SANS Institute

the most trusted source for computer security training, certification and research

select a course

Las Vegas, NV - September 22 - 30, 2007

Global Information Assurance Certification

Global Information Assurance Certification
Number of Certified Professionals
21,487

This is the real deal - no fluff!
-Nancy Rice, Capital Blue Cross

CLICK HERE FOR RESERVATIONS

Back in fabulous Las Vegas to host NS 2007

Vendor Events

Vendor Welcome Reception

- Monday, September 24th: 5:00pm - 8:00pm

This informal reception allows you to visit exhibits and participate in some exciting activities. This is a great time to mingle with your peers and experience firsthand the latest in information security tools and solutions with interactive demonstrations.

During the reception you will see important tools and services in a relaxed environment, providing an opportunity to have one-on-one discussions with technical experts from these organizations.

Vendor Expo

- Monday, September 24th: 12:00pm - 1:30pm and 5:00pm - 8:00pm
- Tuesday, September 25th: 12:00pm - 1:30pm

All attendees are invited to meet with leading providers of firewalls, intrusion detection/ prevention systems and enterprise security management who will be demonstrating their latest solutions. The SANS 2007 Vendor Expo showcases product offerings from key technology providers in the commercial tools and services market. Vendors arrive prepared to interact with SANS' technically savvy audience, presenting technical demonstrations and explanations. It's about having your questions answered!

Lunch & Learns

8e6 Technologies, Inc. Lunch and Learn Presentation
- "Securing Your Network Against Web-Based Proxies"
- Speaker: Mark Parker, Senior Product Manager
- Sunday, September 23rd, 2007 12:30pm - 1:15pm

Anonymous proxies have become the deep dark secret of network security. Chances are, they are being used in your network without your knowledge. Security administrators are often surprised to find out that most of the leading web filters do not stop visits to inappropriate websites via proxy tunnels. Now that proxies have gone open source, they have proliferated and represent a major threat to your network security. Join us for information on how to control this emerging threat.

As an 11-year veteran and leading expert in information security, Mark Parker is ideally positioned with the responsibility for managing the lifecycle of all filtering products. He is a recipient of 8e6's Leadership Award in recognition of his initiative and technical excellence. Mr. Parker also plays a major role in product training, customer demonstrations and sales.

EMC Corporation Lunch and Learn Presentation
- "An Information-Centric Approach to Security: Moving Beyond the Perimeter"
- Speaker: Pavan Pant, Senior Product Manager, Consumer and Access Solutions Group, RSA, the Security Division of EMC
- Sunday, September 23rd, 2007 * 12:30pm - 1:15pm

Enterprises are now global, virtual and dependent on dynamic information access — and by nature, digital information is in constant motion throughout its lifecycle. In this shifting landscape, the battlefront in security is rapidly changing from securing the perimeter to protecting the information itself. This session will outline an information-centric approach to security that guards information throughout its lifecycle.

Pavan Pant is responsible for the technology strategy and direction for RSA's web access management and federated identity management solutions. Prior to RSA, Mr. Pant worked as a consultant for Ernst & Young in their Information Systems Consulting division. He holds a MS in Electrical and Computer Engineering from Boston University.

Seagate Lunch and Learn Presentation
- "Data at Rest, Done Easy: Native, Hardware-Based Full Disk Encryption by Seagate Technology"
- Speaker Names: Joni Clark, Senior Product Marketing Manager, Seagate Technology and Michael Jardine, VP Americas and Asia, SECUDE Technology
- Sunday, September 23rd, 2007 * 12:30pm - 1:15pm

DriveTrust™ technology is a security platform designed into the core of the disk drive. Learn how DriveTrust can prevent the loss of millions of dollars, preserve your company's good reputation and help you achieve compliance with consumer data protection regulations by natively securing your data where it lives.

Joni Clark, a senior product-marketing manager for the Seagate® notebook storage line, has driven the launch of new technologies and products such as the first Serial ATA drive and the first perpendicular storage drive. She continues launching new technologies and products, including the Seagate DriveTrustT security platform, the Seagate MomentusR FDE.2 drive and the Seagate Momentus PSD hybrid drive. Joni also serves as chairperson for the Hybrid Storage Alliance.

Michael Jardine is the senior representative for SECUDE's line of mobile security products in the United States and Asia, and has over twenty years of international marketing and management experience including Disney Interactive, where he built the company's software licensing and PC-OEM business in Asia-Pacific.

Symantec Lunch and Learn Presentation
- "Protect Your Entire Network Beginning at the Endpoints"
- Colin Gibbens, Technical Product Manager, CISSP
- Sunday, September 23rd, 2007 * 12:30pm - 1:15pm

Organizations need a comprehensive security solution that monitors and manages all of its security devices and systems beginning at the endpoints. Symantec Security Information Manager allows you to create a repeatable process around managing and monitoring your endpoint activity including the detection of viruses, spyware, firewall activity, etc. as well as all of your security sources. Understand the prioritization of impacted assets for more intelligent results and report and track on non-compliant endpoints and rollout of virus updates.

