Videos

Published on March 25th, 2019 📆 | 3652 Views ⚑

0

Alternative Network Visibility Strategies for an Encrypted World

iSpeech

Decryption is the obvious counter strategy, but not always the optimal one as it can degrade network performance, violate privacy and become an operational burden when it requires managing host agents, certificates and other related dependencies. And in some cases decryption is not technologically possible.

Fortunately, the open-source Zeek Network Security Monitor (formerly Bro) provides powerful visibility around encrypted streams and can generate a wealth of security insights without breaking and inspecting payloads. Zeek can reliably detect commonly-used encryption protocols wherever they occur, comprehensively parse its cryptographic characteristics, and illuminate unencrypted traffic related to an encrypted connection. Security analysts can use these insights to identify anomalies (e.g. rare and self-signed certs), detect suspicious activity (e.g. SSL/TLS running on non-standard ports), and uniquely fingerprint encrypted connections for whitelisting and blacklisting.

Watch this technical webcast to hear from Greg Bell, CEO of Corelight, and SANS Instructor Matt Bromiley about their front-line experience using Zeek to drive encrypted traffic insights and defend organizations and learn how you can apply their insights in your environment.

Corelight makes powerful network security monitoring (NSM) solutions that transform network traffic into rich logs, extracted files, and security insights, helping security teams achieve more effective incident response, threat hunting, and forensics. Corelight Sensors run on Zeek (formerly called “Bro”), the open-source NSM tool used by thousands of organizations worldwide. Corelight’s family of network sensors dramatically simplify the deployment and management of Zeek and expand its performance and capabilities. Corelight is based in San Francisco, California and its global customers include Fortune 500 companies, large government agencies, and major research universities.

source

Tagged with: alternative • Break and Inspect • Bro • Bro IDS • Bro Network Security Monitor • Certificate Management • certificates • corelight • decryption • Encrpytion • encrypted • Encrypted Traffic • HASSH • intrusion prevention system • ips monitor • JA3 • JA3S • Malicious Connection • malware • network • Network Forensics • Network Security Monitoring • Network Traffic Analysis • Network Visibility • NTA • privacy security and ethics • SANS • security operations center • SSH Traffic • SSL • strategies • Suspicious Traffic • Threat Hunting • TLS • TLS 1.3 • visibility • world • Zeek • zeek bro • Zeek Network Security Monitor