SANS Institute

Vendor Reception

- Tuesday, October 3rd: 5:00pm - 7:00pm

Throughout NS2006 vendors will be hosting a number of events including presentations, a two-day vendor solutions expo, and various receptions. Experience the latest in network security tools, meet industry leaders, and share your thoughts on developments you would like to see in the pipeline.

Vendor Expo

- Monday, October 2nd: 12:00pm - 1:30pm; 5:00pm - 7:30pm
- Tuesday, October 3rd: 12:00pm - 1:30pm; 5:00pm - 7:00pm

All attendees are invited to meet with leading providers of firewalls, intrusion detection/ prevention systems and enterprise security management who will be demonstrating their latest solutions. The NS2006 Vendor Expo showcases product offerings from key technology providers in the commercial tools and services market. Vendors arrive prepared to interact with SANS technically savvy audience, presenting technical demonstrations and explanations. It's about having your questions answered! For a list of exhibiting vendors see: www.sans.org/ns2006/vendorexpo.php.

SurfControl Lunch & Learn Presentation

- Sunday, October 1st: 12:30pm - 1:15pm
- Spyware and Keylogging: The Defense-in-Depth Approach
- John Prindle, Regional Director, Southwest

Internet threats continue to blend and evolve in complexity. To protect your organization from the likes of spam, spyware, trojans, pod slurping and the next big scourge, SurfControl classifies threats into four severity categories, ranging from the mildly innocuous to the extremely detrimental, not only to your organization's security, but to the bottom-line.

John Prindle has 20 years of experience selling software, equipment and consulting services to the Global 2000. John has spent the last 7 years selling complex security solutions to technical staffs and "C" Levels. Thorough understanding of complex networks and a technical understanding of TCP/IP, SMTP and security best practices.

Nokia Lunch & Learn Presentation

- Sunday, October 1st: 12:30pm - 1:15pm
- Roman II
- Security Investment Considerations - Can Your Decisions Today Keep Pace?
- Ashok Madanahalli, Director, Product Management

Ashok will provide an overview on the state of the Security Market and discuss in-depth about technology issues impacting the security industry. Top amongst the issues discussed will be impacts of changing nature of the internet traffic on the needs for security devices. Having detailed and granular visibility into network traffic is paramount to effectively enforcing correct policy enforcement. Ashok will further discuss the need to evaluate performance issues tied to security appliances in lieu of the changing internet traffic and need to accommodate newer applications such as VoIP and Mobility.

Ashok has had over 20+ years of experience in Data Communication and Telecommunication Industry with a range of experience managing multi-million dollar switching, routing & appliance program. He has worked for companies such as Fore System, Extreme Networks, & at MRO-Tek as VP of Marketing.

Secure Computing Lunch & Learn Presentation

- Wednesday, October 4th: 12:30pm - 1:15pm
- On the Frontlines in the War Against Online Transnational Organized Crime
- Dmitri Alperovitch, Principal Research Engineer

Phishing, worms, pharming, spam, botnets - the attacks are different and constantly evolving but their cause remains the same: emergence of international and transnational, extremely technically competent, and hierarchically organized online criminal enterprises with secure underground economies for sale and exchange of skills and services that help facilitate their criminal activities.

Dmitri Alperovitch serves as Principal Research Engineer for Secure Computing, the global market leader in messaging security. As one of Secure Computing's leading researchers, he manages Secure Computing's Global Research team. Alperovitch received a Masters degree in Information Security from the Georgia Institute of Technology, graduating magna cum laude in 2003.

Core Security Lunch & Learn Presentation

- Wednesday, October 4th: 12:30pm - 1:15pm
- Efficient Vulnerability Management with CORE IMPACT
- Alex Horan, Systems Engineering Manager

This talk will be an opportunity for attendees to see a live demonstration of automated penetration-testing. In just minutes attendees will see CORE IMPACT safely exploit vulnerabilities in a target network, replicating the kinds of access an intruder could achieve, and proving actual paths of attacks that must be eliminated.

Alexander Horan is a Product Specialist for Core Security Technologies, providing training and customer support for CORE IMPACT's user base. Mr. Horan has over eight years of experience working with both software and hardware based security tools. He brings a deep knowledge and understanding of vulnerability assessment and penetration testing, systems administration, network administration, network audits, operations, customer support, technical sales, project management, network and systems design and IT management to his work at Core. Prior to working with Core, he was a Senior Consultant with Aspelle Inc. and a Novell Administrator for JP Morgan.

