SANS 2007 - Vendor Events

SANS Institute

The most trusted source for computer security training, certification and research.

select a course

San Diego, CA - March 29 - April 6, 2007

Global Information Assurance Certification

Global Information Assurance Certification
Number of Certified Professionals
27,998

SANS training is like a catalyst. It not only boosts your knowledge but also inspires you to learn more.
-Tan Koon Yaw, IDA

Back in beautiful San Diego to host SANS 2007

Vendor Events

Vendor Welcome Reception

Sunday, April 1st: 5:00pm - 9:00pm

This informal reception allows you to visit exhibits and participate in some exciting activities. This is a great time to mingle with your peers and experience firsthand the latest in information security tools and solutions with interactive demonstrations.

During the reception you will see important tools and services in a relaxed environment, providing an opportunity to have one-on-one discussions with technical experts from these organizations.

Vendor Expo

Sunday, April 1st: 12:00pm - 1:30pm and 5:00pm - 9:00pm
Monday, April 2nd: 12:00pm - 1:30pm

All attendees are invited to meet with leading providers of firewalls, intrusion detection/ prevention systems and enterprise security management who will be demonstrating their latest solutions. The SANS 2007 Vendor Expo showcases product offerings from key technology providers in the commercial tools and services market. Vendors arrive prepared to interact with SANS' technically savvy audience, presenting technical demonstrations and explanations. It's about having your questions answered!

Lunch and Learns

Application Security Lunch and Learn Presentation

- Database Security & the Insider Threat
- Saturday, March 31st: 12:30pm - 1:15pm
- Jeff Paddock, Product Specialist

Despite increased awareness and significant investments in security infrastructure, all too frequently another large organization makes headlines for having its sensitive data compromised. Attackers are getting more professional and more focused. Gartner estimates that 85% of attacks are perpetrated by insiders and the target is the data that resides in databases.

This one hour presentation describes:

Insider Threats at the Application Layer. Why be concerned?
Defining "The Insider" & "Threat Types"
Insider Attack Examples
Database Security & Monitoring Best Practices

Jeff Paddock is a Product Specialist with Application Security, Inc a leading Database Security solutions provider In this role, Jeff focuses on many business and technical aspects of regulatory compliance, database security, network and enterprise security, and a variety of public speaking activities Prior to joining Application Security, Mr. Paddock worked for Symantec, including Axent Technologies and Raptor Systems, Compuware's Ecosystems Division, Prime Computer and the US Air Force. He has held various positions in engineering, technical and marketing management in each of these companies.

Jeff's experiences covered a wide range of areas from Account Management, Systems Engineer Manager to Director of Development for a UNIX administration tool. He has over 30 years experience in security, networking, databases and client-server technologies. Jeff holds a BS in Computer Science from the University of Maryland.

NIKSUN, Inc. Lunch and Learn Presentation

- Real-time Content and Compliance Monitoring
- Terri Brewer, Senior Systems Engineer
- Saturday, March 31st: 12:30pm - 1:15pm

Join Terri Brewer, Sr. Systems Engineer at NIKSUN for an informative Lunch and Learn to discover how to meet the challenges of real-time content monitoring and regulatory compliance. Obtain insights into industry-leading network security, performance, forensics and compliance solutions that address these challenges.

An accomplished, dynamic speaker, Terri brings more than 15+ years of experience in the disciplines of network management, security, engineering, design and technical instruction. She holds a B.S. degree in Industrial Engineering from Southern Polytechnic University. Prior to joining NIKSUN, Terri worked with Network General, Symantec, AT&T, and Lockheed.

Core Security Lunch and Learn Presentation

- Efficient Vulnerability Management with Penetration Testing
- Tuesday, April 3rd: 12:30pm - 1:15pm
- Alex Horan, Product Specialist

This talk will be an opportunity for attendees to see a live demonstration of automated penetration-testing. In just minutes attendees will see CORE IMPACT safely exploit vulnerabilities in a target network, replicating the kinds of access an intruder could achieve, and proving actual paths of attacks that must be eliminated.

Alexander Horan is a Product Specialist for Core Security Technologies, providing training and customer support for CORE IMPACT'S user base. Mr. Horan has over eight years of experience working with both software and hardware based security tools. He brings a deep knowledge and understanding of vulnerability assessment and penetration testing, systems administration, network administration, network audits, operations, customer support, technical sales, project management, network and systems design and IT management to his work at Core. Prior to working with Core, he was a Senior Consultant with Aspelle Inc. and a Novell Administrator for JP Morgan.

