Got GIAC? Free GIAC Cert Attempt Included with OnDemand 5 or 6 Day Training thru July 7


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Investigate East-West Attack Activities to Defend Critical Assets: A SANS Review of ExtraHop Reveal(x)

  • Thursday, October 04, 2018 at 1:00 PM EDT (2018-10-04 17:00:00 UTC)
  • Dave Shackleford, Barbara Kay


  • ExtraHop

You can now attend the webcast using your mobile device!



Post-compromise attack activities inside East-West traffic can be difficult to detect due to telemetry, decryption and logging issues, along with the existence of organizational and data silos and ever-increasing traffic volume. Increased, real-time visibility into East-West traffic can reduce time to detection and containment and help identify systemic vulnerabilities. The purpose of this review was to evaluate the ExtraHop Reveal(x) product and its ability to support detection, investigation and response for these late-stage attack activities.

Reviewer Dave Shackleford puts ExtraHop Reveal(x) through its paces using a use case of an outside attacker who has compromised an internal system. The attacker is scanning the network, trying to gain access to a file share through brute force, pulling down data and exfiltrating that data. How does Reveal(x) perform in this scenario?

Attendees at this webcast will learn about the role of machine learning in detecting and responding to threats and see how ExtraHop Reveal(x) can:

  • Assist in investigating incidents
  • Provide proactive threat hunting
  • Help with security hygiene and compliance
  • Integrate with other tools

Register to be among the first to receive the associated whitepaper written by SANS Analyst and Instructor Dave Shackleford.

Speaker Bios

Dave Shackleford

Dave Shackleford, a SANS analyst, senior instructor, course author, GIAC technical director and member of the board of directors for the SANS Technology Institute, is the founder and principal consultant with Voodoo Security. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. A VMware vExpert, Dave has extensive experience designing and configuring secure virtualized infrastructures. He previously worked as chief security officer for Configuresoft and CTO for the Center for Internet Security. Dave currently helps lead the Atlanta chapter of the Cloud Security Alliance.

Barbara Kay

Barbara G. Kay, CISSP, is Senior Director of Security Product Marketing at ExtraHop. She focuses on the needs and opportunities for reinventing security operations and the Reveal(x) product line. Prior to ExtraHop, she led security operations market research and product marketing for McAfee and was responsible for the threat intelligence and analytics solutions, as well as the security information and event management (SIEM) Platform. She has also served as Director of Security and Privacy Marketing for Sun Microsystems. She is a frequent contributor to online publications and blogs and holds a BA from Dartmouth College.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.