SANS Institute

Vendor Events

Vendor Welcome Reception

Tuesday, September 30th: 5:00pm - 8:00pm

This informal reception allows you to visit exhibits and participate in some exciting activities. This is a great time to mingle with your peers and experience firsthand the latest in information security tools and solutions with interactive demonstrations.

During the reception you will see important tools and services in a relaxed environment, providing an opportunity to have one-on-one discussions with technical experts from these organizations.

Vendor Expo

Tuesday, September 30th: 12:00pm - 1:30pm and 5:00pm - 8:00pm
Wednesday, October 1st: 12:00pm - 1:30pm

All attendees are invited to meet with leading providers of firewalls, intrusion detection/ prevention systems and enterprise security management who will be demonstrating their latest solutions. The SANS 2008 Vendor Expo showcases product offerings from key technology providers in the commercial tools and services market. Vendors arrive prepared to interact with SANS' technically savvy audience, presenting technical demonstrations and explanations. It's about having your questions answered!

Integrated Cyber Exercise (ICE) brought to you by White Wolf Security and SANS

Wednesday, October 1st through Friday, October 3rd.
These evening sessions will begin after classes on all 3 days. Stay tuned for exact start times.

Participate in a real-time attack environment as a member of the Blue Cell (Defenders) or Red Cell (Attackers). Defenders are scored on their ability to keep systems up and available while maintaining information integrity. Attackers are scored on their ability to gain and maintain entry into the defenders systems. Spectators can play too: Spectators are loaned desktops and VoIP phones and are encouraged to interact with the live environment. They can call into the Blue Cell, send traffic or even form alliances with the Red Cell and forward attacks. Scoring visualization is used to enhance the exercise through 3D animations that show system status and compromises. Engage with sponsoring vendors whose products are being used in this live, real-time environment.

What is a Cyber Exercise? Click here

Laptop Alert
You may bring your own laptop to attack from (we cannot provide enough stations for the attackers). However, please understand that this is a hostile network. Do not have any sensitive personal or corporate data on anything you decide to plug into the network. SANS is not responsible for your system if someone attacks it during the exercise.
We will provide an internal server with attack tools for download. You are responsible for all the data on the laptop as well as your own care and feeding. We'll provide an IP address and a network map and a target list. Again, this is a hostile network, and we will in no way be responsible for damage done to your system.

Enterasys Networks Lunch and Learn Presentation

Who is Using Your Network?
Speaker: Dennis Boas, Product Marketing Manager, Security Solutions
Monday, September 29th, 2008 * 12:30pm - 1:15pm

How confident are you that your network infrastructure is providing total security for your business? Start providing better security today. Protect your network - and the people who rely on it - from potential threats and ensure a secure enterprise environment for your business.

Dennis has over 35 years of experience working in the computer and networking security environments. Starting with the ARPANET in the early 70's, his experience includes network management, network design, network security design, security analysis, product management.

Dennis has worked with Enterasys, Army Security Agency, and the National Security Agency.

NitroSecurity Lunch and Learn Presentation

Protecting Data in a Trust-based Internet
Speaker: Michael Leland, Chief Technology Officer
Monday, September 29, 2008 * 12:30pm - 1:15pm

The Internet, which hosts the majority of critical business applications today, is built largely on practices and protocols that are defined by trust. This session discusses how comprehensive forensics and analytics, when combined with this new information context, can build (or re-build) confidence and trust in our online activities.

Michael Leland, NitroSecurity's CTO, is responsible for developing and implementing NitroSecurity's information security technology vision and roadmap. Michael has held senior management positions at companies such as Cabletron and Avaya. At Avaya, Michael served as CTO where he led the company in its strategic efforts for converged data/voice development initiatives.

Rohati Systems Lunch and Learn Presentation

Externalizing Application Policy enforcement
Speaker: Vijay Sagar, Director, Product Management
Monday, September 29th, 2008 * 12:30pm - 1:15pm

During this presentation you will learn about the business drivers and technical implementation options for transaction level policy enforcement. Learn how 'Layer 7 ACLs' are enabling the Network-based Policy Enforcement Point (PEP) and Policy Decision Point (PDP) to secure data center resources.

Vijay Sagar is responsible for Product Management at Rohati Systems. Sagar began his career in the US Navy with subsequent roles at Price Waterhouse coopers and Cisco systems where he was a Product Manager on the Catalyst 6500 and Nexus 7000 products with responsibilities for data center security strategies.

Sourcefire, Inc. Lunch and Learn Presentation

The Future of Snort
Speaker: Ken Schar, Senior Security Engineer, SourcefireR, Inc.
Monday, September 29th, 2008 * 12:30pm - 1:15pm

With over 3,000,000 downloads, Snort is the most widely deployed and trusted intrusion detection and prevention technology worldwide. How will Snort evolve over the next couple of years to keep up with the ever-changing network security landscape? Join Ken Schar as he shares his vision of future Snort features.

