03-11-2021 ACM Webcast: A Look at espy

Active Countermeasures Webcast


A Look at espy

The issues of a distributed workforce used to be handled by a relatively small number of organizations with a few traveling salespeople or work-from-homers. Now they exist in most technical organizations. Lately, even more organizations are implementing remote workforces or a mix between in-office and at-home work workers. It’s amazing to see just how many people can do their jobs from home if given the right tools and flexibility on how and when the job is done.

Unfortunately, this also means that network monitoring becomes impractical. There’s no single point where I can put a network sensor to see hundreds or thousands of employees’ network traffic and look for security issues. Even saying “let’s put a sensor in everyone’s home network” has significant privacy, performance, support, and cost issues.

If we are going to watch a relatively small number of company-owned systems, we want to avoid watching personal machines that are also on those home networks, and we want to keep the cost per site down. Let’s consider watching the network traffic right on the company laptops… and this is where espy comes in.

espy is a tool integrated into our product AC-Hunter, but it is also an open-source tool! Join Naomi Kramer in taking a look at how espy works, and how you can use it to protect your network.

Learn more about espy!

Download Slide Deck

Presented by: Naomi Kramer


  • 00:00​ – PreShow Banter™ — The Dark Side of the Web
  • 01:22​ – FEATURE PRESENTATION: A Look at Espy\
  • 03:08​ – What is Espy?
  • 04:36​ – Data Flow Visualization
  • 06:49​ – Zeek Logs
  • 16:10​ – DEMO – Logs
  • 18:27​ – Espy + AC Hunter
  • 19:17​ – DEMO – AC Hunter
  • 21:15​ – Questions and answers
  • 47:43​FREE Threat Hunt Training Schedule 
AC-Hunter Datasheet
AC-Hunter Personal Demo
What We’re up To