Attend this Lunch and Learn and find out more about Symantec's award winning combination of leading security technology solutions that helps you protect your entire network beginning at the endpoints.

Collin Gibbens, Technical Product Manager, CISSP
Colin Gibbens supports the strategic direction and technical enhancements of the Symantec Security Information Manager (SSIM) Solution. He is an expert in security products and services and is utilized as a global consultant throughout Symantec Corporation. Colin has over 17 years of experience in network security as well as an extensive background in technology training and support.

ArcSight Lunch and Learn Presentation
- "Faster, Smarter, More Secure: Network-Enabled Threat Management"
- Speaker: Michael Seguinot, Systems Engineer, CISSP
- Wednesday, September 26th, 2007 * 12:30pm - 1:15pm

For a comprehensive network threat response program, you need to quickly identify threats, promptly take appropriate action, report on any network changes and easily re-implement previous configurations. And don't forget that the entire process needs to be repeatable and auditable and completed in a matter of minutes. Come to lunch and learn how you can make faster, smarter decisions about network changes to deal with network threats while complying with policies and regulations. Plus, learn how to use improved response targeting to eliminate configuration errors and quickly respond to threats without sacrificing the integrity of your network.

Michael Seguinot, Systems Engineer, CISSP
Michael Seguinot has significant experience in the IT industry with a focus on overall system design and implementation, hardware and software assessment, and security architecture. He has technical expertise in network security solutions, cryptography, smart card technology, firewalls, VPNs, intrusion detection systems, risk management, PKI and digital signatures, directory services and systems engineering.

Core Security Lunch and Learn Presentation
- "Efficient Vulnerability Management with Penetration Testing"
- Speaker: Alex Horan, Product Specialist
- Wednesday, September 26th, 2007 12:30pm - 1:15pm

This talk will be an opportunity for attendees to see a live demonstration of automated penetration-testing. In just minutes attendees will see CORE IMPACT safely exploit vulnerabilities in a target network, replicating the kinds of access an intruder could achieve, and proving actual paths of attacks that must be eliminated.

Alexander Horan is a Product Specialist for Core Security Technologies, providing training and customer support for CORE IMPACT'S user base. Mr. Horan has over eight years of experience working with both software and hardware based security tools. He brings a deep knowledge and understanding of vulnerability assessment and penetration testing, systems administration, network administration, network audits, operations, customer support, technical sales, project management, network and systems design and IT management to his work at Core. Prior to working with Core, he was a Senior Consultant with Aspelle Inc. and a Novell Administrator for JP Morgan.

Norman Data Defense Systems Lunch and Learn Presentation
- "Malware Analysis the Efficient Way!"
- Speaker: Matt Allen, Technology & Forensics Analyst
- Wednesday, September, 26th, 2007: 12:30pm - 1:15pm

Without the right tools, analyzing malware can be a time consuming and cumbersome task. With Norman SandBox Analyzer batches of malware can be analyzed with speed down to 13 seconds per file, with the SandBox Analyzer Pro you can easily debug malware code more precisely and effective than previously possible.

Hurry, seating is limited to the first 50 students!

Participate in a one hour hands-on session of Norman SandBox Analyzer Tools and get a 3 month trial of the Norman SandBox Reporter.

Matt Allen: With backgrounds in computer and information sciences as well as business, Matt Allen has worked in a number of different roles at Norman over the past 5 years, varying from incident response to web and software development. Matt is currently working with the SandBox team on various projects ranging from development to marketing.

Palo Alto Networks Lunch and Learn Presentation
- "Applications Are Evolving - Why Hasn't The Firewall?"
- Speaker: Nir Zuk, Chief Technical Officer (CTO)
- Wednesday, September 26th, 2007 12:30pm - 1:15pm

Social networking, IM, streaming media, Internet TV — these are just a few of the end-user applications that are installed on enterprise networks, right along side traditional HR and finance applications. To embrace these applications, IT must have tools that can detect and control them - which means that firewalls will need to evolve significantly from their port/protocol centric designs.

Nir Zuk brings a wealth of network security expertise and industry experience to Palo Alto Networks. Prior to co-founding Palo Alto Networks, Nir was CTO at NetScreen Technologies, which was acquired by Juniper Networks in 2004. Prior to NetScreen, Nir was co-founder and CTO at OneSecure, a pioneer in intrusion prevention and detection appliances. Nir was also a principal engineer at Check Point Software Technologies and was one of the developers of stateful inspection technology.

