Network Visibility and Threat Detection: A SANS Survey
As organizations continue to move to the cloud, encrypt communications, adopt IoT and manage third-party vendors, the complexity of the network increases, impeding visibility, slowing operations and impacting security. This survey is designed to understand the current state of visibility and how organizations can make better use of network data to detect threats and troubleshoot connectivity problems. In this webcast, we explore the biggest issues facing network and security teams to offer insight into improving security operations.
Attend this webcast to learn more about the:
- Level of visibility into north-south and east-west traffic
- Confidence in network visibility to detect threats
- Concerns over encrypted traffic
- Use of network and packet data for detection
- Most commonly used network security tools to detect and investigate threats
- Adoption of automation for visibility, detection and response
RecordedApr 1 202062 mins
Your place is confirmed, we'll send you email reminders
Speakers: Chase Snyder, Sr. Product Marketing Manager & Greg Copeland, Director, Business Development
When the SolarWinds SUNBURST attack, with its broad impact and dwell time of nearly a year, hit the news, many security teams realized they needed a faster, lower friction way to investigate past exposure. Collaboration between the NetOps and SecOps teams can provide a better approach to responding to advanced threats in the future. This webcast will outline the benefits of sharing data and tools between security, network, and other teams for accelerated incident response, reduced risk, and greater effectiveness.
How NetOps and SecOps can work together to accelerate incident response and troubleshooting.
Why network data forms a foundation for security and operational activities
How to ensure complete collection of all network data, and efficient tool sharing
How to investigate and respond to SolarWinds SUNBURST and potential future supply chain attacks that give attackers access inside your environment
If you cannot attend the live event, please register to receive the recording when it becomes available.
John Titmus, EMEA Director, ExtraHop and John Lester, Security Engineering Manager, CrowdStrike
The integration between ExtraHop Reveal(x) and CrowdStrike Falcon Platform merges complete network visibility, machine learning behavioural threat detection and real-time decryption with powerful endpoint security and instant remediation.
Attendees of this webinar will learn directly from ExtraHop and CrowdStrike about how our Fortune 100 customers are already using this recently launched solution, and how the integration can provide enterprise security operations teams with capabilities and immediate value like:
- Instant and automated detection, validation, and containment of network threats like ransomware, privilege escalation, and data exfiltration, as well as endpoint threats, for complete attack surface coverage.
- Automatic discovery and device identification of everything communicating on the network, including IoT-connected devices, remote connections, devices incompatible with agent installation, and devices impacted by threats where no CrowdStrike agent was yet installed.
- Broad MITRE ATT&CK Framework coverage of both network-focused and endpoint-focused tactics, techniques, and procedures.
Don Shin, Sr. PMM, ExtraHop; Matthew Waddell, Dir of DFIR, CBI; Brandon Dunlap, Moderator
Traditional Intrusion Detection Systems rely on brittle signatures, and can be a major resource drain. As the internet continues to evolve, so do the methods and tactics of the adversary. Attackers are now more focused on your users rather than system vulnerability exploits. A new approach is needed….one that encompasses machine learning anomaly detection, cross platform visibility and cloud ready. Join ExtraHop and (ISC)2 on March 11, 2021 at 1:00pm for a discussion on Next Generation IDS and how it can provide more than just a compliance check off and provide context to the alerts you receive.
If you’re swimming in security incident data, alerts, and log files, you’re not alone. How can you aggregate that data and analyze it quickly, to identify sophisticated or obfuscated attacks? In this webinar, experts discuss ways to effectively collect and analyze large amounts of security data, enabling you to surface the threat and exploit information that you need to defend your enterprise. Speakers will also offer recommendations on how to automate some of that data analysis, so that you can identify threats more easily, and stop attackers more quickly.
Dan Frey, Senior Cloud Product Marketing Manager, ExtraHop & Guy Raz, Sales Engineer at ExtraHop
Your attack surface is expanding from the on-prem data center to the cloud to remote deployments and the device edge. But your tools only secure the perimeter or rely on logs and agents, you’re leaving visibility gaps that adversaries can use to attack critical workloads and data.
In this webinar, you’ll learn how network detection and response (NDR) eliminates visibility gaps across your attack surface by unlocking data from network traffic packets, the ultimate source of truth in cloud and hybrid security. There’s no need to deploy agents, so you can secure your cloud workloads without slowing down or impeding your dev teams. We’ll also walk through a live demo of how to stop advanced threats like supply chain attacks, zero-day exploits, and more.
Seth Fogie, Security Director, Penn Medicine // Guy Raz, Sr. Systems Engineer, ExtraHop
Healthcare security teams are in a tough spot. While the provider industry is taking security seriously, they are at the mercy of the software vendors who provide the healthcare organizations with the data delivery, processing and storage solutions that are critical to delivering patient care and keeping patient data secure. Given the reliance on these systems, it begs the question – how secure are these solutions?