LogLogic Lunch & Learn Presentation

- Wednesday, October 4th: 12:30pm - 1:15pm
- No Log Left Behind: Critical Considerations In Building & Deploying A Global Log Management Solution
- Anton Chuvakin, Ph.D.,GCIA, GCIH, GCFA, LogLogic Director of Product Management

Good security starts with log intelligence. From compliance to information protection, IT is adopting a new set of practices and policies to manage log data. But what factors make for a good strategy? Should you build, buy, or outsource? What about best practices ? What about ROI? This presentation covers key issues encountered when centralizing log data across the global enterprise.

Dr Anton Chuvakin, GCIA, GCIH, GCFA is a recognized security expert and author. He is an author and contributor of several books including "Security Warrior" "Know Your Enemy II", "Information Security Management Handbook" and "Hacker's Challenge 3". Chuvakin has published numerous papers on security issues. He participates in various security industry initiatives and standards organizations.

Q1 Labs Lunch & Learn Presentation

- Wednesday, October 4th: 12:30pm - 1:15pm
- SIM's First Week on the Job: Training Intelligent Event Correlation Systems to Know Which Alerts Matter
- Craig Chamberlain, Principal Security Consultant

Effective, efficient, and robust: vendors often define the capabilities of their SIM solution this way. Yet without proper tuning the solution most often consumes more time than the problem it was deployed to solve. Intelligent tuning techniques can transform a SIM into your most accurate source of security information. Learn what the three most powerful techniques are and how to implement them.

Craig Chamberlain is a Principal Security Consultant at Q1 Labs. Previously, he consulted at a variety of companies around the world on projects in event correlation, network vulnerability modeling and attack simulation, immunization against malicious code, phishing countermeasures, insider threat detection and prevention, service hardening, intrusion and extrusion detection / prevention, penetration testing, web application security and mandatory policy enforcement. Craig has sixteen years of experience in information technology and host / network security. He trained in security tradecraft while working at MIT and his industry experience includes banking, insurance, consulting, software, higher education, and manufacturing. Certifications are: CEH Certified Ethical Hacker, GHTQ GIAC Cutting Edge Hacking Techniques, SSCP Systems Security Certified Professional (ISC2). Publications are available at http://www.craigchamberlain.com

TriGeo Lunch & Learn Presentation

- Wednesday, October 4th: 12:30pm - 1:15pm
- Using SIEM Technology to Defend Against Network Attacks and Insider Abuse
- Jamie Winterset, Director of Sales

In this live presentation you'll see how SIEM technology can leverage its enterprise-wide perspective to capture, correlate and respond to business threats. You'll see the SIEM technology's real-time response to policy violations, insider threats, network attacks, virus attacks, unauthorized application usage, inappropriate web browsing and USB mass storage devices.

Jamie Winterset is a Director of TriGeo Network Security where he works with an award-winning team of engineers and researchers working on the cutting edge of real-time network security analysis, event correlation and active response. His career spans twenty five years of working for companies that excel in technology research, design and development.

Net Optics Hands-On TAPS Workshop

- Wednesday, October 4th: 5:30pm - 6:45pm
- Dennis Carpio, Director of Product Development

Net Optics Learning Center presents a short overview of Test Access Point (TAP) technology and its place in the network. Immediately following will be an extended hands-on demonstration of a variety of innovative Net Optics Taps at work in a simulated network. Light refreshments will be provided.

Dennis Carpio heads Product Development at Net Optics. One of the earliest members of the team, Dennis is an expert on all Net Optics products. Dennis works directly with key customers and partners on education of passive network access for secure monitoring solutions, as well as identifying future technical advances.

Breach Security Lunch & Learn Presentation

- Thursday, October 5th: 12:30pm - 1:15pm
- Protecting Web Applications: Why Network security missed the boat.
- Kevin Overcash, Vice President, Product Management

Web applications are used to conduct business with customers and partners and manage core business processes. Protecting these applications from attack requires different techniques than those offered by network security solutions. Learn about common techniques used to attack Web applications and why these attacks are not prevented by network security.

