, posing a threat to the security of your hybrid networks. Because IoT devices can't be instrumented with agents and generate a high volume of data, traditional approaches to security cannot be implemented. With Keysight and ExtraHop, you can discover and monitor all devices in context of the rest of your network , to detect and respond to attacks before they become a breach. Viewers of this webinar will learn:

    • How attackers exploit IoT and unmanaged devices to gain unauthorized access.
    • How network detection and response and machine learning play a significant role in investigating incidents
    • How together ExtraHop and Keysight provide comprehensive visibility into all devices to stop attacks before they cause damage.
  • HTTP Request Smuggling in 2020 Recorded: Nov 2 2020 61 mins
    Amit Klein, VP Security Research at SafeBreach and Jesse Munos, Technical Marketing Manager at ExtraHop
    HTTP Request Smuggling is an attack technique invented in 2005, that exploits different interpretations of a stream of non-standard HTTP requests among various HTTP devices between the client (attacker) and the server (including the server itself). It can be used to smuggle requests across WAFs and security solutions, poison HTTP caches, inject responses to users and hijack user requests.

    In the first part of my talk, Amit presents new HTTP Request Smuggling attack variants that work against present-day web servers and HTTP proxy servers. He also presents an attack which circumvents the HTTP Request Smuggling protection in a free, open source WAF.

    In the second part of his talk, I describe my C++ "Request Smuggling Firewall" class library that can be injected to any user-space process (web server or proxy server) to provide robust socket-level protection against HTTP Request Smuggling.

    He concludes with some anomalies I found in various web servers and proxy servers, showing there is a lot of potential for additional research in this area.
  • How To Use Network Visibility For Deeper MITRE ATT&CK Coverage Recorded: Oct 26 2020 57 mins
    Scott Register, Product Management VP at KeySight and Chase Synder, Product Security Manager at ExtraHop
    This webinar will outline the critical role network detection and response plays in achieving MITRE ATT&CK Framework coverage, and how to use the network to detect late-stage attack tactics and stop the breach! You'll learn how network visibility provides detection and investigation options against late-stage attack activities catalogued in MITRE ATT&CK, including:

    - lateral movement
    - credential access
    - command and control
    - data exfiltration
  • Improving Incident Response Time by 84%: A Forrester TEI Survey Recorded: Oct 20 2020 59 mins
    David Holmes, Forrester Sr. Analyst; Nick Mayberry, Forrester Consultant; Matt Cauthorn, ExtraHop VP of Cybersecurity
    Security teams are tasked to stop threats before their organization is breached. The way forward is to gain complete visibility of what is connected and talking on your hybrid network and increase your analyst's efficiency to detect and respond to incidents faster. Join us as we discuss the recent Forrester Research Total Economic Impact (TEI) study commissioned by ExtraHop where we will discuss how to:

    - improve response times by 84%,
    - reduce unexpected outages by 90%,
    - troubleshoot applications 99% faster,
    - and more, including consolidating security tools and reducing development costs
  • NDRが実現する侵害を前提としたサイバー攻撃対策 Recorded: Oct 14 2020 63 mins
    藤田 達也, シニア・セールスエンジニア, ExtraHop
    今日の脅威の状況下において、多くの組織は、境界を保護するために複数のソリューションを導入していますが、侵害後の攻撃者の活動についての可視性は非常に限られたものとなっています。攻撃者は、そのようなブラインドスポットを利用して偵察を行い、内部ネットワークを巧みに移動しながら、長期間潜伏し、最終的には目的を達成します。
    本セッションでは、NDRが機械学習を利用し攻撃者の活動をリアルタイムに可視化し、調査・対応プロセスを支援することによってどのようにセキュリティ運用に役立つのかをデモを交えながらご紹介します。またハイブリッド環境、マルチクラウド環境、テレワーク環境、IoT環境におけるNDRの有効性をユースケース含めご説明します。

    Presenter: 藤田 達也, シニア・セールスエンジニア, ExtraHop
    Moderator: 小熊 慶一郎, CISSP, Director of Business Development, Japan, (ISC)²
  • 2020 SANS Enterprise Cloud Incident Response Survey: A Panel Discussion Recorded: Sep 29 2020 61 mins
    Tanner Payne, Sr. Sales Engineer at ExtraHop and Chris Dale, Certified Instructor at SANS
    In this webcast, survey author Chris Dale and survey advisor Matt Bromiley will join experts representing the survey sponsors to discuss results from the 2020 SANS Enterprise Cloud Incident Response Survey. This roundtable will also explore best practices for detecting, responding to and remediating incidents in the multi-cloud world.
  • The New Realities of Healthcare IT Recorded: Sep 24 2020 78 mins
    MEDHOST, Pacific Dental Services and AdventHealth
    According to the Department of Health and Human Services, healthcare data breaches increased by 196% from 2018 to 2019 and are expected to see a double digit increase in 2020. Given its valuable data, connected devices and the need for constant data access to ensure continuity of care, Healthcare organizations have been and will likely always be a prime target for cyberattacks. While awareness around these issues has drastically improved, the threat is still as real as it has ever been

