Catching SSH and RDP attacks without decryption

  • Thursday, 24 Jun 2021 1:00PM EDT (24 Jun 2021 17:00 UTC)
  • Speaker: John Gamble

With the rise in distributed workforces both SSH and RDP connections have proliferated as remote employees connect to sensitive internal environments and machines to do their job. Unfortunately, these remote-friendly protocols are also prime attack targets and once compromised give adversaries a clear path to move laterally, deploy ransomware, and more.

When decryption is not feasible security analysts must find a new approach to monitoring these connections for evidence of compromise and suspicious behaviors. This webcast will review SSH and RDP analysis techniques using open source Zeek as well as Corelight's unique threat insight capabilities around these protocols.