Hi [[ session.user.profile.firstName ]]

Threat Detection in TLS: The Good, the Bad, and the Ugly

While TLS (formerly known as SSL) has become the de facto way of encrypting data in motion on networks, it can also hide threats from your InfoSec team. As the volume of encrypted traffic continues to grow, organizations become even more vulnerable to encrypted attacks, hidden command and control threats and data exfiltration exploits that go undetected.

To make this situation even more complex, the TLS 1.3 draft 28 proposal, ratified at the IETF 101 conference in London and now moving toward official RFC status, has actually removed the visibility which was widely deployed for threat identification in TLS 1.2.

Once again, InfoSec teams find themselves at the fulcrum of a delicate balancing act. On one hand, encryption is moving toward ubiquity but on the other, we need to detect when threat actors use it too. And in detecting that misuse, we need to acknowledge and address critical management, troubleshooting, legal, regulatory, ethical and technical concerns. For example, we can’t decrypt just at the edge of our networks if we believe “perimeter security is dead.” Proxies on the network edge are a step backwards.

What can you do? “Threat Detection in TLS: The Good, the Bad and the Ugly” will discuss the necessity of deploying TLS decryption in the core of networks and will explore innovative architectures that deliver that capability while maintaining availability and reliability.

Learn how organizations can manage growing SSL/TLS traffic volumes by creating a centralized “decryption zone” to decrypt traffic once and give security tools newfound visibility into formerly encrypted traffic and threats.
Recorded Dec 11 2018 59 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Ian Farquhar, Distinguished Sales Engineer, Gigamon
Presentation preview: Threat Detection in TLS: The Good, the Bad, and the Ugly
  • Channel
  • Channel profile
  • Taking a Network Centric approach to Ransomware Detection and Mitigation Nov 24 2021 6:00 pm UTC 34 mins
    George Sandford, Sr. Mgr, ThreatINSIGHT Customer Success + David Torres, ThreatINSIGHT Technical Success Manager - Gigamon
    The recent surge of ransomware attacks has shown a shift in tactics employed by threat actors looking to extort organizations. With an estimated 1 in 5 organizations likely to experience a ransomware incident, and EDR evasion tactics on the rise, a network centric approach has become essential to successful detection and response. Join this SANS Threat Hunting Solution session to explore how ransomware loitering allows security analysts to use network detection and response capabilities to discover malicious activity between initial compromise and encryption.
  • See Inside Containers with the Gigamon Cloud Suite Nov 16 2021 6:00 pm UTC 30 mins
    Baseer Balazadeh, Senior Technical Marketing Engineer - Cloud, Gigamon
    Container solutions continue to transform application environments and expand their reach in the network. IT teams are asked to be flexible and adaptable as the enterprise adopts new complexities, but also need to remain cautious about the security implications for the network. This replay of an ActualTech Media Ecocast is a must-see for anyone managing ad hoc, complex security deployments with containers. Learn how the Gigamon Cloud Suite helps you achieve visibility into all traffic across your hybrid cloud.
  • Your Cloud Workloads Are Fully Secure, Right? Nov 9 2021 6:00 pm UTC 1 min
    Bassam Khan, VP of Product and Technical Marketing Engineering - Gigamon
    You have all the cloud monitoring and security tools in place. Would you agree that it’s still difficult to:
    - Have complete visibility and eliminate blind spots, like hybrid cloud application activities and container communications, and discover and monitor unmanaged hosts/apps and IoT?
    - Provide comprehensive security, such as detect and respond to network-based threats, enumerate hosts on the hybrid cloud network, and support shared responsibility and Zero Trust frameworks, particularly as it relates to network traffic?
    - Detect unwanted activities, such as shadow IT, crypto-mining, and P2P and torrent traffic?
    - Comply with network-related compliance and SLOs, such as extending on-premises policies, controls, reports, and practice knowledge to cloud apps?

    Obviously, no security posture is 100% attack-proof. However, bringing the “network perspective” to hybrid-cloud workloads makes it easier to address the challenges above, and more.

    At this session we will dive into several use cases and we will demo the yet untapped advantage the network perspective brings to cyber defense.
  • Understanding TLS Decryption: Deploy Your Solution Nov 9 2021 5:00 pm UTC 42 mins
    Greg Maples, Consulting Security Architect at Gigamon
    The final webinar in our three-part Tech Talk series on TLS Decryption provides practical advice on how to seamlessly deploy a decryption solution to effectively combat malware threats from encrypted traffic.

    You’ll learn everything you need to know about implementation, including:
    • Planning
    • Validation
    • Integration
  • 'Sin vi victim parabellum' — Ransomware is war. Are you prepared? Nov 4 2021 6:00 pm UTC 60 mins
    Author Nick Shevelyov—CISO, Silicon Valley Bank + Edna Conway—CSRO, Azure, Microsoft + Yonesy Núñez—CISO, Jack Henry & Assoc.
    Join our distinguished panel of Cybersecurity executives as they discuss why ransomware, extortion, and other attacks are becoming more prevalent and how you can prepare to get ahead of the curve.