    Please join us for a conversation on September 15 as we bring healthcare leaders from MEDHOST , Pacific Dental Services and AdventHealth together to discuss the new realities and challenges facing healthcare IT teams today.

    During our dialogue, our panel of industry leaders will dissect cybersecurity topics relevant to today's ever changing environment including securing IOT devices, cloud adoption, Zero Trust, regional site visibility and the effects of COVID-19, work from home and skill shortage within security teams.
  • ExtraHop #1: Unlocking the Ultimate Source of Truth in the Cloud—Network Data Recorded: Sep 24 2020 58 mins
    Guy Raz, Sales Engineer, ExtraHop; Dan Frey, Sr Product Marketing Mgr, ExtraHop; Brandon Dunlap, Moderator
    Learn how virtual taps from AWS, Azure, and Google Cloud enable NDR solutions to help secure cloud environments with agentless and immutable monitoring and threat detection capabilities. Invisible to attackers, NDR solutions sit out of band and analyze network traffic streams to provide crucial information about devices, users, and potential attacks that other security tools simply can’t. Join ExtraHop and (ISC)2 to examine how best-of-breed NDR also augments security personnel visibility into SSL/TLS 1.3 encrypted traffic and ML-driven threat detection that alerts only on items that matter while providing intelligence to remediation and forensic workflows.
  • ExtraHop #3 How CrowdStrike & ExtraHop Help Augment Security for AWS Deployments Recorded: Sep 23 2020 61 mins
    Chase Snyder, Product Mgr, ExtraHop; Stefan Avgoustakis, Sr Solutions Arch, AWS; Dixon Styres, Solutions Arch, Crowdstrike
    Learn how the integration of ExtraHop Reveal(x) 360 and CrowdStrike Falcon helps security teams detect and respond instantly to sophisticated attacks including network privilege escalation, lateral movement, suspicious VPN connections, data exfiltration and more. The joint solution provides powerful endpoint security and automated remediation of threats while discovering vulnerabilities arising due to the remote workforce shift and increased hybrid cloud adoption.
  • The Ripple Effect: Latent Vulnerabilities to Be Felt for Years to Come Recorded: Sep 17 2020 60 mins
    Matt Cauthorn, VP Sales Eng, ExtraHop; Kevin McNamee, Dir Threat Intel, Nokia; Graham Speake Sr. Sec Mgr, Brandon, Moderator
    Have you heard about Ripple20? It’s a series of 19 vulnerabilities detected in a widely used TCP/IP stack (Treck) could expose hundreds of millions of devices in healthcare and industrial settings to remote code execution and more. The Treck stack has been used in embedded devices for more than twenty years. These devices are hard to identify and more difficult to patch. Should you remove and/or replace these devices? That can get pricey. Join ExtraHop and (ISC)2 on September 17, 2020 at 1:00 p.m. Eastern as we explore the ramifications of this, how to detect vulnerable devices and determine if you should patch or replace.
Helping you gain the perspective to secure the hybrid enterprise
The prevention and protection model of cybersecurity isn’t working: between the cloud, IoT, and the sheer pace of change, the enterprise is no longer built to be walled in. This channel provides educational webinars to help SecOps (SOC) and NetOps (NOC) teams, from CIOs and CISOs to analysts and practitioners, change their perspective in order to identify, investigate, and respond to threats across the modern attack surface. We explore how cloud-native network detection and response (NDR) provides the complete visibility, real-time threat detection, and intelligent response you need to secure your hybrid environment. You’ll also find product information about ExtraHop Reveal(x) which enables you to: Eliminate blind spots: Cover 100% of your hybrid environment, Detect what matters: Find threats 95% faster, and Act quickly: Respond to breaches 70% faster.

Learn more at www.extrahop.com

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Best Practices for Getting Better at Threat Hunting in 2020
  • Live at: Feb 18 2020 6:45 pm
  • Presented by: Tanner Payne, Sr. Sales Engineer at ExtraHop and Holger Schulze, CEO at Cybersecurity Insiders
  • From:
Your email has been sent.
or close