Two Days Left to Get an iPad Pro w/ Smart Keyboard, HP ProBook, or $350 Off with OnDemand and vLive Training!

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

(JA)3 Reasons to Rethink Your Encrypted Traffic Analysis Strategies

  • Wednesday, December 5th, 2018 at 3:30 PM EST (20:30:00 UTC)
  • Troy Kent and Dave Shackleford
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

Sponsor

  • Awake Security

You can now attend the webcast using your mobile device!

Overview

The network has a ground-truth property that is hard to replicate with other security data sources. So, for years the network has been a valuable source of insight that enabled effective detection and response. However, the network is becoming increasingly opaque as the definition of the network itself changes with cloud computing and as more of the data on the network is encrypted. This means security teams are losing visibility into this powerful data source, just as attackers use techniques like encryption to evade traditional detection methods. In this talk we will cover one aspect of this challenge: encryption on the wire. With the specific use case of identifying and profiling applications behind the encryption, we will discuss the current state of the art when it comes to encrypted traffic analysis. The talk will highlight some of the shortcomings in current approaches including fingerprint libraries like JA3. We will also dive deep into some strategies that are effective, yet not noisy for the security team. Finally, we will provide guidance on the capabilities your security stack needs in order to shine light into encrypted traffic on the wire.

Speaker Bios

Troy Kent

When Troy was 5 years old he used to open executable files in notepad and edit them. He thought he was programming. Now he opens them in IDA pro and thinks he's reverse engineering. His knack for pattern recognition and apparent fear of allowing puzzles to defeat him has led him to his passion of CyberSecurity. He has spent his career in SOCs as multiple Tiers of Analyst and an Investigator; working ticket queues, hunting for security incidents, rapidly prototyping new ideas into existence, working terrible hours and questioning career decisions. At Awake Security he is a Threat Researcher who uses his skills and knowledge to ensure that Awake empowers the analyst as much as possible. He loves what he does and hopes what he does ensures that others do too.


Dave Shackleford

Dave Shackleford, a SANS analyst, instructor, course author, GIAC technical director and member of the board of directors for the SANS Technology Institute, is the founder and principal consultant with Voodoo Security. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. A VMware vExpert, Dave has extensive experience designing and configuring secure virtualized infrastructures. He previously worked as chief security officer for Configuresoft and CTO for the Center for Internet Security. Dave currently helps lead the Atlanta chapter of the Cloud Security Alliance.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.