Many companies leverage network monitoring to detect suspicious connections on their networks. With the push to encrypted network communications, visibility has been dropping, and options such as TLS decryption carry significant privacy, performance, and security downsides. In addition, the latest push toward remote working has removed many endpoints from network paths that are being monitored. Fortunately, a combination of endpoint tools and techniques originally invented for network monitoring can now allow us to do some effective monitoring, without compromising privacy, no matter where the asset is located!
In this session we'll explore:
● What JA3 'is and how it works
● How JA3 can be used to detect suspicious activity and categorize normal activity
● How Uptycs allows you to use JA3 on endpoints
● How Uptycs, with JA3 and YARA support, can help you perform remote incident response with ease