Norman Data Defense Systems

- Malware Analysis the Efficient Way!
- Kurt Natvig
- Tuesday, April 3rd: 12:30pm - 1:15pm

Without the right tools, analyzing malware can be a time consuming and cumbersome task. With Norman SandBox Analyzer batches of malware can be analyzed with speed down to 13 seconds per file, with the SandBox Analyzer Pro you can easily debug malware code more precisely and effective than previously possible.

Kurt Natvig: Kurt Natvig started programming Assembly in 1987. He started working for Norman ASA in 1994. In 1995 he began developing Norman's first emulator. In 1999 Kurt was elected as a CARO member, and is also a member of AVED. He introduced the Norman SandBox during in 2001.

Sourcefire, Inc. Lunch and Learn Presentation

- The Future of Snort
- Tuesday, April 3rd, 2007 12:30pm - 1:15pm
- Martin Roesch, CTO and Founder, Sourcefire®, Inc. Creator of SNORT®

With over 3,000,000 downloads, Snort is the most widely deployed and trusted intrusion detection and prevention technology worldwide. How will Snort evolve over the next couple of years to keep up with the ever-changing network security landscape? Join Marty Roesch as he shares his vision of future Snort features.

Martin Roesch founded Sourcefire in 2001 and serves as its CTO. An authority on intrusion prevention technology and forensics, he is responsible for the technical direction and product development efforts. Martin is also the author and lead architect of the Snort Intrusion Prevention System that forms the foundation for the Sourcefire 3D System.

SPI Dynamics Lunch and Learn Presentation

- Data @ Risk - Protecting Web Applications Throughout the Development Lifecycle from Hackers
- Tuesday, April 3rd: 12:30pm - 1:15pm
- Brian Christian, Application Security Engineer

This session will discuss common vulnerabilities in the web application layer and why they are so easily exploited. This session demonstrates how to defend against common attacks at the Web application layer with examples covering Web application hacking methods such as SQL Injection, Blind SQL Injection, Cross-Site Scripting (XSS), Parameter Manipulation, etc.

Brian Christian is co-founder and an Application Security Engineer for SPI Dynamics. He has over 12 years of experience within the information technology industry, with the last nine years of his career focused exclusively on Internet security, and is a frequent expert speaker at industry events on web application.

StillSecure Lunch and Learn Presentation

- Cobia™: The Convergence of Networking and Security
- Martin McKeay, Product Evangelist
- Tuesday, April 3rd: 12:30pm - 1:15pm

Come learn from security expert Martin McKeay about the new convergence paradigm for networking and security. Cobia™ is a Unified Network Platform™ that delivers critical network and security functions through open, flexible software. Cobia operates on off-the-shelf hardware and takes advantage of the latest in virtualization capabilities. Learn about the growing Cobia community of users and open source contributors, and how your network can benefit from Cobia.

Martin McKeay is a well known security industry expert, speaker, blogger and podcaster. He is a regular contributor to Computerworld, and he recently launched the security channel for PodTech. Mr. McKeay has 15 years of IT experience, including over 7 years of experience in network security. He holds both CISSP and GIAC-GSNA certifications. Martin can be contacted at mmckeay@stillsecure.com

Watchfire Lunch and Learn Presentation

- Web Application Security 101: Minimizing Your Online Risk
- Tuesday, April 3rd: 12:30pm - 1:15pm
- Armando Bioc, Security Consultant

Watchfire Security Expert Armando Bioc will provide valuable insight into several web application hacking techniques - such as Cross-Site Scripting, Forceful Browsing and SQL Injection -- that are being used today to maliciously attack web-facing applications.

Learn how Watchfire's AppScan® automated web application security testing solution helps enterprises manage and secure, web applications before hackers can exploit them.

As a Security Consultant, Mr. Bioc provides presales technical support for AppScan sales, training for AppScan customers, and security consulting within the web application software development lifecycle and web application vulnerability assessments.

