SANS Institute

Vendor Welcome Reception

- Friday, July 27th: 5:00pm - 9:00pm

This informal reception allows you to visit exhibits and participate in some exciting activities. This is a great time to mingle with your peers and experience firsthand the latest in information security tools and solutions with interactive demonstrations.

During the reception you will see important tools and services in a relaxed environment, providing an opportunity to have one-on-one discussions with technical experts from these organizations.

Vendor Expo

- Friday, July 27th: 12:00pm - 1:30pm and 5:00pm - 9:00pm
- Saturday, July 28th: 12:00pm - 1:30pm

All attendees are invited to meet with leading providers of firewalls, intrusion detection/ prevention systems and enterprise security management who will be demonstrating their latest solutions. The SANS 2007 Vendor Expo showcases product offerings from key technology providers in the commercial tools and services market. Vendors arrive prepared to interact with SANS' technically savvy audience, presenting technical demonstrations and explanations. It's about having your questions answered!

ArcSight Lunch and Learn Presentation

"Unleashing the Value of Enterprise Log Data"
Speaker: Ansh Patnaik, Sr. Product Manager
Thursday, July 26th, 2007 12:30pm - 1:15pm

Join us to learn how organizations are managing large volumes of log data and meeting complex compliance requirements. By collecting logs at high rates from a wide-range of sources and then easily making appropriate data available across their organization, they can use their log data to do their job more effectively and efficiently. Join Ansh Patnaik, Sr. Product Manager at ArcSight, to see a demo and learn how your organization can benefit from a high-performance and easily searchable log archive that can inexpensively store log data for several years.

Ansh Patnaik is responsible for developing content that articulates ArcSight's market and product leadership in the Security Information Management and Log Management space. Previously, Ansh was a Systems Engineer for BindView Corporation, a Sales Engineer at Omniva Policy Systems, and Ansh has also worked in the Data Warehousing/Analytics space with companies like MicroStrategy and NetPerceptions. Ansh Patnaik is a member of the San Francisco chapters of ISSA and ISACA and maintains the CISSP certification.

Mu Security Lunch and Learn Presentation

"IPv6 Security Analysis - What You Don't Know Will Hurt You.."
Speakers: Jefferey Dunn, Advanced Technology, IPv6 Manager, NetStar -1 and Thomas Maufer, Director of Technical Marketing, Mu Security, Inc.
Thursday, July 26th, 2007 12:30pm - 1:15pm

IPv6 is a complex upgrade to the existing Internet Protocol (IPv4). IPv6 migration is difficult and poorly understood yet mandated by the US and other governments to take advantage of improved security, multimedia, and mobility. IPv6 security analysis, adaptively transports protocols over IPv4 and IPv6, measuring robustness, availability and security.

Mr. Dunn is the IPv6 lead for OSD/HA Military Health Services. He joined Naval Research Laboratory in 1987, becoming Global Information Grid project manager and subsequently chief scientist. He modeled IP network performance using non-linear and spectral analysis techniques. Mr. Dunn has a B.A. in Physics from Johns Hopkins University.

Thomas Maufer is Director of Technical Marketing for Mu Security, Inc. He has held various marketing and engineering/architect roles at NVIDIA and 3Com for networking products from NICs up to routers. He also managed metropolitan connectivity for NASA's Goddard Space Flight Center, and has written three books on computer networking.

Norman Data Defense Systems

- Malware Analysis the Efficient Way!
- Matt Allen
- Thursday, July 26th: 12:30pm - 1:15pm

Without the right tools, analyzing malware can be a time consuming and cumbersome task. With Norman SandBox Analyzer batches of malware can be analyzed with speed down to 13 seconds per file, with the SandBox Analyzer Pro you can easily debug malware code more precisely and effective than previously possible.

Hurry, seating is limited to the first 50 students!

Participate in a one hour hands-on session of Norman SandBox Analyzer Tools and get a 14 day demo copy of the software.

