It's easy to see why jobs in security are in such high demand these days. There is a huge shortage of cyber security professionals and because of this, we're seeing more and more IT professionals who are looking to build their skillset to make the switch over.
We chatted with our customer Carl Littrell from a large American health system in the East to learn about his recent transition from the network team to the security team and some of the ways he's been using ExtraHop.
Tell us about your current role and responsibilities?
As a network administrator, I used ExtraHop to monitor everything coming across our network. About a year ago when we made the purchase, I was in charge of spinning it up to see what it could do compared to some of our other tools. I knew it was a network monitoring solution but the level of visibility into the network that ExtraHop could provide was unlike anything I had ever seen before.
I used it to diagnose issues with voice traffic, look into endpoints that were having issues, and even detected an issue with Kerberos that we weren't able to see before. Any time I discovered something that affected our security, I'd share screenshots and any data I could pull with the team so we could address it.
As of this week though, I'll be moving over to the security team as a systems security engineer.
What prompted your move over to security?
In the network administrator role, I'd often use ExtraHop to detect and manage issues that were security-related. But I actually went to school for Network Security and Forensics.
I wanted to start out on the network side to learn about the fundamentals and gain experience in day-to-day operations. I knew that if I wanted to be good at security, I'd need to have that foundation. Frankly, that should be true for any world-class security program.
What were some of those security issues?
Primarily, we used ExtraHop to monitor ransomware threats. I'd update our ransomware list daily with new extensions based on the latest information that's available from reliable sources so we're protected from new variants as quickly as possible. With ExtraHop's machine learning, we found the Kerberos ticketing errors due to a legacy domain that we were moving away from.
Our Service team also uses ExtraHop to monitor Active Directory. When they get alerted that a user is locked out of an application or device, they can go in and reset the password proactively to fix the problem before the user actually calls.
Will you be using ExtraHop in your new role?
We're doing a POC of ExtraHop's machine learning solution right now and it's already proven value. That was how we found the Kerberos problem. I definitely think it's something my team can leverage to detect and investigate anomalies. We're not a huge team either so using machine learning to automate anomaly detection could really help us cover more ground.
What would you tell your peers about ExtraHop?
There are a lot of use cases you can use the platform for. I'm planning to share it with others on the security team and bring it to the director so they can sit down and play with it to see how useful it can be in their roles too.
This is a companion discussion topic for the original entry at https://www.extrahop.com/company/blog/2018/why-infosec-needs-the-network/