Investigate East-West Attack Activities to Defend Critical Assets: A SANS Review of ExtraHop Reveal(x)

  • Thursday, 04 Oct 2018 1:00PM EDT (04 Oct 2018 17:00 UTC)
  • Speakers: Dave Shackleford, Barbara Kay

Post-compromise attack activities inside East-West traffic can be difficult to detect due to telemetry, decryption and logging issues, along with the existence of organizational and data silos and ever-increasing traffic volume. Increased, real-time visibility into East-West traffic can reduce time to detection and containment and help identify systemic vulnerabilities. The purpose of this review was to evaluate the ExtraHop Reveal(x) product and its ability to support detection, investigation and response for these late-stage attack activities.

Reviewer Dave Shackleford puts ExtraHop Reveal(x) through its paces using a use case of an outside attacker who has compromised an internal system. The attacker is scanning the network, trying to gain access to a file share through brute force, pulling down data and exfiltrating that data. How does Reveal(x) perform in this scenario?

Attendees at this webcast will learn about the role of machine learning in detecting and responding to threats and see how ExtraHop Reveal(x) can:

  • Assist in investigating incidents
  • Provide proactive threat hunting
  • Help with security hygiene and compliance
  • Integrate with other tools

Register to be among the first to receive the associated whitepaper written by SANS Analyst and Instructor Dave Shackleford.