SANS 2021 features 30+ Interactive Courses, Three NetWars Tournaments, Trivia Night, and Bonus Talks. Save $150 thru Tomorrow!

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

Hunting in Network Telemetry

  • Monday, March 15, 2021 at 1:00 PM EDT (2021-03-15 17:00:00 UTC)
  • Chris Crowley, Chris Morales

Sponsor

  • Vectra Networks Inc.

You can now attend the webcast using your mobile device!

  

Overview

An extension of Chris' 2020 paper "20/20 Vision for Implementing a Security Operations Center" about technology deployment of the triad of host, network, and correlation capabilities; this webcast will outline how Vectra enables hunting within network telemetry data.

Hunting is looking at data available throughout the environment with the assumption that previously developed detection engineering has failed, yet compromise relevant data is present. Hunting is different from investigation as it does not begin with an indicator, rather it starts with a hypothesis. Hunting presumes latent, undiscovered compromise. With this in mind, we'll discuss how Vectra can be used to identify problematic systems based on unexpected or unauthorized network activity. Specifically, this webcast will focus on using the Vectra tool for initial discovery. (The next webcast in the series will be held April 28th and will cover discovering the scope of the intrusion after the discover of a compromise.)

Register today to be among the first to receive the associated spotlight paper written by security expert Chris Crowley!

Speaker Bios

Chris Crowley

Christopher Crowley is the course author for SANS Management 517 - Managing Security Operations and SANS Management 535 - Incident Response Team Management. Chris holds several industry certifications including the GSEC, GCIA, GCIH (gold), GCFA, GPEN, GMOB, GASF, GREM, GXPN, and CISSP. His teaching experience includes FOR585, MGT517, MGT535, SEC401, SEC503, SEC504, SEC560, SEC575, and SEC580; Apache web server administration and configuration; and shell programming. He was awarded the SANS 2009 Local Mentor of the year award. "The Mentor of the Year Award is given to SANS Mentors who excel in leading SANS Mentor Training classes in their local communities." Mr. Crowley spends his spare time mountain biking, rock climbing and savoring epicurean treats.


Chris Morales

Chris Morales is the Head of Security Analytics at Vectra, where he advises and designs incident response and threat management programs for Fortune 500 enterprise clients. He has nearly two decades of information security experience in an array of cybersecurity consulting, sales, and research roles. Christopher is a widely respected expert on cybersecurity issues and technologies and has researched, written and presented numerous information security architecture programs and processes.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.