Matt Allen: With backgrounds in computer and information sciences as well as business, Matt Allen has worked in a number of different roles at Norman over the past 5 years, varying from incident response to web and software development. Matt is currently working with the SandBox team on various projects ranging from development to marketing.

Ounce Labs Lunch and Learn Presentation

"Models for Implementing Security Testing During Software Development"
Speaker: Ryan Berg, Chief Scientist
Thursday, July 26th, 2007 12:30pm - 1:15pm

What is the best model for developing secure software in your organization? This session discusses practical models for source code analysis within the software development lifecycle, including models that give responsibility to developers, QA staff, and security teams, explaining the specific requirements for each approach as well as expected outcomes.

Ryan is a popular speaker, instructor, and author, in the fields of security, risk management, and secure development processes. He holds patents and patents pending in multi-language security assessment, kernel-level security, intermediary security assessment language, and secure remote communication protocols. He is the Co-Founder and Chief Scientist for Ounce Labs.

SafeBoot Lunch and Learn Presentation

"SafeBoot Device Encryption v5.1 - Full Volume Encryption for the Enterprise"
Speaker: Simon Hunt, CTO, SafeBoot
Thursday, July 26th, 2007 12:30pm - 1:15pm

Simon Hunt, Chief Technology Officer, SafeBoot Simon Hunt has served as a recognized specialist in the security industry for more than ten years, with special focus on data encryption.

A founding employee of SafeBoot, Simon steered the product line from an end-user managed solution to an award-winning enterprise scalable and manageable system. Hunt's IT consultancy and training background includes five years with security product providers and three years with a Fortune-500 company.

Sourcefire, Inc. Cocktail Brief Presentation

"Creator of SNORT®, EnterpriseThreat Management: Bringing Security Together Through Intelligence."
Speaker: Martin Roesch, CTO and Founder
Thursday, July 26th, 2007 6:00pm - 7:15pm

The days of "see a threat, buy a box" are gone. In this presentation, Martin Roesch will discuss how a holistic security approach is evolving-one that unifies Network Behavior Analysis (NBA), Vulnerability Assessment, Intrusion Prevention, and Network Access Control (NAC) under one management console. Many are calling this approach, "Enterprise Threat Management (ETM)."

Martin Roesch founded Sourcefire in 2001 and serves as its CTO. An authority on intrusion prevention technology and forensics, he is responsible for the technical direction and product development efforts. Martin is also the author and lead architect of the Snort Intrusion Prevention System that forms the foundation for the Sourcefire 3D System.

Net Optics, Inc. Cocktail Brief

"Taps in IT Network Analysis and Security Monitoring"
Speaker: Dennis Carpio
Saturday, July 28th, 2007 6:00pm - 7:15pm

Net Optics presents an overview on the value and features that are inherent to Test Access Port (Tap) technology and how Taps are used in network analysis and security monitoring. Learn how both IT network and security professionals can share a common point into the network.

Dennis Carpio heads Product Development at Net Optics. One of the earliest members of the team, Dennis is an expert on all Net Optics products. Dennis works directly with key customers and partners on education of passive network access for secure monitoring solutions, as well as identifying future technical advances.

Core Security Lunch and Learn Presentation

- Efficient Vulnerability Management with Penetration Testing
- Sunday, July 29th: 12:30pm - 1:15pm
- Anthony Alves, CISSP and Sr. Systems Engineer

This talk will be an opportunity for attendees to see a live demonstration of automated penetration-testing. In just minutes attendees will see CORE IMPACT safely exploit vulnerabilities in a target network, replicating the kinds of access an intruder could achieve, and proving actual paths of attacks that must be eliminated.

Anthony Alves is a CISSP and a Sr. Systems Engineer for Core Security Technologies, providing pre-sales and post-sales support and training for the Core Security Technologies Impact user base. Mr. Alves has more than 8 years of experience working with network and computer security products and tools. He was a Systems Engineer with SonicWALL, Intel Corporation, and Shiva Corporation specializing in their firewall and VPN products.

