the most trusted source for computer security training, certification and research


select a course
Orlando, FL - February 24 - March 4, 2006
Global Information Assurance Certification

SANS training gives me the tools I need to do my job.
-Michael Hiramoto, NCI

Vendor Activities

Vendor Expo

Sunday, February 26th: 12pm-1:30pm; 5:00pm-7:30pm
Monday, February 27th: 12pm-1:30pm; 5:00pm-7:00pm

All attendees are invited to meet with leading providers of firewalls, intrusion detection/prevention systems and enterprise security management who will be demonstrating their latest solutions. The SANS 2006 Vendor Expo showcases product offerings from key technology providers in the commercial tools and services market. Vendors arrive prepared to interact with SANS' technically savvy audience, presenting technical demonstrations and explanations. It's not about handing out freebies - it's about having your questions answered!

Visit www.sans.org/sans2006/vendorexpo.php for a full list of exhibitors.

SANS Welcome Reception

Sunday, February 26th: 5:00pm - 7:30pm

These informal receptions allow you to peruse exhibits and participate in some exciting activities. This is a great time to mingle with your peers and experience firsthand the latest in information security tools and solutions with interactive demonstrations.

Vendor Reception

Monday, February 27th: 5pm - 7pm

During the receptions you will see important tools and services in a relaxed environment, providing an opportunity to have one-on-one discussions with technical experts from these organizations.

Panel Discussion "Best Practices in Log Management Intelligence"

Sunday, February 26, 2006: 7:30pm - 9:30pm

Participating Vendors:


Tuesday, February 28, 2006

Core Security Lunch & Learn

Tuesday, February 28, 2006 12:30pm - 1:15pm
"Automated Penetration Testing with CORE IMPACT"
Speaker: Alex Horan, CORE IMPACT Product Specialist

This talk will be an opportunity for attendees to see a live demonstration of automated penetration-testing. In just minutes, attendees will see CORE IMPACT safely exploit vulnerabilities in a target network, replicating the kinds of access an intruder could achieve, and proving actual paths of attacks that must be eliminated.

LogLogic Lunch & Learn

Tuesday, February 28, 2006 12:30pm - 1:15pm
"Log Management Intelligence - Automating Compliance. Mitigating Risk"
Speaker: Jian Zhen,Director of Product Management

Join LogLogic's Director of Product Management, Jian Zhen as he discusses how your peers are utilizing log data and CobiT 4 to automate the regulatory compliance process, while improving network availability and security.You will also learn how effective log management strategies can significantly reduce costs and increase productivity.

LURHQ Lunch & Learn

Tuesday, February 28, 2006 12:30pm - 1:15pm
"Behavioral Malware Analysis Using Sandnets"
Joe Stewart, Senior Security Researcher

Sandnets provide security teams with an effective tool to analyze malware. This presentation will detail the construction of a 2-machine behavioral analysis "sandnet", which will allow semi-automated analysis of malware. Detailed instructions and a toolkit will be provided to assist attendees in later setting up sandnets for malware analysis.

Net Optics Hands-On TAPS Workshop

Tuesday, February 28, 2006 5:30 - 6:45pm
Monica Rohlfes, Business Development Manager

Net Optics Learning Center presents a short overview of Passive Monitoring Access, Tap technology, and its place in the network.

Immediately following will be an extended hands-on demonstration of a variety of innovative Net Optics Taps at work in a simulated network.

Light refreshments will be provided.

Monica Rohlfes heads Net Optics Business Development and Net Optics product training seminars. Monica has been training on network security since 2001 and joined Net Optics' in early 2004. An experienced educator, Monica trains on the advantages of passive access solutions and how to deploy secure network monitoring infrastructures.

Stonesoft Lunch & Learn

Tuesday, February 28, 2006 12:30pm-1:15pm
Speaker: Mark Boltz, Sr. Security Consultant

Mark Boltz has more than 14 years of experience in network and system administration, with more than eight years in network security He has also authored articles for various industry publications and is a member of the northern Virginia chapter of ISSA (Information Systems Security Association).

More details to come

Watchfire Lunch & Learn

Tuesday, February 28, 2006 12:30pm - 1:15pm
Web Application Security 101: Minimizing Your Online Risk?
Speaker Dan Gravelle, Security Consultant

Watchfire Security Expert Dan Gravelle provides valuable insight into several web application hacking techniques - such as Cross-Site Scripting, Forceful Browsing and SQL Injection -- used today to maliciously attack web-facing applications. Watchfire.s AppScan(R) automated web application security testing solution helps enterprises manage and secure, web applications before hackers can exploit them.