    The panel, moderated by Robert Rodriguez, Founder of SINET, will bring together industry leaders — Nick Shevelyov (CISO, Silicon Valley Bank and best-selling author of Cyber War…and Peace), Edna Conway (VP, Chief Security & Risk Officer, Azure, Microsoft) and Yonesy Núñez (CISO, Jack Henry & Assoc.) — to share insights and best practices that make will help you be better prepared for ransomware attacks. Stay to the end to get your burning questions answered.

    What you’ll learn:
    • Security best practices to stay secure and get complete network visibility
    • How to prepare for ransomware and cybersecurity attacks
    • The tools, models, and processes that successful companies implement

    EXCLUSIVE OFFER: 100 lucky registrants will receive a complimentary copy of Nick’s highly acclaimed book, Cyber War…and Peace, after the event.

    Robert Rodriguez — Founder of SINET

    Nick Shevelyov — CISO for Silicon Valley Bank and Author
    Edna Conway — VP, Chief Security & Risk Officer, Azure for Microsoft Corporation
    Yonesy Núñez, — CISO for Jack Henry & Associates, Inc.
  • Today's Ransomware and Your Network: Prescription for Stronger Defense Nov 2 2021 5:00 pm UTC 57 mins
    Bassam Khan, VP of Product Marketing - Gigamon + Larry Hammond, Sr Sales Engineer - Gigamon
    The recent surge of ransomware attacks has shown a shift in tactics employed by threat actors looking to extort organizations. Their methodology has changed from a quick, opportunistic attack to a prolonged and targeted approach. While this shift presents threat groups with the opportunity to encrypt more critical data, it also presents security teams with the opportunity to detect activity before data is encrypted.

    Join this webinar to explore how ransomware loitering allows security analysts to use network visibility, detection, and response to discover malicious activity between initial compromise and encryption. Our experts will cover:
    • How threat actors rely on your network, and how you can use network visibility to your advantage
    • The importance of inspecting encrypted traffic, the challenges of doing so, and the NSA's guidelines on addressing those challenges
    • How a new and innovative approach to network detection and response is transforming the SOC (Security Operations Center)
  • Understanding TLS Decryption: Design Your Solution Nov 2 2021 4:00 pm UTC 58 mins
    Ian Farquhar, Consulting Sales Engineer at Gigamon
    This Tech Talk webinar on designing a decryption solution to reduce malware threat is the second in a three-part series on TLS Decryption.

    You’ll learn how to create a solution that centrally decrypts encrypted traffic to eliminate blind spots, frees up tools capacity and complies with privacy needs, including:
    • Requirements
    • Architectures
    • Best practices
  • A SANS 2021 Survey: Threat Hunting in Uncertain Times Recorded: Oct 26 2021 63 mins
    Mathias Fuchs and Josh Lemon, SANS Sr. Instructors
    In the past year, businesses have been continually under pressure to increase efficiency and keep costs down in the lead-up to recovering while economic conditions are still evolving. This webcast explores the results of the SANS 2021 Threat Hunting Survey, which examined how businesses' cybersecurity defense teams are handling these changes and how organizations can defend against yet-to-be-discovered network threats.
  • Understanding TLS Decryption: Getting It Right Recorded: Oct 26 2021 58 mins
    Ollie Sheridan, Principal Sales Engineer at Gigamon
    This Tech Talk webinar on understanding how to get decryption right is the first in a three-part series on TLS Decryption.

    With increased malware threats using encryption, winning the battle against malware threats requires getting decryption right.
    In this technical webinar, Gigamon experts explain how to use TLS Decryption to thwart attacks by eliminating blind spots and reducing the attack surface.

    Tune in to learn how to attain North-South and East-West traffic visibility, including:
    • Drivers
    • Challenges
    • Approaches
  • See, Secure and Optimize your VMware-based Cloud Recorded: Oct 19 2021 62 mins
    John Gudmundson, Senior Product Marketing Manager - Gigamon
    Moving to hybrid cloud environments needn’t be labor intensive or overly complex. Attend to learn how VMware-based clouds with Gigamon next-generation visibility solutions enables application-level identification and filtering, with advanced metadata generation in a fully automated and virtualized NSX‑T environment. Organizations can reduce error-prone manual processes, enhance security tool effectiveness and maximize user experiences — including those scenarios involving vMotion and dynamic service insertion. You’ll also see two live demonstrations!
  • Reduce Tool Sprawl and Strengthen Security with New Traffic Analysis Tool Recorded: Oct 19 2021 47 mins
    Darshan Shah, Senior Marketing Manager at Gigamon
    Suffering from tools sprawl but still needing to buy more to address security, performance or tool overload?

