Final Week to get an iPad Pro or Surface Pro with Online Training!

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

Enhance Your Investigations with Network Data

  • Thursday, October 26th, 2017 at 1:00 PM EDT (17:00:00 UTC)
  • Matt Bromiley and Brian Ford
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

Sponsor

  • Cisco Systems

You can now attend the webcast using your mobile device!

Overview

As the use of digital forensics continues to grow, with new artifacts providing insight into attacker activity inside and outside of the enterprise network, incident response teams are working to detect and respond to data breaches faster--turning yesterday's investigations into tomorrow's indicators. But many enterprise teams still examine just half the evidence. By focusing on host-based indicators and signatures, many teams miss the one place where the attacker must go: the network!

Network forensics is its own specialized field that often introduces complex protocols, jargon, and analysis techniques that are potentially confusing to practitioners. But particular artifacts can be leveraged to determine the attack sequence and to offer a more complete picture of the breach.

This webcast will examine the power of network forensics and why it should be incorporated into all incident response investigations. Attendees will learn about two types of network artifacts: NetFlow and packet trace files (PCAPs) and the pros and cons of each. Register now and learn how to bolster your investigation efforts by combining both data sets to help guide your incident response teams and to be the first to get the new paper on this topic.

View the associated webcast here.

Speaker Bios

Matt Bromiley

Matt Bromiley, is a SANS Digital Forensics and Incident Response instructor and a GIAC Advisory Board member. He is also a senior managing consultant at a major incident response and forensic analysis company, bringing together experience in digital forensics, incident response/triage and log analytics. His skills include disk, database, memory and network forensics, as well as network security monitoring. Matt has worked with clients of all types and sizes, from multinational conglomerates to small, regional shops. He is passionate about learning, teaching and working on open source tools.


Brian Ford

Brian Patrick Ford is a technical marketing engineer in advanced threat technical marketing, part of the Security Business Group (SBG) of Cisco Systems. In this role, he works with product management, engineering, and technical sales staff and executives from both Cisco and customer organizations to create synergistic data analytics solutions to address network and Internet security problems.

Brian Ford was previously senior solutions architect for Lancope, the makers of StealthWatch, an industry-leading context-aware security analytics solution. He rejoined Cisco with the acquisition of Lancope in January 2016.

Prior to joining Lancope, Brian was senior consulting engineer in the Research and Advanced Development Group of Cisco Systems. Brian actively participated in the development of Cisco security solutions and products. His research areas included security management (PDM and ASDM), access control (NAC), anomaly detection and mitigation (Cyber Threat Defense), security information sharing (threat intel and feeds), and security analytics.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.