EventTracker Lunch and Learn Presentation

- Detect and Avoid the top 5 Security Threats to Windows Servers
- Wednesday, April 4th: 12:30pm - 1:15pm
- Isaac Thompson, MCSE, Director of Customer Service & Training

Are you able to effectively monitor and protect your Windows Servers from the top 5 Security Threats including: user intrusion attempts; unusual user logon-logoff activity pattern; suddenly emerged listening ports and/or services on a server; excessive access failure by a user; and sudden changes to .exe, .dll and .ini files?

These security threats cannot be monitored through Firewalls and Anti-Virus software alone. Critical alert notifications and an effective resolution strategy will reduce IT costs, while increasing service availability and enhancing the security of your enterprise. Learn why these threats are the top critical threats to your network; how to detect these events, in real-time; and how to avoid costly security breaches.

Isaac Thompson, MCSE, is Director of Customer Service & Training for EventTracker. He has 15 years of IT experience in a variety of programming, technical support and admin positions. Mr. Thompson has worked with EventTracker for the past 3 years, has experience with hundreds of enterprise-wide installations and currently heads up the Tech Support and Training Divisions.

LogLogic Lunch and Learn Presentation

- Selecting A Log Management Approach
- Dr. Anton Chuvakin, Director of Product Management
- Wednesday, April 4th: 12:30pm - 1:15pm

Spend an hour with the Log Management & Intelligence leaders on best practices for selecting a Log Management & Solution.

Should you build, buy, outsource or combine strategies?
What are the ten most important things to ask your Log Management & Intelligence vendor?
What are the best practices being used by the Fortune 500?
When build and when not to build your own?
When to use a combined log management strategy?

Dr Anton Chuvakin, GCIA, GCIH, GCFA is a recognized security expert and author. He is an author and contributor of several books including Security Warrior, Know Your Enemy II, Information Security Management Handbook and Hacker's Challenge 3. Chuvakin has published numerous papers on security issues. He participates in various security industry initiatives and standards organizations.

Q1 Labs Lunch and Learn Presentation

- SIM's First Week on the Job: Training Intelligent Event Correlation Systems to Know Which Alerts Matter
- Wednesday, April 4th: 12:30pm - 1:15pm
- Craig Chamberlain, Principal Security Consultant

Effective, efficient, and robust: vendors often define the capabilities of their SIM solution this way. Yet without proper tuning the solution most often consumes more time than the problem it was deployed to solve. Intelligent tuning techniques can transform a SIM into your most accurate source of security information. Learn what the three most powerful techniques are and how to implement them.

Craig Chamberlain is a Principal Security Consultant at Q1 Labs. Previously, he consulted at a variety of companies around the world on projects in event correlation, network vulnerability modeling and attack simulation, immunization against malicious code, phishing countermeasures, insider threat detection and prevention, service hardening, intrusion and extrusion detection / prevention, penetration testing, web application security and mandatory policy enforcement. Craig has sixteen years of experience in information technology and host / network security. He trained in security tradecraft while working at MIT and his industry experience includes banking, insurance, consulting, software, higher education, and manufacturing. Certifications are: CEH Certified Ethical Hacker, GHTQ GIAC Cutting Edge Hacking Techniques, SSCP Systems Security Certified Professional (ISC2). Publications are available at http://www.craigchamberlain.com.

RippleTech Lunch and Learn Presentation

- Who's in your Data? Steps to Data Security
- Troy Sorzano, Product Specialist
- Wednesday, April 4th: 12:30pm - 1:15pm

Data security is not a project but an ongoing initiative and should be considered a top priority. With more and more data breaches happening everyday, companies need to protect themselves and their clients.

Many organizations are unaware of what critical data is stored in their network and who is actually accessing that data. Preventing data leakage and ensuring data security can only be accomplished once you have control over your critical data.

Join us for a revealing discussion that will use real world case studies to show you how your database is being accessed and how to prevent a leak or attack.

This session will cover:

The need for monitoring critical data
What's in the data and who is accessing it
The data security challenges organizations face
Data security best practices

Troy Sorzano is a Product Specialist at RippleTech, Inc., a leading provider of enterprise IT and data security solutions. Troy has over 20 years of experience building, breaking, and securing network infrastructures. He has worked with top companies, such as Microsoft, to secure data access vulnerabilities and weaknesses.