    Register for this live webinar where Gigamon experts will demonstrate our set of new traffic analysis solutions to: 

    * Measure how much duplicate traffic is present in your network
    * Identify low-risk yet high-traffic-volume applications running in your network
    * Determine the percent of traffic that is encrypted


    You’ll learn how to precisely calculate the impact of Gigamon solutions to your tools and budget over the next 3-5 years.

    The first 25 attendees will receive a $25 gift card!
  • Hybrid-cloud survey results, and the value of network visibility Recorded: Oct 12 2021 39 mins
    Roy Illsley, Chief Analyst - OMDIA + Bassam Khan, VP of Product Marketing - Gigamon
    Today’s changing dynamic of business impacts both the business model and IT platform. With workloads moving to the cloud and new cloud-first apps being deployed at ever-increasing rates, IT operations and monitoring are being impacted and need to act quickly.

    In this webinar the following questions will be addressed:
    - What technologies are being adopted across IT organizations, both at the core and the edge?
    - How is IT increasingly leaning on observability to solve hybrid- and multi-cloud monitoring challenges?
    - How does the “network perspective” fill a crucial gap in visibility for hybrid infrastructure monitoring?
  • Improving Management and Protection of Cloud and Virtual Deployments Recorded: Oct 5 2021 28 mins
    Gordon Beith, Sr. Director of Product Marketing - Gigamon
    Virtualization remains at the forefront of the data center, and is extending into the cloud to enable true hybrid and multi-cloud environments. These environments are being augmented by new technologies, including containers, software-defined storage, networking, and other capabilities. Operations are looking for ways to optimize all aspects of their virtual environment.

    In this webinar, we will discuss:
    - Lessons about network traffic visibility in physical, on-prem networks
    - How cloud or virtualization changes visibility
    - Removing blind spots, reducing complexity, and minimizing costs
  • Ensuring Trust and Security in Enterprise IT and the Cloud Recorded: Sep 28 2021 27 mins
    Bassam Khan, VP of Product and Technical Marketing Engineering at Gigamon
    Your job – and we doubt you have any choice but to accept it! – is to leverage every tool in your arsenal to keep bad guys and even human error from dooming your data. Modern security is defense in depth and you need myriad tools to keep incidents at bay. Such tools may include privileged password protection, centralized and managed authentication with SSO, rock solid data protection for all of your cloud apps, interconnectivity with security baked in, and much, much more.
    - See how today's most innovative cloud security, storage, networking, data protection, and management solutions complete your security puzzle
    - Learn why privileged password management needs to be a key component in your information security strategy
  • [Ep.3] Shining a Light: Helping SOCs Move Away From Working In The Dark Recorded: Sep 23 2021 18 mins
    Bassam Khan - VP of Product and Technical Marketing and Jon Oltsik, Senior Analyst at ESG
    There is no denying that there is a SOC visibility gap issue. Although SIEMs and EDRs have increased many SOC/IR team's effectiveness in identifying active infections, visibility gaps remain. It’s challenging for SOCs to gain complete network visibility due to constantly changing hybrid infrastructure, remote and flexible location working and the ever-increasing amount of encrypted traffic. The result is that analysts are left in the dark when trying to identify all adversary activity across the MITRE ATT&CK framework.

    In episode 3 of Gigamon’s ‘How SOCs are Working Alone, Distracted and In The Dark - And What To Do About It’ series, Bassam Khan, VP of Product and Technical Marketing at Gigamon and Jon Oltsik, Senior Analyst at ESG discuss how SOCs can shine a light on visibility gaps and arm SOC analysts with accurate and rapid information to address threats.

    We invite you to join us for this short 20-min episode to learn:

    - Why 69% of SOC analysts cite lack of visibility into network traffic as the top reason for SOC ineffectiveness
    - Real-world challenges, such as alerts without context and correlating data across multiple tools
    - How to effectively identify cyber-adversaries across any network, device or traffic
    - And more

    Don’t miss all three webinars in the series!
  • The Imminent Impact of TLS 1.3 on Network Security Controls Recorded: Sep 21 2021 57 mins
    David Holmes, Sr Analyst, Forrester & Rami Rammaha, Sr Product Marketing Manager, Gigamon
    Hear guest speaker David Holmes talk about his recent Forrester research paper: “Maintaining Visibility in the TLS 1.3 Era.” Holmes will share how three internet protocols will soon be modified to enhance consumer and citizen privacy while having a detrimental effect when used in an enterprise.

    The coming changes, TLS 1.3, DNS-over-HTTPS and encrypted SNI, will mask or remove the metadata that both snoopers rely on (for nefarious tracking) and IT rely on (to protect the organization’s users). Holmes will share how quickly these changes are coming, and which security monitoring tools will be affected first.

