Event Agenda | 10:00am - 12:30pm ET
|Timeline (EDT)||Session Details|
Welcome & Opening Remarks
Jason Jordaan, Principal Instructor, SANS Institute
How to Expand Network Visibility in an Encrypted World
Most network traffic is encrypted and TLS 1.3 and DNS-over-HTTPs have extended encryption’s reach even further. Where traffic decryption isn’t possible for cost, performance, and/or privacy reasons security teams must adapt to support network-based incident response and threat hunting. So how can you see in the dark? Attend this virtual talk to hear about alternative strategies for reclaiming visibility on your network that do not depend on break and inspect. You'll learn about relevant open source technology you can apply to this challenge as well as advanced techniques that infer encrypted traffic behaviors such as human keystrokes over SSH or RDP brute force attacks.
John Gamble, Sr. Director of Product Marketing, Corelight
Lessons Learned from Ransomware Incident Response.
Following the breadcrumbs of a malicious hacker and uncovering their digital footprint. This is a journey inside an ethical hacker's response to a ransomware incident that brought a business to a full stop, followed by the discovery of evidence to uncover their attack path and techniques used. In this session, we will cover a real-world incident response to a ransomware as a service (RaaS) variant: the incident response lessons learned, what went well and not so well. How mental health is critical for incident response and security teams. What techniques had been used to launch an attack and what we uncovered from digital footprints left at the scene.
Joseph Carson, Chief Security Scientist & Advisory CISO, Delinea
Fireside Chat with Jason Jordaan
Tom Roeh, Director of Systems Engineering - US Public Sector, ExtraHop Networks
Jason Jordaan, SANS Principal Instructor