OnDemand Training - Best Special Offers of the Year Ending Soon - Learn More


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Securing the Remote Workforce without VPNs: Uptycs and JA3

  • Thursday, July 16, 2020 at 1:00 PM EDT (2020-07-16 17:00:00 UTC)
  • Guillaume Ross, Dave Shackleford


  • Uptycs

You can now attend the webcast using your mobile device!



Many companies leverage network monitoring to detect suspicious connections on their networks. With the push to encrypted network communications, visibility has been dropping, and options such as TLS decryption carry significant privacy, performance, and security downsides. In addition, the latest push toward remote working has removed many endpoints from network paths that are being monitored. Fortunately, a combination of endpoint tools and techniques originally invented for network monitoring can now allow us to do some effective monitoring, without compromising privacy, no matter where the asset is located!

In this session well explore:

● What JA3 is and how it works

● How JA3 can be used to detect suspicious activity and categorize normal activity

● How Uptycs allows you to use JA3 on endpoints

● How Uptycs, with JA3 and YARA support, can help you perform remote incident response with ease

Speaker Bios

Guillaume Ross

Guillaume is a Principal Product Manager at Uptycs, where he works on making the best security analytics tools for practitioners. As someone who has worked as a defender and manager of blue-teams for many years, he knows what is needed to build a good security program. Guillaume is also a trainer for Pluralsight, producing training materials on network and endpoint security, and really enjoys leveraging open source security tools and guidance from the community to deliver cost effective, actually useful security solutions.

Dave Shackleford

Dave Shackleford, a SANS analyst, instructor, course author, GIAC technical director and member of the board of directors for the SANS Technology Institute, is the founder and principal consultant with Voodoo Security. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. A VMware vExpert, Dave has extensive experience designing and configuring secure virtualized infrastructures. He previously worked as chief security officer for Configuresoft and CTO for the Center for Internet Security. Dave currently helps lead the Atlanta chapter of the Cloud Security Alliance.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.