SenSage Lunch and Learn Presentation
- "Using Cisco MARS and SenSage for Security and Compliance at PFF Bank & Trust"
- Speaker: Jim Lairmore, CISSP, GSEC, CCNA, Information Security Manager
- Wednesday, September 26th, 2007 * 12:30pm - 1:15pm

How PFF combined real time and security information management to detect the following and maintain compliance:

Attacks targeting the same (or numerous) system and application repeatedly
Attacks originating from the same source or IP range
System configuration changes
User account changes
File access changes

Hurry, seating is limited to the first 55 students.

Jim Lairmore, Information Security Manager of PFF Bank & Trust has been in information security for 7 years. He has a bachelor's degree in IT security as well as several certifications including CISSP and CCNA.

Sourcefire, Inc. Lunch and Learn Presentation
- "The Future of Snort"
- Speaker: Ken Schar, Senior Security Engineer
- Wednesday, September 26th, 2007 * 12:30pm - 1:15pm

With over 3,000,000 downloads and 150,000 active users, Snort is the most widely deployed and trusted intrusion detection and prevention technology worldwide. How will Snort evolve over the next couple of years to keep up with the ever-changing network security landscape? Join Ken Schar as he shares his vision of future Snort features.

Ken Schar is a Senior Security Engineer with Sourcefire, Inc. Prior to joining Sourcefire he worked as a Senior Consultant with a large security consulting firm where he directed the Penetration Testing & Vulnerability Assessment division. Mr. Schar's background is comprised of more than 15 years of progressive technical and security experience. His knowledge and methodologies have developed through years of network communications, systems architecture and development work. His experience culminates in a rich set of credentials for his concentration in information security.

Breach Security, Inc. Lunch and Learn Presentation
- "Scanning is not protection for your Web applications. Get visibility and continuous protection with a Web application firewall."
- Kevin Overcash, VP Product Management
- Thursday, September 27th, 2007 * 12:30pm - 1:15pm

Kevin Overcash will review the strategies and challenges with securing web applications, including white and black box testing and deploying a web application firewall. He will then dive down into the details of web application firewalls and discuss their value beyond protection such as application defects detection and compliance auditing.

An Internet security expert, Kevin has more than 25 years of experience in software design and development with a focus on security solutions including development and product management roles with both IBM Internet Security Systems and SPI Dynamics. Kevin also serves as the Technical Committee Chairman for the PCI Security Vendor Alliance.

F5 Networks, Inc. Lunch and Learn Presentation
- "Application Firewalls: Application Security during Delivery"
- Askar Sattarov, Security Systems Architect
- Thursday, September 27th, 2007 * 12:30pm - 1:15pm

Application security is a hot topic today, but there are many different parts to application security; it's not as easy and clear-cut as network security. Options range from applying application security intelligence and logic to the network firewall, to adding an IPS point-product for packet reassembly and payload inspection, through routine application vulnerability testing to stay on top of your application's weak spots. While these are all valid tools to address application security, adding security to the Application Front End (AFE) provides the most efficient and logical option by implementing secure proxying between any client to any application over any protocol. Please come join us for lunch and learn how F5 implements total Application Delivery Security and is redefining the Application Firewall concept.

Askar Sattarov is a Security Systems Architect at F5 Networks specializing in Web Application Security and SSL VPN Secure Remote Access. He assists in the design, implementation and testing of F5 based security solutions and provide explanations and clarification to customer questions and issues related to F5's security solutions.

nCipher Lunch and Learn Presentation
- "Centralized Encryption Key Management"
- Paul Gough, CISSP, Senior Technical Support Engineer
- Thursday, September 27th, 2007 * 12:30pm - 1:15pm

This session addresses the challenges of centralized key lifecycle management. Paul will outline nCipher's approach with emphasis on key confidentiality integrality and availability. Including how keys are generated, stored, archived, backed up and retrieved and issues such as key mobility, escrow, roll-over and dynamic key and user revocation.

Mr. Gough has been a technical support engineer at nCipher since 2000 supporting all nCipher security products. Paul has over 22 years in technical support in the United States, Europe, and South Africa for NEC Computers and Digital Equipment Corp.

Nitro Security Lunch and Learn Presentation
- "Data is The Answer — Making the most informed security decisions, Using data and resources that you (probably) already have."
- Speaker: Michael Leland, CTO, Nitro Security
- Thursday, September 27th, 2007 12:30pm - 1:15pm

With so much information coming from so many sources, it is becoming necessary to simplify Security Information Management... Yet regulatory compliance needs and forensic security requirements are demanding that "more is better". Learn how to collect the data you need and still manage it simply using context-aware analytical tools.

Michael is CTO of NitroSecurity, where he brings over 17 years of expertise to the company. He is responsible for developing and implementing NitroSecurity's overall technology vision and roadmap, including next generation network and security management solutions.