    You’ll learn:
    • What changes are coming and how they impact network visibility
    • Which tools are at risk of going dark in the new world
    • How long architects have to turn the lights back on
    • How IT security can mitigate the impact of what’s coming
    • Where DNS security is headed

    David Holmes, Senior Analyst, Forrester
    Rami Rammaha, Senior Product Marketing Manager, Gigamon
  • Cloud Visibility, Monitoring and Security Recorded: Sep 21 2021 50 mins
    Gigamon Cloud Team
    Hybrid cloud environments are complex — and harder to secure.

    In this third webinar of a three-part series, Gigamon experts share insights on how to monitor and secure your new hybrid cloud network and datacenter.
    Plus, they offer insights on the importance of cloud visibility and how to achieve it across your network.

    Presented by:
    * Baseer Balazadeh, Senior Technical Marketing Engineer
    * Jim Mandelbaum, Field CTO
    * Guy White, Consulting Sales Engineer
    * LaFon Hamilton, Sales Engineer

    Sign up for the 2 other webinars of the series:
    * Cloud Strategy
    * Cloud Migration and Deployment

    + The first 25 attendees will receive a $50 Amazon gift card!
  • [Podcast] Ep. 3: Evolving Zero Trust Recorded: Sep 19 2021 25 mins
    Michael Valladao, Sr SE for Gigamon + Dr Chase Cunningham, CSO for Ericom Software
    We are so excited to have Zero Trust technical expert Chase Cunningham as our guest in this episode. Mike and Chase discuss a variety of topics around the origins of Zero Trust, important considerations around crafting your Zero Trust strategy, how the US Government has begin to invest in ZT and even a bit about Chase's children's books that teach our next generation about tech.

    0:50 —The Origins of Zero Trust and How it's Implemented
    6:56 —Zero Trust is Cloud Heavy
    8:43 —Paying attention to east/west traffic threats
    10:02 —Worst Practices in the Cloud
    12:08 —Moving from Cloud to Hybrid
    12:52 —Evangelizing ZT
    14:53 —Soft Skills for Implementing Zero Trust
    16:44 —Zero Trust and the Government
    20:55 —Children's books and teaching kids about ZT and IT
  • [Podcast] Ep. 2: Lessons Learned from Cloud Native Recorded: Sep 19 2021 31 mins
    Michael Valladao, Sr SE for Gigamon + Ben Stineman, VP Infrastructure & Security at Vinli Inc.
    In our second Episode, Mike is joined by Ben Stineman, Vice President of Infrastructure and Security at Vinli Incorporated.

    Ben will explain what it takes to start from scratch or migrate to Cloud Native. As a networking expert, he shares his personal experience at Vinli along with helpful tips you need to understand the ins-and-outs of Cloud Native.

    1:20 —How to become Cloud Native and the Twelve-Factor App
    4:53 —Cloud vs Bare Metal Study
    13:31 —Managing GDPR in the Cloud
    16:58 —Ben's journey to Cloud Native
    18:30 —Networking is still Networking
    22:22 —Lessons Learned from Cloud Native
    25:28 —Security for Cloud-Native
    27:38 —Ben flies drones in the Cloud(s)
  • [Podcast] Ep. 1: Visibility Strategies for Hybrid Cloud Environments Recorded: Sep 19 2021 29 mins
    Michael Valladao, Sr SE for Gigamon + Ethan Banks, Co-founder of Packet Pushers Interactive
    In our first episode, Mike is joined by Ethan Banks networking expert, podcaster, blogger, and co-founder of Packet Pushers Interactive.

    First, they will discuss what Hybrid Cloud means and then jump into a lively conversation about important considerations for cloud adoption, who's responsible for security, adopting new tech and processes, organizational changes, gotchas, and much more.

    0:39 —Defining Hybrid Cloud
    2:29 —Cloud happens when IT is doing other things!
    4:30 —Who is responsible for Cloud security?
    6:24 —The importance of Cloud visibility
    10:04 —Network switches and TAPs in the Cloud
    18:26 —Deploying Agents in the Cloud
Visibility into physical, virtual, and cloud environments
Gigamon provides active visibility into physical and virtual network traffic, enabling stronger security and superior performance. Gigamon’s Visibility Fabric and GigaSECURE, the industry’s first Security Delivery Platform, deliver advanced intelligence so that security, network and application performance management solutions in enterprise, government and service provider networks operate more efficiently and effectively.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Threat Detection in TLS: The Good, the Bad, and the Ugly
  • Live at: Dec 11 2018 6:00 pm
  • Presented by: Ian Farquhar, Distinguished Sales Engineer, Gigamon
  • From:
Your email has been sent.
or close