Overcash, an Internet security expert, has more than 20 years of expertise in all aspects of product management and leadership. Prior to Breach, Overcash was vice president of product management for SPI Dynamics. He also has held Product Manager positions at Internet Security Systems, T-Tech, Inc. and Information Management, Inc.

Fiberlink Communications Lunch & Learn Presentation

- Thursday, October 5th: 12:30pm - 1:15pm
- Hacking the Mobile Workforce
- Daniel V. Hoffman, CISSP, CWNA, CEH, Senior Systems Engineer

End-users are increasingly working from Airports, Coffee shops, etc. This mobility exponentially increases the security risks to Enterprise computer systems and requires Enterprises to instill fundamental changes in security strategy. This session will show live hacks against mobile laptops and detail the steps Enterprises need to take to prevent them.

Dan possesses over 12 years of hands-on remote access security knowledge and expertise. Whether as a member of the U.S. Coast Guard, Director of I.S. or Sr. Engineer with Fiberlink, Dan focuses on preventative measures and utilizes his vast experience to bring reality and education to his well-known hacking demonstrations.

GreenBorder Lunch & Learn Presentation

- Thursday, October 5th: 12:30pm - 1:15pm
- The New Generation of Web Security: Go Anywhere, Do Anything -- in Total Privacy & Safety
- Jim Fulton, VP Marketing, GreenBorder Technologies

Come and see how GreenBorder keeps you safe whenever you use the Internet by making your PCs and files INVISIBLE to any Web threat you may encounter online -- whether from malicious code or hackers. With GreenBorder you can literally go anywhere, click any link, and download any file, even watch videos and play music without putting your PC or data at risk. It even secures personal information you enter online from spying. Its unique approach doesn't use signatures or behaviors, so it never needs updates and even protects against undetectable, un-removable threats.

Jim Fulton has over 20 years of experience in the development and marketing of enterprise security, networking and application infrastructure software. He's held software engineering positions in multiple organizations and was one of the original developers of the industry-standard X Window System used by UNIX, Linux and related products to this day.

Mu Security Lunch & Learn Presentation

- Thursday, October 5th: 12:30pm - 1:15pm
- Robert Geiger, Vice President of Engineering

End users and product developers use Security Analyzers for creating & automating security readiness metrics for networked hardware or software product. Mu Security will discuss Security Analyzer usage scenarios including product quality, configuration validation, comparative security analysis and threat assessment to identify and expedite remediation of vulnerabilities before malicious exploits.

Robert Geiger is the VP of Engineering at Mu Security. He was previously Senior Engineering Director at Symantec Corp and Recourse Technologies, and an Engineer at Motorola Labs. He holds several U.S. patents and has a Masters of EE degree from the University of Illinois, Urbana.

Rippletech Lunch & Learn Presentation

- Thursday, October 5th: 12:30pm - 1:15pm
- Safeguarding Confidential Data with Network-based Database Logging
- Mehlam Shakir, Chief Technology Officer, RippleTech Inc.

Learn how to safeguard confidential data from external attacks and internal abuse. Attendees will hear real-world use cases and see a live demonstration of how RippleTech.s Informant anchors a comprehensive database security and compliance environment. With Informant, you will see how confidential data is protected without impacting performance or personnel resources.

Mehlam Shakir, RippleTech.s CTO, has over fourteen years of experience in software development and management, with extensive experience in information security and database technologies. Previously, Mel spent six years managing a database practice at a major Wall-Street investment bank. He is the mastermind behind RippleTech.s Informant software solution.

Sourcefire Cocktail Brief

- Thursday, October 5th: 5:30pm - 6:45pm
- Snort® - Its Past, Present, and Future Value
- Martin Roesch, Founder and CTO of Sourcefire

Martin Roesch, Founder and CTO of Sourcefire, Creator of Snort With over 3 million downloads, Snort is the most widely deployed intrusion detection and prevention technology in the world and is de facto standard for the industry. Join Martin Roesch as he discusses why Snort is so appealing and why it will continue to be so.

Martin Roesch founded Sourcefire in 2001 and serves as its CTO. An authority on intrusion prevention technology and forensics, he is responsible for the technical direction and product development efforts. Martin is also the author and lead architect of the Snort Intrusion Prevention System that forms the foundation for the Sourcefire 3D System.