Q1 Labs Lunch and Learn Presentation
- "Enterprise Log Management for Incident Handlers"
- Speaker: Andrew Hay, Manager of Integration Services
- Thursday, September 27th, 2007 - 12:30pm - 1:15pm

Does your organization collect logs from your critical devices? Do you truly know how to leverage these logs during or after an incident? Attendees will learn effective log analysis techniques for incident handling using Q1 Labs QRadar, as well as forensic analysis and reporting within an organization. After completing this session, attendees will be able to define and classify logging and plan logging requirements around regulatory compliance. In addition, this session will explain how to leverage archived logs for long-term analysis and trending, as well as how to analyze the logs collected from an organization's infrastructure. There will be a forum discussion to address the above-mentioned techniques and offer additional insight per audience requests.

This Lunch & Learn limited to the first 50 registrants. If registration is full, please visit the Q1 Labs booth for a special offer.

As Manager of Integration Services for Q1 Labs Inc, Andrew Hay leads a team of software developers integrating 3rd party event and vulnerability data into QRadar, their flagship network security management solution. Andrew has extensive experience in enterprise network, firewall, VPN, intrusion (NIDS/IPS/HIPS), and security management (NSM/SIM/SEM/NBA) technologies. He is also a strong advocate of security training, certification programs, and public security awareness initiatives.

SenSage and HP Lunch and Learn Presentation
- "HP and SenSage Present, HP Secure Advantage and the HP Compliance Log Warehouse"
- Speakers: Steve Scott, Senior Product Marketing Manager and Dan Barahona, VP of Emerging Markets
- Thursday, September 27th, 2007 * 12:30pm - 1:15pm

Learn how HP Secure Advantage protects your data, protects your resources and helps you prove compliance. In particular, learn how the HP Compliance Log Warehouse provides comprehensive log collection, retention and reporting across all systems in your enterprise and helps you comply with SOX, HIPAA, PCI, and other mandates.

Hurry, seating is limited to the first 55 students.

Steve has presented at industry events on security issues on five continents. He has held product management, product marketing, and management positions at HP for over twenty years. Steve holds degrees from Willamette University, Thunderbird School of Global Management, Tokyo International University, and the Institute of International Studies and Training.

Dan Barahona: As Vice President of Emerging Markets, Dan Barahona has spent much of the past decade in executive operational roles for emerging and established technology leaders. Dan has become an expert on issues involving information systems monitoring - including regulatory compliance, insider abuse, forensics, and legal issues. Dan has a B.S. degree in Engineering from the Rensselaer Polytechnic Institute, a Master of Engineering degree from Cornell University, and an MBA from the University of Michigan.

LogLogic Lunch and Learn Presentation
- "Choosing Your Log Management Approach"
- Speaker: Dr. Anton Chuvakin, GCIA, GCIH, GCFA
- Friday, September 28th, 2007 * 12:30pm - 1:15pm

Spend an hour with the Log Management & Intelligence leaders on best practices for selecting a Log Management & Solution.

Should you build, buy, outsource or combine strategies?
What are the ten most important things to ask your Log Management & Intelligence vendor?
What are the best practices being used by the Fortune 500?
When build and when not to build your own?
When to use a combined log management strategy?

Dr Anton Chuvakin, GCIA, GCIH, GCFA is a recognized security expert and author. He is an author and contributor of several books including Security Warrior, Know Your Enemy II, Information Security Management Handbook and Hacker's Challenge 3. Chuvakin has published numerous papers on security issues. He participates in various security industry initiatives and standards organization.

Cocktail Briefs

Net Optics, Inc. Hands-On Demo, Cocktail Brief
- "Taps in IT Network Analysis and Security Monitoring"
- Speaker: Dan McCarthy, Business Development
- Tuesday, September 25th, 2007 * 6:00pm - 7:15pm

Net Optics presents an overview on the value and features that are inherent to Test Access Port (Tap) technology and how Taps are used in network analysis and security monitoring. Learn how both IT network and security professionals can share a common point into the network.

Dan McCarthy is responsible for Business Development at Net Optics. In this role he works with OEM's, End-Users and Resellers to develop passive monitoring solutions for customer networks. He is well versed in the entire Net Optics product line and is a frequent speaker for Net Optics.

Sourcefire Cocktail Brief
- "Enterprise Threat Management: Bringing Security Together Through Intelligence"
- Speaker: Ken Schar, Senior Security Engineer
- Tuesday, September 25th, 2007 * 6:00pm - 7:15pm

The days of "see a threat, buy a box" are gone. In this presentation, Ken Schar- will discuss how a holistic security approach is evolving-one that unifies Network Behavior Analysis (NBA), Vulnerability Assessment, Intrusion Prevention, and Network Access Control (NAC) under one management console. Many are calling this approach, "Enterprise Threat Management (ETM)."