SenSage Lunch and Learn Presentation

- The SIM data warehousing challenge - Mining 100 billion events to detect terrorist activity: a case study
- Dan Barahona, Vice President of Emerging Markets
- Wednesday, April 4th: 12:30pm - 1:15pm

This session will discuss the challenges of SIM data warehousing and the need to collect, store and analyze massive volumes of event data. As organizations struggle to cope with the terabytes of data, new strategies are needed to do so efficiently and cost-effectively. SenSage will present a case study on extracting critical information from a 100 billion record event data repository.

Dan Barahona has spent much of the past decade in executive operational roles for emerging and established technology leaders. With a unique combination of business acumen and technical expertise, Dan has become an expert on issues involving information systems monitoring - including regulatory compliance, insider abuse, forensics, and legal issues. A published author on IT security, Dan often speaks to the impact of core regulatory requirements such as HIPAA, GLBA, Sarbanes Oxley, FERC, FISMA, NISPOM, and DCID 6/3. Dan has a B.S. degree in Engineering from the Rensselaer Polytechnic Institute, a Master of Engineering degree from Cornell University, and an MBA from the University of Michigan.

Secure Computing Lunch and Learn Presentation

- On the Frontlines in the War Against Online Transnational Organized Crime
- Dmitri Alperovitch, Principal Research Scientist
- Thursday, April 5th 12:30pm - 1:15pm

Phishing, worms, pharming, spam, botnets - the attacks are different and constantly evolving but their cause remains the same: emergence of international and transnational, extremely technically competent, and hierarchically organized online criminal enterprises with secure underground economies for sale and exchange of skills and services that help facilitate their criminal activities.

Dmitri Alperovitch serves as Principal Research Scientist for Secure Computing, the global market leader in messaging security. As one of Secure Computing's leading researchers, he manages Secure Computing's Global Research team. Alperovitch received a Masters degree in Information Security from the Georgia Institute of Technology, graduating magna cum laude in 2003.

Other Events

Norman Data Defense Systems Hands-On Demo

- Malware Analysis, a hands-on look at the Norman SandBox Analyzers!
- Friday, March 30th: 6:00pm - 7:00pm
- Kurt Natvig

Kurt Natvig: Kurt Natvig started programming in 1987. He started working for Norman ASA in 1994. In 1995 he began developing Norman's first emulator. In 1999 Kurt was elected as a CARO member, and is also a member of AVED. He introduced the Norman SandBox during in 2001.

Net Optics, Inc. Cocktail Brief

- Taps in IT Network Analysis and Security Monitoring
- Dan McCarthy
- Monday, April 2nd: 5:30pm - 6:45pm
- Randle C

Net Optics presents an overview on the value and features that are inherent to Test Access Port (Tap) technology and how Taps are used in network analysis and security monitoring. Learn how both IT network and security professionals can share a common point into the network. Dan McCarthy is responsible for Business Development at Net Optics. In this role he works with OEM's, End-Users and Resellers to develop passive monitoring solutions for customer networks. He is well versed in the entire Net Optics product line and is a frequent speaker for Net Optics.

Sourcefire, Inc. Cocktail Brief

- Enterprise Threat Management: Bringing Security Together Through Intelligence
- Monday, April 2nd, 2007 5:30pm - 6:45pm
- Martin Roesch, CTO and Founder, Sourcfire®, Inc. Creator of SNORT®

The days of "see a threat, buy a box" are gone. In this presentation, Martin Roesch will discuss how a holistic security approach is evolving-one that unifies Network Behavior Analysis (NBA), Vulnerability Assessment, Intrusion Prevention, and Network Access Control (NAC). Many are calling this approach, "Enterprise Threat Management (ETM)."

Splunk Hands-On Demo, Cocktail Brief

- Splunk's IT Search Engine and 3.0 Sneak Peak
- Christina Noren, VP of Product and Support
- Tuesday, April 3rd 5:30pm - 6:45pm

Join Splunk for a demo of our IT search engine. Splunk software indexes and securely manages all your logs and IT data in real time. From one place you can search logs for security/compliance, application servers, network services and email. We'll give a comprehensive demo and preview new features coming in 3.0.

Christina is an authority on enterprise log solutions for large-scale data management, systems management, security information management and IT security compliance. Christina has held positions at SenSage, Portal Software and Sonic Solutions. At Microsoft's MSN group she was responsible for systems management infrastructure across all MSN properties. Christina holds a B.A. in International Finance and Economics.