Internet Security Systems (ISS) Lunch & Learn Presentation

- Thursday, October 5th: 12:30pm - 1:15pm
- OpenSignature: Leveraging Best of Breed Proventia IPS Capabilities with SNORT rules.
- Jim Brennan, Product Marketing Manager

The OpenSignature feature uses a flexible rules language that allows you to write customized, pattern-matching signatures for use within ISS Proventia IPS products. This feature gives you the ability to:

• Detect improper use of custom applications
• Guard against threats unique to your environment
• Leverage the open source security community to add an additional layer of protection to your network

Jim Brennan serves as Product Marketing Manager for Internet Security Systems, Inc. (ISS). With over nine years of engineering, product management, and marketing experience at leading software and technology companies, Brennan is responsible for positioning ISS. Proventia Network Intrusion Prevention System for market success. Prior to joining Internet Security Systems, Brennan held engineering positions at Thoughtmill Corporation, EMS Technologies and the Department of Defense. Brennan holds a bachelor.s degree in mechanical engineering from Georgia Tech and is currently pursuing an MBA from Emory University.

Sourcefire Lunch & Learn Presentation

- Thursday, October 6th: 12:30pm - 1:15pm
- One-Click Compliance Enforcement: Is It Really That Easy?
- Martin Roesch, Founder and CTO of Sourcefire

Martin Roesch, Founder and CTO of Sourcefire, Creator of Snort More and more, auditors want to see compliance on a continuous basis to be assured of continuous network security. Join Martin Roesch as he discusses how it is possible to define and set network compliance policies with the click of a mouse and get immediate notification of any policy violation.

Martin Roesch founded Sourcefire in 2001 and serves as its CTO. An authority on intrusion prevention technology and forensics, he is responsible for the technical direction and product development efforts. Martin is also the author and lead architect of the Snort Intrusion Prevention System that forms the foundation for the Sourcefire 3D System.

TREND Micro Lunch and Learn Presentation

- Friday, October 6th: 12:30pm - 1:15pm
- Who Owns Your Computers: Understanding and Attacking the Bot Problem
- Jerry Scharf, Senior Architect for interCloud Security Service - ICSS

Malware has changed dramatically. The bad people no longer want to break a machine, they want to own it. Meet the bold underground economy with billions of dollars flowing based on exploited machines. Learn some lessons, understand law enforcement, and examine a new tool for attacking the problem.

Jerry Scharf has 30 years background in computers, networks and security. He has been involved with the Internet over 20 years and was at NASA when the Morris worm hit. He has done security consulting, large network design, worked with several equipment vendors and was part of the IETF.

SenSage Lunch & Learn Presentation

- Friday, October 6th: 12:30pm - 1:15pm
- Challenges of Event Log Management and Analysis in a Complex Enterprise
- James Hansen, Sr. Technical Product Manager & Kevin Hanrahan, Executive Director and Senior Security Systems Architect

Join SenSage for this informative Lunch & Learn session that will introduce some of the key challenges and solutions in creating a unified log management system. Particular emphasis will be placed on the following:

• data acquisition
• log parsing
• normalization stategies and techniques
• methods of correlation.

James Hansen is a security professional with almost 10 years of security relevant enterprise software deployment and management experience. He is currently the Sr. Technical Product Manager for SenSage and is responsible for the direction and growth of the SenSage product suite.

As Executive Director and Senior Security Systems Architect, Kevin Hanrahan directs the engineering and development of security analytics applications. An established industry expert in the information security field, brings considerable experience and success in designing and developing breakthrough software products and security solutions.

LURHQ Lunch & Learn Presentation

- Saturday, October 7th: 12:30pm - 1:15pm
- Malware Attribution
- Joe Stewart, Senior Security Researcher

We see new malware released on the Internet every day, but who are the elusive authors of these threats? In this presentation, we will show how the malware's code and its behavior can reveal clues to the author's online persona, and sometimes even the author's real name and location.

Joe Stewart is Senior Security Researcher with LURHQ, a leading Managed Security Services Provider. In this role he researches unusual Internet activity to discover emerging threats. He is a frequent commentator on security issues for leading media organizations such as The New York Times, MSNBC, Washington Post, PC World and others.