With the rise in distributed workforces both SSH and RDP connections have proliferated as remote employees connect to sensitive internal environments and machines to do their job. Unfortunately, these remote-friendly protocols are also prime attack targets and once compromised give adversaries a clear path to move laterally, deploy ransomware, and more.

When decryption is not feasible security analysts must find a new approach to monitoring these connections for evidence of compromise and suspicious behaviors. This webcast will review SSH and RDP analysis techniques using open source Zeek as well as Corelights unique threat insight capabilities around these protocols.