Live Cyber Attack Lab #2

Attack of the Rogue Insider

Join our security engineers for a play-by-play of how rogue insiders access and smuggle out sensitive data...

And learn how you can detect, investigate, and stop those attacks without the headaches of using a SIEM alone.

Pick a Time That Works for You

Sessions also available in German, French, Spanish, Italian, and Dutch.

video play

Watch a Short Preview


Quick Overview

Watch an attack happen from the “other” side:

A rogue insider was paid to exfiltrate sensitive organizational data.

To remain undetected, he Kerberoasts his way into a service account; then rips through company filers for docs with indicating keywords.

For a clean getaway, he copies matching docs to his PC, encrypts them in a ZIP, and uploads it to an external Gmail.

  • 1 Where in the kill chain could you spot this attack?
  • 2 How would you detect this in your environment?
  • 3 When and how should you respond?
  • 4 How would you investigate the incident, and how long would it take?
Choose Your Session Time
Learn, step-by-step, how you can use Varonis to get fast and conclusive answers—without wasting hours stitching logs or running reports.
+1 CPE Credit
Earn an (ISC)² credit just for watching.
Authentic Attack
Simulation mirrors real attacks observed by our IR team.
Actionable Training
Learn how to respond without experiencing an attack yourself.
Replay Available
Can't make the live session? We'll email you the video after.

Sessions led by engineers who have definitely seen some things.

Matt Radolec
Security Analyst Manager Security Architecture & Incident Response

Matt Radolec and the Varonis Incident Response Team are called in to respond to HUNDREDS of new and nefarious attacks for clients and trial users every year.

From thwarting ransomware to catching rogue insiders red-handed, these world-class experts are trusted by the biggest brands on the planet to identify, investigate, and stop attacks before they become crisis situations.

Available Lab Times

The team is running 8 live sessions per week, webinar-style, on Zoom. After the attack simulation, you're invited to stick around for Q&A.

Sessions also available in German, French, Spanish, Italian, and Dutch.

Monday 3:00pm ET Tuesday 8:00am ET Tuesday 4:00pm ET Wednesday 10:00am ET Wednesday 11:00am ET Wednesday 4:00pm ET Thursday 8:00am ET Thursday 1:00pm ET

Some of what you’ll see...

  • How attackers use Kerberoast to harvest tickets (and why it works so well)
  • Two opportunities to spot a rogue insider before they even access the data
  • Why it’s virtually impossible for threat actors to “fake out” Varonis, even when they fool a SIEM
  • How to spot abnormal access behavior the minute it happens
  • Why attackers ZIP files to exfiltrate (and how to spot them anyways)
  • How automation can stomp out future insider threats before they cost you
  • How Varonis’ one-click context cards make real threats obvious and deep-dive investigations easy

You'll get a lot out of the lab, no matter how experienced your team or robust your security stack.

Pick a Time That Works for You