Train From Home with Top Cybersecurity Experts, Hands On Labs and 4 Months Access to Content - OnDemand


To attend this webcast, login to your SANS Account or create your Account.

The Power of Bro - and why you should include it in your security infrastructure

  • Tuesday, March 20th, 2018 at 8:00 AM EDT (12:00:00 UTC)
  • Matt Bromiley and Seth Hall
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.


  • Corelight

You can now attend the webcast using your mobile device!


Bro is the most powerful network visibility solution for information security professionals, but it remains a tool that is not widely understood in the enterprise market. This webinar will explain the power of Bro, where it fits in the security landscape, how it complements other security tools, and how it helps incident responders do their jobs more quickly and effectively.

Bro had early adoption in the defense, intelligence and other government agencies, as well as in research & education, but only recently has its use in the enterprise market expanded. Bro is very powerful but can be difficult to implement, use, and integrate. Today, as the threats facing enterprises get more sophisticated and destructive, and as networks get more complex and heterogeneous, the power of Bro's rich data has become vitally important.

Corelight was founded in 2015 by the creators and maintainers of Bro, including Vern Paxson who created it at Lawrence Berkeley National Lab in 1995, to provide an enterprise-class solution built on Bro for enterprise customers.

Speaker Bios

Matt Bromiley

Matt Bromiley is a SANS digital forensics and incident response (IR) instructor, teaching FOR508 Advanced Incident Response, Threat Hunting, and Digital Forensics and SANS FOR572 Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response. He is also an IR consultant at a global IR and forensic analysis company, combining experience in digital forensics, log analytics, and incident response and management. His skills include disk, database, memory and network forensics; incident management; threat intelligence and network security monitoring. Matt has worked with organizations of all shapes and sizes, from multinational conglomerates to small, regional shops. He is passionate about learning, teaching and working on open source tools.

Seth Hall

Seth Hall is a co-founder and Chief Evangelist at Corelight in addition to being a core team member on the Bro project. He is also a connoisseur of stories about how intruders were caught in the act and devising new mechanisms to catch even more intruders. In a past life he lived and breathed incident response in Higher-Ed at The Ohio State University.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.