Seth Fogie has spent the last 10+ years in the trenches of the healthcare industry and has seen the good, bad and ugly of what is being provided to your providers. As an insider, Seth has experienced the unique tension healthcare security teams face as they work to securely implement these solutions and will share some of what has been found.
The core of this presentation will focus on vulnerabilities and design issues within healthcare solutions. As we will illustrate through the dissection of numerous clinical focused systems, including radiology reading, EMR downtime, patient entertainment, pharmacy distribution, nurse communication, M&A EMR, clinical documentation and temperature monitoring systems, the prognosis doesn’t look good. Unfortunately, it is our experience that there are few solutions within the hospital enterprise that do not have issues.
The goal for this public 'biopsy'? The healthcare security community needs help increasing the pressure to ensure all of our data is safe from poorly designed and developed vendor solutions. While we can't play the name and shame game for a number of reasons, we want to increase awareness through numerous technical illustrations and ask for your help in increasing scrutiny on all healthcare solutions. This isn't just an application security problem – it is all our healthcare data at risk and this audience is positioned in a unique spot to help.
On December 13, 2020 when the SolarWinds Orion SUNBURST backdoor vulnerability was disclosed, the entire security community sprung into action. The attack had potential to do immense damage, and everyone worked tirelessly to respond fast. FireEye and ExtraHop were among the first to release SUNBURST associated domains and IP addresses to be used for threat intel, forensic investigation, and response.
This session will cover:
- Background on the SUNBURST attack and how it was so stealthy and hard to detect
- How ExtraHop uncovered new threat intelligence for use in investigating and responding to SUNBURST
- Why internal network traffic is such a strong data source for detecting and responding to supply chain attacks like SUNBURST.
Speakers Gustavo Amador-Nieto, EMEA Enterprise SE Lead at KeySight; Youssef Agharmine, Security Sales Engineer at ExtraHop
Le manque de visibilité sur votre écosystème IoT et l'impossibilité de surveiller les appareils non gérés élargissent votre surface d’attaque, mettant ainsi en danger la sécurité de vos réseaux hybrides. Le problème des objets connectés, c'est qu'ils génèrent des masses de données et qu'il est impossible d'y installer des agents. D'où l'impuissance des approches de sécurité traditionnelles. Avec Keysight et ExtraHop, vous découvrez et surveillez tous les appareils connectés à votre réseau pour détecter et répondre aux attaques avant qu’elles ne compromettent votre environnement. Au programme de ce webinaire :
• Méthodes des attaquants pour obtenir des accès non autorisés via des appareils non gérés ou des IoT
• Rôle crucial du machine learning et des fonctionnalités de détection et de réponse sur le réseau (NDR) pour investiguer les incidents
• Capacité d’ExtraHop et Keysight à fournir une visibilité complète sur tous les appareils et stopper les attaques avant qu’elles ne frappent
John Smith, Principal Engineer at ExtraHop; Dave Shackleford, Analyst at SANS
It has been a time-honored, folklore tradition from Bram Stoker all the way down to "Buffy the Vampire Slayer" that a vampire must FIRST be invited in to enter your home. At the end of 2020, the worst Supply Chain attack in memory meant that 18,000 companies unknowingly invited digital vampires to enter their networks and feast on their intellectual property.
Given that sophisticated actors will continue, how can you use covert countermeasures to flag unusual and malicious behavior, investigate and respond to stop them before they breach your network?
In this talk, we will use the SUNBURST backdoor exploit as a backdrop since the majority of the IOCs were Network visible (Domains, Subdomains and IP Addresses).
- How to flag suspicious behavior regardless of its presence on a threat intelligence blacklist or the IOC
- How Split-Tunnel VPNs have removed C2 visibility from us and the risk that raises
- How to use the value of the covert, always-on, always watching network
We will conclude with how to use Network Detection and Response (NDR) as a cross and Endpoint Detection and Response (EDR) as a wooden stake to stop advanced threats.
Chase Snyder Sr. Prod Mktg Mgr, ExtraHop; Raj Goel, Brainlink; Lloyd Diernisse; B. Dunlap, Moderator
XDR (Extended Detection and Response) promises to unite and integrate such security tools as focused on threat protection, detection and response, creating a single megasolution. Such an approach could yield significant benefits for an organization, Join ExtraHop and (ISC)2 on January 28, 2021 at 1:00PM Eastern for an examination on the costs and benefits of this strategy, a discussion of use cases, as well as:
• How to avoid vendor lock-in while still getting the best security tools available
• What XDR is, and what it isn't, including which data sources and security tools are typically included in XDR offerings, and how they work together.