Ken Schar is a Senior Security Engineer with Sourcefire, Inc. Prior to joining Sourcefire he worked as a Senior Consultant with a large security consulting firm where he directed the Penetration Testing & Vulnerability Assessment division. Mr. Schar's background is comprised of more than 15 years of progressive technical and security experience. His knowledge and methodologies have developed through years of network communications, systems architecture and development work. His experience culminates in a rich set of credentials for his concentration in information security.

Sourcefire Cocktail Brief

The Evolution of Network Security Technologies
Speaker: Ken Schar, Senior Security Engineer, SourcefireR, Inc.
Monday, September 29th, 2008 * 6:00pm - 7:15pm

Mr. Schar believes that network security needs to change to meet tomorrow's policy non-compliance, vulnerabilities, and threats. He will discuss the need for real-time network monitoring to see everything on a network and real-time context to know more. He will also show how Adaptive IPS can dramatically reduce false positives.

Ken Schar is a Senior Security Engineer with Sourcefire, Inc. Prior to joining Sourcefire he worked as a Senior Consultant with a large security consulting firm where he directed the Penetration Testing & Vulnerability Assessment division. Mr. Schar's background is comprised of more than 15 years of progressive technical and security experience. His knowledge and methodologies have developed through years of network communications, systems architecture and development work. His experience culminates in a rich set of credentials for his concentration in information security.

Cisco Cocktail Brief Presentation

CVSS and CVRF: Simplifying Information System Vulnerability Handling
Speaker: Mike Schiffman, Cisco Infrastructure Security Research and Development
Wednesday, October 1st, 2008 * 5:15pm - 6:30pm

In recent years, Cisco research has performed a gap analysis in the area of vulnerability ranking and reporting with the intention of shoring up a sometimes confusing and inversely correlated area of competing standards. The fruits of this labor are the two following methodologies:

CVSS
The Common Vulnerability Scoring System is a vendor agnostic, industry open standard designed to convey vulnerability severity and help determine urgency and priority of response.

CVRF
The Common Vulnerability Reporting Framework is a common and consistent framework for exchanging vulnerability information across different domains. CVRF will enable different stakeholders across different organizations to share critical vulnerability-related information in a single format, which will speed up the information exchange and digestion.

This short SANS presentation will highlight both methodologies and touch down lightly on both with time for questions.

Core Security Lunch and Learn Presentation

Efficient Vulnerability Management with Penetration Testing
Speaker: Anthony Alves, CISSP and Sr. Systems Engineer
Thursday, October 2nd, 2008 * 12:30pm - 1:15pm

This talk will be an opportunity for attendees to see a live demonstration of automated penetration-testing. In just minutes attendees will see CORE IMPACT safely exploit vulnerabilities in a target network, replicating the kinds of access an intruder could achieve, and proving actual paths of attacks that must be eliminated.

Anthony Alves is a CISSP and a Sr. Systems Engineer for Core Security Technologies, providing pre-sales and post-sales support and training for the Core Security Technologies Impact user base. Mr. Alves has more than 8 years of experience working with network and computer security products and tools. He was a Systems Engineer with SonicWALL, Intel Corporation, and Shiva Corporation specializing in their firewall and VPN products.

Mu Dynamics Lunch and Learn Presentation

Service Assurance: Improving Reliability/Availability/Security of IPv6
Speaker: Thomas Maufer, Director Technical Marketing and Johannes Ullrich, Chief Research Officer for the SANS Institute
Thursday, October 2nd, 2008 * 12:30pm - 1:15pm

IPv6 is a complex upgrade to the existing Internet Protocol (IPv4). IPv6 migration is difficult and poorly understood yet mandated by the US and other governments to take advantage of improved security, multimedia, and mobility. IPv6 service assurance, adaptively transports protocols over IPv4 and IPv6, measuring robustness, availability and security.

Thomas Maufer is Director of Technical Marketing for Mu Security, Inc. He has held various marketing and engineering/architect roles at NVIDIA and 3Com for networking products from NICs up to routers. He also managed metropolitan connectivity for NASA's Goddard Space Flight Center, and has written three books on computer networking.

As Chief Research Officer for the SANS Institute, Johannes is currently responsible for the SANS Internet Storm Center (ISC) and the GIAC Gold program. He founded DShield.org in 2000, which is now the data collection engine behind the ISC. His work with the ISC has been widely recognized, and in 2004, Network World named him one of the 50 most powerful people in the networking industry. Prior to working for SANS, Johannes worked as a lead support engineer for a web development company and as a research physicist. Johannes holds a Ph.D. in Physics from SUNY Albany and is located in Jacksonville FL.

