Register Now for Online Training and get a GIAC Cert Attempt Included or $350 Off

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

How Network Traffic Analytics Eliminates Darkspace for the SOC

  • Thursday, August 23rd, 2018 at 1:00 PM EDT (17:00:00 UTC)
  • Barbara Kay and Chris Crowley
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

Sponsor

  • ExtraHop

You can now attend the webcast using your mobile device!

Overview

The network doesnt lie. Thats one reason companies are increasingly turning to their network to simplify and speed up common SOC workflows. Network Traffic Analytics (NTA) specifically addresses key SOC challenges identified in the recent SANS SOC survey: Asset discovery and inventory, event correlation, and SOC/NOC integration.

The NTA category is relatively new and focuses on facilitating detection and response of post-compromise activity, including command and control, reconnaissance, lateral movement, and exfiltration. Organizations primarily use NTA to gain visibility into East-West traffic within the environment, though it can also heighten visibility of North-South traffic traversing the perimeter. NTA tools complement log data and endpoint instrumentation with an objective view of threat behavior on the network, and dramatically reduce the time to detect and respond to threats.

In this webcast, well cover:

  •    How your peers are using NTA technology to focus on what matters
  •    The impact of forward secrecy and TLS 1.3 encryption on network analysis
  •    How NTA can simplify CIS Critical Security Controls 1 and 2
  •    Boosting the productivity and expertise of junior analysts
  •    A live demo showing how ExtraHop Reveal(x) speeds key workflows

Speaker Bios

Barbara Kay

Barbara G. Kay, CISSP, is Senior Director of Security Product Marketing at ExtraHop. She focuses on the needs and opportunities for reinventing security operations and the Reveal(x) product line. Prior to ExtraHop, she led security operations market research and product marketing for McAfee and was responsible for the threat intelligence and analytics solutions, as well as the security information and event management (SIEM) Platform. She has also served as Director of Security and Privacy Marketing for Sun Microsystems. She is a frequent contributor to online publications and blogs and holds a BA from Dartmouth College.


Chris Crowley

Mr. Crowley has 15 years of industry experience managing and securing networks. He currently works as an independent consultant in the Washington, DC area. His work experience includes penetration testing, computer network defense, incident response, and forensic analysis.

Mr. Crowley is the course author for SANS Management 535 - Incident Response Team Management and holds the GSEC, GCIA, GCIH (gold), GCFA, GPEN, GREM, GMOB, and CISSP certifications. His teaching experience includes SEC401, SEC503, SEC504, SEC560, SEC575, SEC580, FOR585, and MGT535; Apache web server administration and configuration; and shell programming. He was awarded the SANS 2009 Local Mentor of the year award. "The Mentor of the Year Award is given to SANS Mentors who excel in leading SANS Mentor Training classes in their local communities."

"Chris really knew his stuff and presented ideas that made me change my mind on some policies and configs we employ ." - William Jeskey, Tarrant County College
"Chris was one of the best instructors I have ever had in any training environment in almost 24 years of service." - Anonymous

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.