SANS Security West 2021 is right around the corner! Choose from over 30 interactive courses, plus Core & Cyber Defense NetWars.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Analyzing Malicious Behavior Effectively with ExtraHop Reveal(x)

  • Tuesday, December 08, 2020 at 2:00 PM EST (2020-12-08 19:00:00 UTC)
  • Dave Shackleford


  • ExtraHop

You can now attend the webcast using your mobile device!



In the past decade, the information security industry has learned a lot about what attackers do during campaigns against targets. While we dont always understand motivation behind the attacks, most attacker goals are focused on data access and exfiltration of sensitive data. Sophisticated attackers often use advanced malware-based espionage that can aggressively pursue and compromise specific targets. Once a compromise has occurred, attackers attempt to maintain a persistent presence within the victims network, escalate privileges, and move laterally within the victims network to extract sensitive information to locations under the attackers control.

Enterprise security teams have struggled to keep pace with attacker tactics and techniques, and many of the security tools weve relied on have not kept up with new methods of ingress, data access, and exfiltration, either. Security teams are facing pressure to detect attacks and respond to them more rapidly, which is difficult when trying to find evidence of lateral movement, reconnaissance, privilege escalation, and other stealthy behavior. Compounding this is a lack of critical skills in security operations, and were relying on busy, short-staffed teams to do more all the time. To enable more junior analysts to more readily and effectively contribute, the primary security detection and response platforms organizations use will need to be much more intuitive and capable.

ExtraHops Reveal(x) security analytics product, provides security analysts with a platform that can rapidly analyze huge quantities of data without acquiring full network packets. Join us in this webcast to learn from Dave Shackleford and his review of the ExtraHop Reveal(x) product. Being the third time reviewing this product, Dave will share his insights on the many enhancements and new features help intrusion analysis and investigation teams analyze malicious behavior in their environments even more rapidly and effectively.

Register today to be among the first to receive the associated product review written by SANS analyst, Dave Shackleford.

Speaker Bio

Dave Shackleford

Dave Shackleford, a SANS analyst, senior instructor, course author, GIAC technical director and member of the board of directors for the SANS Technology Institute, is the founder and principal consultant with Voodoo Security. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. A VMware vExpert, Dave has extensive experience designing and configuring secure virtualized infrastructures. He previously worked as chief security officer for Configuresoft and CTO for the Center for Internet Security. Dave currently helps lead the Atlanta chapter of the Cloud Security Alliance.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.