Network Data: Powering

the Modern SOC

J a m i e M o l e s , S e n i o r S e c u r i t y S a l e s E n g i n e e r

Jamie Moles provides security consulting and advisory services to

ExtraHop customers and internal teams and loves playing with new

technologies on the block, in the security space.

After 30+ years in the IT industry, Jamie retains his passion for

breaking things, explaining how technologies work and showing cool

ideas and ways of solving problems to peers and customers.

DATA IS EATING THE WORLD.

Software is eating

the world.

—Marc Andreessen, 2011

—Jesse Rothstein, 2018

4.4ZB2013

0.13ZB2005

175ZB2025

43% CAGR33ZB

2018

IDC Data Age 2025, Nov 2018

Global IP Traffic

Exabytes/month

26% CAGRCisco VNI Global IP Traffic Forecast

2017-2022

396

319

254

201

156

122

2017 2018 2019 2020 2021 2022

WIRE DATA

Data

Va

lue

Time

Today30 Days Ago

Threat Hunting

Incident Response

D a t a Va l u e C h a n g e s O ve r T i m e F o r D i f f e r e n t U s e C a s e s

WIRE DATA• Instant• Empirical and Definitive• Complete Context

LOGS

AGENTS &

INSTRUMENTATION

Understand The Constraints Of Each Data Source

“Source: Young Cho, Sr. Industrial IOT Practitioner, Splunk

Find the ultimate truth in the

wire. Even the most granular logs

are not enough to be the truth.

“

MACHINE LEARNING HYPE IN 2018

The 100 startups on this list have raised

$3.8B in aggregate funding across 263

deals since 2012.

“The hype around data science and machine learning continues to defy gravity

and soar to ever-higher levels.”—Gartner, July 2018

Machine Learning is at

the peak of the Hype

Cycle.

AI IS HARD

Chihuahua

or Muffin?

Sheepdog

or Mop?

Parrot or

Guacamole?

Puppy

or Bagel?

Labradoodle or

Fried Chicken?

Sloth or

Pain Au Chocolat?

T h e G o a l s o f N T A

COMPLETE VISIBILITYHeadlines, “need to know” decryption, TLS 1.3

serve expanding exec and privacy requirements

REAL-TIME DETECTIONNew ML detections for escalation attacks,

ransomware, insider threats, prioritized

based on critical asset value

GUIDED INVESTIGATIONRicher context and integrations help

Tier 1 analysts perform like Tier 3 experts

P O S T C O M P R O M I S E A C T I V I T I E S H I D E I N E A S T - W E S T T R A F F I C

NetworkPrivilege

Escalation

Command and Control

MaliciousEncryption

ExploitationLateral

MovementData

Exfiltration

Recon

Unauthorized Access

NetworkPrivilege

Escalation

Command and Control

MaliciousEncryption

ExploitationLateral

MovementData

Exfiltration

Recon

Breach Detection & Response Insider Threat Detection Ransomware Defense

DETECT THREATS

IMPROVE POSTURE

SOC Productivity Red Team/Audit Findings Reduce Attack Surface

NEW TLS 1.3 STANDARD

• Faster handshakes

• No obsolete ciphers or hashes

• No compression or

renegotiation

1994 1998 2002 2006 2010 2014 2018

SSL 2.0TLS 1.3

SSL 3.0 TLS 1.0 TLS 1.1 TLS 1.2

Source: TLS 1.3 Adoption in the Enterprise, Enterprise Management Associates, 2019

TLS 1.3 ADOPTION

ENCRYPTION TRENDRECOMMENDED SOUL SEARCHING FOR YOUR SOC