Hunting in Network Telemetry

  • Monday, 15 Mar 2021 1:00PM EDT (15 Mar 2021 17:00 UTC)
  • Speakers: Chris Crowley, Dale OGrady

An extension of Chris' 2020 paper \20/20 Vision for Implementing a Security Operations Center" about technology deployment of the triad of host, network, and correlation capabilities; this webcast will outline how Vectra enables hunting within network telemetry data.

Hunting is looking at data available throughout the environment with the assumption that previously developed detection engineering has failed, yet compromise relevant data is present. Hunting is different from investigation as it does not begin with an indicator, rather it starts with a hypothesis. Hunting presumes latent, undiscovered compromise. With this in mind, we'll discuss how Vectra can be used to identify problematic systems based on unexpected or unauthorized network activity. Specifically, this webcast will focus on using the Vectra tool for initial discovery. (The next webcast in the series will be held April 28th and will cover discovering the scope of the intrusion after the discover of a compromise.)

Register today to be among the first to receive the associated spotlight paper written by security expert Chris Crowley!