Seagate Lunch and Learn Presentation

"Seagate Builds Advanced Security Right Into the Drive"
Speaker: Joni Clark, Senior Product Marketing Manager
Sunday, July 29th, 2007 12:30pm - 1:15pm

Seagate® DriveTrust™ technology is integrated data security that relieves software of complicated tasks such as full disk encryption, key management and pre-boot authentication.

Seagate Ships a Security Expert in Every Disk Drive

• Cryptography Services
• Secure Partitions
• Security Firmware/Hardware
• Trusted Send/Receive Commands

Joni Clark is a senior product marketing manager for Seagate notebook storage. Joni has been in the industry for over 15 years and has driven the launch of new products such as the first Serial ATA disk drive. She continues launching new products, including Seagate's new DriveTrust security platform.

EMC Corporation Lunch and Learn Presentation

"Log Management Best Practices"
Speaker: Eddie Contreras, RSA envision
Monday, July 30th, 2007 12:30pm - 1:15p

Businesses today increasingly find themselves between a rock and a hard place. Even as their log and event data exponentially grows, they face ever stricter regulatory and compliance conditions to collect, analyze and report on this data. This discussion will examine the myriad of real-world ways companies can keep up with their data without compromising its intelligence or integrity.

A thought leader in helping companies collect and dynamically analyze all the data that is generated within their networks, RSA, The Security Division of EMC provides unmatched scalability and visibility to transform this data into compliance and security success.

McAfee Lunch and Learn Presentation

"The Open Source Code Risk / Security Risk Management"
Speaker: John R. Hill, CISSP, Security Evangelist
Monday, July 30th, 2007 12:30pm - 1:15pm

Malware is following software developers' best practices by utilizing open source. The hacking underground is adopting tools and concepts to better improve spyware, spam, worms and other malware. The threat to information security continues to rise and increase in virulence. McAfee will discuss the latest trends and tools in use by the underground and why we could be paying the price!

John R. Hill is a Security Evangelist and a Certified Information Systems Security Professional (CISSP) at McAfee, Inc. McAfee, Inc. is a leading global provider of security solutions that prevent intrusions on networks and protect critical systems from the next generation of blended attacks and threats. His career in the network infrastructure and information security industry spans over 12 years of experience.

Mr. Hill is involved in the development of security technology, architecture, and strategy, along with communicating business oriented security solutions and goals for enterprise and governmental clients.

Sourcefire, Inc. Lunch and Learn Presentation

"Creator of SNORT®, The Future of Snort"
Speaker: Martin Roesch, CTO and Founder
Monday, July 30th, 2007 12:30pm - 1:15pm

With over 3,000,000 downloads and 150,000 active users, Snort is the most widely deployed and trusted intrusion detection and prevention technology worldwide. How will Snort evolve over the next couple of years to keep up with the ever-changing network security landscape? Join Marty Roesch as he shares his vision of future Snort features.

Martin Roesch founded Sourcefire in 2001 and serves as its CTO. An authority on intrusion prevention technology and forensics, he is responsible for the technical direction and product development efforts. Martin is also the author and lead architect of the Snort Intrusion Prevention System that forms the foundation for the Sourcefire 3D System.

LogLogic Lunch and Learn Presentation

"Choosing Your Log Management Approach"
Speaker: Dr. Anton Chuvakin, GCIA, GCIH, GCFA
Tuesday, July 31st, 2007 12:30pm - 1:15pm

Spend an hour with the Log Management & Intelligence leaders on best practices for selecting a Log Management & Solution.

Should you build, buy, outsource or combine strategies?

• What are the ten most important things to ask your Log Management & Intelligence vendor?
• What are the best practices being used by the Fortune 500?
• When build and when not to build your own?
• When to use a combined log management strategy?

Dr Anton Chuvakin, GCIA, GCIH, GCFA is a recognized security expert and author. He is an author and contributor of several books including Security Warrior, Know Your Enemy II, Information Security Management Handbook and Hacker's Challenge 3. Chuvakin has published numerous papers on security issues. He participates in various security industry initiatives and standards organization.