Active Countermeasures Webcast
03-11-2021
A Look at espy
The issues of a distributed workforce used to be handled by a relatively small number of organizations with a few traveling salespeople or work-from-homers. Now they exist in most technical organizations. Lately, even more organizations are implementing remote workforces or a mix between in-office and at-home work workers. It’s amazing to see just how many people can do their jobs from home if given the right tools and flexibility on how and when the job is done.
Unfortunately, this also means that network monitoring becomes impractical. There’s no single point where I can put a network sensor to see hundreds or thousands of employees’ network traffic and look for security issues. Even saying “let’s put a sensor in everyone’s home network” has significant privacy, performance, support, and cost issues.
If we are going to watch a relatively small number of company-owned systems, we want to avoid watching personal machines that are also on those home networks, and we want to keep the cost per site down. Let’s consider watching the network traffic right on the company laptops… and this is where espy comes in.
espy is a tool integrated into our product AC-Hunter, but it is also an open-source tool! Join Naomi Kramer in taking a look at how espy works, and how you can use it to protect your network.
Presented by: Naomi Kramer
Timeline:
- 00:00 – PreShow Banter™ — The Dark Side of the Web
- 01:22 – FEATURE PRESENTATION: A Look at Espy\
- 03:08 – What is Espy?
- 04:36 – Data Flow Visualization
- 06:49 – Zeek Logs
- 16:10 – DEMO – Logs
- 18:27 – Espy + AC Hunter
- 19:17 – DEMO – AC Hunter
- 21:15 – Questions and answers
- 47:43 – FREE Threat Hunt Training Schedule