Wednesday, March 1, 2006

Cambia Lunch & Learn

Wednesday, March 1, 2006 12:30 - 1:15pm
"Change is the Enemy: Ten Network Changes You Should Be Looking For"
David Meltzer, CTO of Cambia Security

This presentation will cover ten ways that enterprise environments typically change, all of which can chip away at your security in ways that you might not realize. Some are obvious; some are subtle; all could be dangerous. It will also cover ways to identify those changes and react to them, before they create major problems.

CipherTrust Lunch and Learn

Wednesday, March 1, 2006 - 12:15 to 1:15pm
The State of Messaging Security: Defenses are Getting Stronger as Evil Doers Morph?
Speaker Bradon Rogers, Director of Sales Engineering

The state of messaging security is strong, as the security industry has made the environment a difficult one for spammers and propagators of malware, who are always looking for ways to derive revenue from their efforts. But the industry must not get complacent, as spammers are already capitalizing on messaging standards that present new opportunities.

Crossbeam Systems Lunch and Learn

Wednesday, March 1, 2006 12:30 to 1:15pm
"Unified Threat Management: Overlay information survivability architectures versus embedded network security?"
Christofer Hoff, Chief Security Strategist

We will discuss the divergence between those who see the future in embedded security - where security functions are to become integrated into the IT infrastructure in routers and switches - and those who support the idea of overlay security using UTM - a security architecture that is overlaid on the network.

Institute of Internal Auditors Lunch & Learn

Wednesday, March 1, 2006 12:30 - 1:15pm
"Generally Accepted IT Principles GAIT"
Heriot Prentice, Director Technology Practices

Heriot Prentice shall provide detail around the recently exposed Generally Accepted IT Principles (GAIT) developed by The IIA Advanced Technology Committee, and how these can benefit IT management, internal and external auditors create greater efficiency and effective around general computer control reviews.

GraniteEdge Lunch & Learn

Wednesday, March 1, 2006 12:30pm - 1:15pm
"Internal Network Security: Protecting High-Value Assets from Targeted Cyber-Threats"
Todd Hooper, VP Product Management and Business Development

During this session you will gain valuable insight into the growing trend of for-profit cyber-threats, how they are designed to elude traditional security infrastructures and how to defend the enterprise from these sophisticated attacks. GraniteEdge Security Analytics answers the fundamental question: What is happening on the network before, during and after a threat occurs?

Internet Security Systems (ISS) Lunch and Learn

Wednesday, March 1, 2006 12:30 to 1:15pm
"Anomaly Detection Systems...The Perfect Complement to Network IPS"
Tom Stitt, Senior Manager of Product Strategy

You have made great strides in securing your network. But your internal users can still threaten the security and productivity of your internal network. Learn how Anomaly Detection Systems provide the needed visibility to ensure network integrity and necessary security protection to effectively deliver a multi-layered security solution that is also cost-intelligent.

Sourcefire Cocktail Brief

Wednesday, March 1, 2006 5:30pm - 6:45pm
Speaker Martin Roesch

Celebrate National Pig Day with the creator of your favorite pig!

Martin Roesch, Sourcefire Founder & CTO, and Author of Snort With over 2 million downloads to date, Snort is the most widely deployed intrusion detection and prevention technology worldwide. What better way to celebrate National Pig Day than with the creator of our favorite pig! Join Marty Roesch for cocktails, hors d'oeuvres and a discussion of Snort - Past, Present and Future.

Martin Roesch founded Sourcefire in 2001 and serves as its CTO. An authority on intrusion prevention technology and forensics, he is responsible for the technical direction and product development efforts. Martin is also the author and lead architect of the Snort Intrusion Prevention System that forms the foundation for the Sourcefire 3D System.

Thursday, March 2, 2006

Sourcefire Lunch & Learn

Thursday, March 2, 2006 12:30 - 1:15pm
"Protocol Modeling for Advanced Zotob Detection"
Speaker Martin Roesch, Sourcefire Founder & CTO, and Author of Snort

Zotob provides a clear example of the consistently shrinking window of time between a vulnerability announcement and the subsequent emergence of a threat that exploits the weakness. Learn how the Sourcefire VRT's methodology of protocol modeling enables the creation of compound rules capable of stopping Zotob and all variants, even before the initial threat is discovered.

Martin Roesch founded Sourcefire in 2001 and serves as its CTO. An authority on intrusion prevention technology and forensics, he is responsible for the technical direction and product development efforts. Martin is also the author and lead architect of the Snort Intrusion Prevention System that forms the foundation for the Sourcefire 3D System.

Check the most current listing of exhibiting vendors at: www.sans.org/sans2006/vendorexpo.php