SANS CyberCast - SANS@Mic - How I Learned to Stop Worrying and Love TLS

  • Webcast Aired Wednesday, 18 Mar 2020 8:30PM EDT (19 Mar 2020 00:30 UTC)
  • Speaker: Dr. Johannes Ullrich

Encryption has been the security tool most disliked by security people charged with monitoring networks. While it hides secrets from attackers, it also hides malicious activity and exfiltrated secrets from network monitoring. While the fight against encryption may seem lost (or the fight to encrypt all data may seem won), there is more you can do than turn your IDS into a crypto coin miner. Think outside of the traditional IDS box, and before you despair, remember that it didn't do much for you anyway, but produce false positives. Networks change and so need your skills and approaches to finding evil. In this talk, you will learn about all the useful things you can do once you leave the superficial glamour of analyzing payloads behind and focus on the data that matters. Become one with your network and understand its needs and desires to identify the new evil your IDS never told you about.