Norman Data Defense Systems Lunch and Learn Presentation

Fighting Self-Defending Malware
Speaker:  Matt Allen, Technology & Forensics Analyst
Thursday, October 2nd, 2008 * 12:30pm - 1:15pm

The session will discuss self defending code techniques used in today's malware.  Live malicious samples will be used to demonstrate solutions for dealing with advanced packers, rootkits, and encrypted data sent over the network.

Matt Allen: With backgrounds in computer and information sciences as well as business, Matt Allen has worked in a number of different roles at Norman over the past 5 years, varying from incident response to web and software development. Matt is currently working with the SandBox team on various projects ranging from development to marketing.

Q1 Labs Lunch and Learn Presentation

Enterprise Log Management for Incident Handlers
Speaker: Brian Mehlman, Sr. Product Marketing Manager
Thursday, October 2nd, 2008 * 12:30pm - 1:15pm

** REGISTER TODAY** This Lunch & Learn limited to the first 50 registrants. If registration is full, please visit the Q1 Labs booth for a special offer.

Does your organization collect logs from your critical devices? Do you truly know how to leverage these logs during or after an incident? Attendees will learn effective log analysis techniques for incident handling using Q1 Labs' QRadar, as well as forensic analysis and reporting within an organization.

After completing this session, attendees will be able to define and classify logging and plan logging requirements around regulatory compliance.  In addition, this session will explain how to leverage archived logs for long-term analysis and trending, as well as how to analyze the logs collected from an organization's infrastructure.

There will be a forum discussion to address the above-mentioned techniques and offer additional insight per audience requests.

Brian Mehlman has over 18 years' experience working in technical and product marketing positions with leading software companies. Prior to Q1 Labs, he helped deliver solutions in the areas of network, systems, storage and security management for Network Appliance, 3COM Corporation, Fidelity Investments and Hewlett Packard. Brian earned a bachelor's degree in computer science and mathematics from Gordon College and a Master's degree in computer science from the University of Vermont.

Rapid7, Inc. Lunch and Learn Presentation

Security vs. Compliance: Complimentary or Competitive?
Speaker: Pia Flores, Product Support Specialist
Thursday, October 2nd, 2008 * 12:30pm - 1:15pm

Security and compliance are necessary objectives for many organizations but many confuse the two. This presentation will discuss the differences between security and compliance, how do you choose security products that help achieve these goals and the use of compliance benchmarks to improve security and your organization's overall risk posture.

Pia Flores is a Product Support Specialist for Rapid7, providing product training and presales support to the company's growing prospect base. Working with security personnel across industries such as healthcare, finance, government and higher education, Pia helps them understand and select vulnerability assessment solutions that meet their organization's unique needs.

Intel and Credant Lunch and Learn Presentation

Intel & Credant: Protecting Your Data, wherever it is
Speakers: Benjamin Wright, Chris Burchett, and Matt Semenza
Friday, October 3rd, 2008 * 12:30pm - 1:15 pm

The sprawl of sensitive information to desktops, laptops, smart phones, USB drives, and removable media is a cause for real concern. At this educational lunch event, learn more about the legal imperative for data encryption, and about solutions from Intel and Credant that help create a safer and more manageable environment for your data today and into the future.

• Ben Wright is widely recognised as one of the leading lawyers in e-commerce. Follow Ben's work with SANS and other public appearances by visiting his blog at http://legal-beagle.typepad.com
• Chris Burchett, CTO of CREDANT, is the author of numerous patents and an expert in endpoint encryption software.
• Matt Semenza, senior marketing manager from Intel, with responsibility for Intel's new vPro Technology solutions.

LogLogic Lunch and Learn Presentation

'Worst Practices' of Log Management
Speaker: Dr. Anton Chuvakin, GCIA, GCIH, GCFA
Friday, October 3rd, 2008 * 12:30pm - 1:15 pm

Want to learn all the embarrassing mistakes and pitfalls that await you on the path to log management nirvana? Attend "'Worst Practices' of Log Management" presentation by LogLogic's Logging Evangelist Dr Anton Chuvakin that covers all the things that can go wrong while planning, evaluating, deploying and running a log management solution. Insufficient planning, unrealistic expectations, choosing tools on price alone, lack of logging configuration guidance are among such "worst practices." Each common "worst practice" will be accompanied by suggestions to avoid the errors and do things correctly! Everybody touts "best practices", but this is the place to learn how to avoid the opposite - and have fun in the process.

Dr Anton Chuvakin, GCIA, GCIH, GCFA is a recognized security expert and author. He is an author and contributor of several books including Security Warrior, Know Your Enemy II, Information Security Management Handbook and Hacker's Challenge 3. Chuvakin has published numerous papers on security issues. He participates in various security industry initiatives and standards organization.