SANS Cyber Defense Initiative® 2020 Live Online: 30+ Interactive Courses | Virtual NetWars Tournaments. Save $300 thru 11/18


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Sorry, the slides for this webcast are not available for download.

Network Security Monitoring vs Encryption

  • Monday, September 21, 2020 at 3:30 PM EDT (2020-09-21 19:30:00 UTC)
  • Richard Bejtlich


  • Corelight

You can now attend the webcast using your mobile device!



Security teams want to understand their networks. Many fear that encryption will interfere with that goal. This presentation will examine how network security monitoring can adapt to serve security teams. Examples of logs from Corelight sensors and open source Zeek software will highlight JA3, HASSH, and more to characterize encrypted conversations. Learn how to make the network work for you!

Speaker Bio

Richard Bejtlich

Richard Bejtlich is an author and Principal Security Strategist at Corelight. He was previously Chief Security Strategist at FireEye, and Mandiant's Chief Security Officer when FireEye acquired Mandiant in 2013. At General Electric, as Director of Incident Response, he built and led the 40-member GE Computer Incident Response Team (GE-CIRT). Richard began his digital security career as a military intelligence officer in 1997 at the Air Force Computer Emergency Response Team (AFCERT), Air Force Information Warfare Center (AFIWC), and Air Intelligence Agency (AIA). Richard is a graduate of Harvard University and the United States Air Force Academy. He has authored, co-authored, and contributed to over a dozen books (listed at He also writes for his blog ( and Twitter (@taosecurity).

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.