• The advantages and disadvantages of Best of Breed vs. Single Vendor detection and response strategies.
TJ Banasik, Analyst at SANS and Dan Frey, Cloud Marketing Manager at ExtraHop
The public cloud is changing how you do business, and it’s also forcing you to evolve your security models. To help you create effective defensive strategies for cloud service provider (CSP) environments used by employees, remote workforces, contractors, and customers, SANS surveyed a wide range of professionals across industry verticals to learn their approaches to security.
Watch the webcast to learn more about:
- Common cloud architectures
- Popular security products
- Spending trends on tooling and architecture
- CSP-native tools vs. industry leading security products
Alex Pinto, DBIR Team Manager and Co-Author, Verizon // Sri Sundaralingam, VP of Security and Cloud Solution, ExtraHop
The Verizon Data Breach Investigations Report (DBIR) has been a staple in security reporting for over a decade, always aiming to both document and inform on the current shape of the security threat landscape. It has also been a cathartic outlet of bad jokes and puns for the authoring team.
While the main purpose of the report is to examine what has recently (and not so recently) occurred, it has become clear to the team that over time attackers will attempt to maximize their Attack Return on Investment (AROI). While we can't tell you what the Next Big Attack (tm) will be in 2021, we'll delve into what the data suggests will define it and help to prepare for it.
Join us on a critical analysis of over a decade of alternating very stale and surprising trends, and learn how to better strategize in a landscape that changes very slowly at first and then suddenly all at once.
Sonal Shetkar, ExtraHop // Paul Brager Jr., Baker Hughes, a GE company
As the Internet of Things (IoT) becomes a broader reality in business, IT and security professionals are being challenged to find ways to secure Internet-enabled technology in all types of non-computer devices. How can an enterprise IT department develop and manage an effective security strategy for IoT technology? In this webcast, experts discuss the most effective approaches to securing the embedded systems used in their enterprise and offer advice on monitoring and protecting next-generation IoT technology.
When you attend this webinar, you will:
- Get an overview of best practices for security IoT technology in your enterprise
- Learn about potential threats to IoT systems and devices
- Gain insight on how to integrate IoT security into your broader enterprise cybersecurity strategy
- Learn more about currently-available IoT security tools and technology
- Find out how to assess and monitor the security of IoT devices attached to your enterprise network
Dave Shackleford, Instructor at SANS and Jeff Deininger, Principal Sales Engineer, Cloud at ExtraHop
As the use of cloud computing has grown, so has the concept of the shared responsibility model for data protection and cybersecurity in general. While not a new concept, the nature of shared security responsibilities has changed with the advent of the cloud. While all cloud providers are wholly responsible for physical security of their data center environments, data center disaster recovery planning, business continuity, and legal and personnel requirements that pertain to security of their operating environments, cloud customers still need to plan for their own disaster recovery and continuity processes, particularly in IaaS clouds where theyre building infrastructure.
If any of this sounds confusing, thats because it is! There are many challenges facing us as the pace of cloud implementation accelerates. Theres an enormous amount of complexity with new services and software-defined infrastructure.
Today, theres no doubt at all that the attackers have discovered new attack paths and techniques that target cloud environments. The nature of todays security operations has to change as we move to the cloud. With this webcast, we will discuss the definitive lack of skills in cloud technologies (and security specifically, leading to deficiencies in cloud detection and response workflows), the much faster deployments and changes to keep pace with, and a need for new and better controls to help combat these systemic challenges. To begin figuring out what to do about them, we need a better grounding in exactly who is responsible for what in the cloud, and what kinds of security controls and services are best suited to helping cloud security operations mature and grow.
Dave Shackleford, Instructor at SANS and Jesse Munos, Technical Manager at ExtraHop
In the past decade, the information security industry has learned a lot about what attackers do during campaigns against targets. While we dont always understand motivation behind the attacks, most attacker goals are focused on data access and exfiltration of sensitive data. Sophisticated attackers often use advanced malware-based espionage that can aggressively pursue and compromise specific targets. Once a compromise has occurred, attackers attempt to maintain a persistent presence within the victims network, escalate privileges, and move laterally within the victims network to extract sensitive information to locations under the attackers control.
Enterprise security teams have struggled to keep pace with attacker tactics and techniques, and many of the security tools weve relied on have not kept up with new methods of ingress, data access, and exfiltration, either. Security teams are facing pressure to detect attacks and respond to them more rapidly, which is difficult when trying to find evidence of lateral movement, reconnaissance, privilege escalation, and other stealthy behavior. Compounding this is a lack of critical skills in security operations, and were relying on busy, short-staffed teams to do more all the time. To enable more junior analysts to more readily and effectively contribute, the primary security detection and response platforms organizations use will need to be much more intuitive and capable.
