NEW SANS Stay Sharp Training - Live Online: Quickly sharpen your skills with 2-day management courses. Save 25% thru tomorrow!


To attend this webcast, login to your SANS Account or create your Account.

Network Security Monitoring vs Encryption

  • Monday, September 21, 2020 at 3:30 PM EDT (2020-09-21 19:30:00 UTC)
  • Richard Bejtlich


  • Corelight

You can now attend the webcast using your mobile device!



Security teams want to understand their networks. Many fear that encryption will interfere with that goal. This presentation will examine how network security monitoring can adapt to serve security teams. Examples of logs from Corelight sensors and open source Zeek software will highlight JA3, HASSH, and more to characterize encrypted conversations. Learn how to make the network work for you!

Speaker Bio

Richard Bejtlich

Richard Bejtlich is an author and Principal Security Strategist at Corelight. He was previously Chief Security Strategist at FireEye, and Mandiant's Chief Security Officer when FireEye acquired Mandiant in 2013. At General Electric, as Director of Incident Response, he built and led the 40-member GE Computer Incident Response Team (GE-CIRT). Richard began his digital security career as a military intelligence officer in 1997 at the Air Force Computer Emergency Response Team (AFCERT), Air Force Information Warfare Center (AFIWC), and Air Intelligence Agency (AIA). Richard is a graduate of Harvard University and the United States Air Force Academy. He has authored, co-authored, and contributed to over a dozen books (listed at He also writes for his blog ( and Twitter (@taosecurity).

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.