ExtraHops Reveal(x) security analytics product, provides security analysts with a platform that can rapidly analyze huge quantities of data without acquiring full network packets. Join us in this webcast to learn from Dave Shackleford and his review of the ExtraHop Reveal(x) product. Being the third time reviewing this product, Dave will share his insights on the many enhancements and new features help intrusion analysis and investigation teams analyze malicious behavior in their environments even more rapidly and effectively.
See how the ExtraHop Network Detection & Response (NDR) platform can be used, not only to automatically detect the latest threats, but also for proactive Threat Hunting workflows. Hear from ExtraHop engineering on how to leverage both techniques in order to secure even the most sensitive Federal networks.
John Matthews, CIO, ExtraHop; Michael Weisberg, CISO, Garnet River; Eric Gauthier, VP, Technical Ops, Burning Glass, B Dunlap
In most enterprises, you have the phenomenon of tool sprawl - the overlapping abundance of technology in which only 20-30% of a product’s functionality is being used. A product is acquired for a particular use case, then another use case and another, resulting in a potpourri of tools with overlapping capabilities and features. Whether its instances in the cloud, security tools, network management or even the proliferation of personal productivity and LOB SaaS applications, the consequence of technology sprawl is not only financial waste, but also user frustration, security risks, operational inefficiencies, technical debt and lack of visibility into the organization’s processes and functions. Join ExtraHop and (ISC)2 on December 3, 2020 at 1:00pm Eastern as a panel of IT and Security executives discuss the root causes of technology sprawl, a path out of this cycle and the benefits to be achieved.
Sarah Gray, Enterprise Solutions Architect at Amazon Web Services and Ryan Davis, Sr. Cloud Product Manager at ExtraHop
The cloud is proven to spur innovation and efficiency for DevOps and IT Ops, but for many security teams, moving and securing workloads to the cloud spurs thoughts of new vulnerabilities and attack vectors. With SecOps taking the blame for stalled migration efforts and losing control over securing cloud workloads, an increasing number of organizations recognize the need to take a cloud-native approach to securing data and workloads.
Learn how AWS and ExtraHop empower security teams to stop breaches, not business, with frictionless network detection and response (NDR). Amazon VPC Traffic Mirroring enables NDR solutions to help secure cloud environments with agentless visibility and threat detection.
Kris Yach, Solutions Engineer at ExtraHop and Justin Henderson, Instructor at SANS
Ransomware is a fast-growing threat affecting thousands of government agencies and municipalities and now its even targeting itself toward halting critical ICS/SCADA operations.
This webcast takes a deeper dive into the whitepaper, How to Address a Pervasive and Unrelenting Threat, written by SANS instructor and blue team member Justin Henderson. Justin will moderate a panel that includes sponsor representatives as they explore major themes of the paper.
David-John Fernandez, IT Security Engineer at Grand Canyon Uni. and John Pescatore, Director of Security at SANS
Detection and response capabilities to the cloud, while retaining an integrated view across cloud and on-premises systems and networks. One effective and efficient way of achieving this visibility is for network operations and security operations to use common tools that support the views and insight into both performance issues and security-relevant changes and anomalies.
During this SANS WhatWorks webcast, SANS Director of Emerging Security Trends John Pescatore interviews D.J. Fernandez, IT Security Engineer at Grand Canyon Education, to gain Fernandezs insight into the business justification for advanced network detection and response (NDR) capabilities and the key evaluation factors that resulted in the election and deployment of ExtraHop's Reveal(x) platform to increase visibility into network traffic to secure Grand Canyon's business and customer systems.
Watch this webinar to hear details on Grand Canyon's selection, deployment and experience using ExtraHop. The webcast includes a discussion of lessons learned and best practices and gives you the opportunity to ask questions to get deeper insight.
Helping you gain the perspective to secure the hybrid enterprise
The prevention and protection model of cybersecurity isn’t working: between the cloud, IoT, and the sheer pace of change, the enterprise is no longer built to be walled in. This channel provides educational webinars to help SecOps (SOC) and NetOps (NOC) teams, from CIOs and CISOs to analysts and practitioners, change their perspective in order to identify, investigate, and respond to threats across the modern attack surface. We explore how cloud-native network detection and response (NDR) provides the complete visibility, real-time threat detection, and intelligent response you need to secure your hybrid environment. You’ll also find product information about ExtraHop Reveal(x) which enables you to: Eliminate blind spots: Cover 100% of your hybrid environment, Detect what matters: Find threats 95% faster, and Act quickly: Respond to breaches 70% faster.
Network Visibility and Threat Detection: A SANS SurveyIan Reynolds, Certified Instructor at SANS; John Smith, Principal Engineer at ExtraHop[[ webcastStartDate * 1000 | amDateFormat: 'MMM D YYYY h:mm a' ]]62 mins