SANS Institute

Vendor Events

Vendor Welcome Reception

Thursday, July 24th: 5:00pm - 8:00pm

This informal reception allows you to visit exhibits and participate in some exciting activities. This is a great time to mingle with your peers and experience firsthand the latest in information security tools and solutions with interactive demonstrations.

During the reception you will see important tools and services in a relaxed environment, providing an opportunity to have one-on-one discussions with technical experts from these organizations.

Thursday, July 24th: 12:00pm - 1:30pm and 5:00pm - 8:00pm
Friday, July 25th: 12:00pm - 1:30pm

All attendees are invited to meet with leading providers of firewalls, intrusion detection/ prevention systems and enterprise security management who will be demonstrating their latest solutions. The SANS 2008 Vendor Expo showcases product offerings from key technology providers in the commercial tools and services market. Vendors arrive prepared to interact with SANS' technically savvy audience, presenting technical demonstrations and explanations. It's about having your questions answered!

LogLogic Lunch and Learn Presentation
- "Worst Practices" of Log Management
- Speaker: Dr. Anton Chuvakin, GCIA, GCIH, GCFA
- Wednesday, July 23rd, 2008 * 12:30pm - 1:15 pm

Want to learn all the embarrassing mistakes and pitfalls that await you on the path to log management nirvana? Attend "'Worst Practices' of Log Management" presentation by LogLogic's Logging Evangelist Dr Anton Chuvakin that covers all the things that can go wrong while planning, evaluating, deploying and running a log management solution. Insufficient planning, unrealistic expectations, choosing tools on price alone, lack of logging configuration guidance are among such "worst practices." Each common "worst practice" will be accompanied by suggestions to avoid the errors and do things correctly! Everybody touts "best practices", but this is the place to learn how to avoid the opposite - and have fun in the process.

Dr Anton Chuvakin, GCIA, GCIH, GCFA is a recognized security expert and author. He is an author and contributor of several books including Security Warrior, Know Your Enemy II, Information Security Management Handbook and Hacker's Challenge 3. Chuvakin has published numerous papers on security issues. He participates in various security industry initiatives and standards organization.

NitroSecurity Lunch and Learn Presentation
- Making the Most Informed Security Decisions, Using Context-assisted Data
- Speaker: Mohan Ramanathan, Senior Security Engineer
- Wednesday, July 23rd, 2008 * 12:30pm - 1:15pm

One of the biggest challenges in Information Security is information overload. Learn how to use data intelligently, applying context to your events, flows, and logs in order to quickly assess and mitigate threats.

This presentation includes a live tutorial using NitroView ESM to simplify data analysis and correlation.

Mohan Ramanathan is a Presales Engineer for Nitrosecurity, a leading provider of advanced security solutions. He works with customers in the US Midatlantic region designing and implementing solutions in healthcare, finance, higher education and government sectors. Mohan has almost 20 years of network and IT security experience.

Rapid7, Inc. Lunch and Learn Presentation
- Is Paying for NESSUS Worth the Price?
- Speaker: Dan Hestad, Corporate Training Manager
- Wednesday, July 23rd, 2008 * 12:30pm - 1:15pm

With the lack of reporting and enormous amount of False Positives, it is time to look for other solutions. This presentation will outline the need for a powerful and intelligent all-in-one vulnerability managementsolution. Participants will leave with an understanding of how to protect their global assets, secure mission critical data and protect their customers from hackers and exploits.

Dan Hestad is the Corporate Training Manager for Rapid7. Dan ran the Advanced Threat Analysis Center (ATAC) for Northrop Grumman Corporation and was a Senior Instructor for The Infosec Institute. He has an extensive background and interest in vulnerability research, secure coding, protocol analysis and cryptography. He also has experience in red team and deception operations, Information Operations and Information Warfare. He has assisted several high profile cyber investigations.

Net Optics, Inc. Hands-On Demo, Evening Brief
- "Taps in IT Network Analysis and Security Monitoring"
- Speaker: Tara Reeve, Business Development Manager
- Friday, July 25th, 2008 * 6:00pm - 7:15pm

Net Optics presents an overview on the value and features of Test Access Port (Tap) technology and how Taps are used in network analysis and security monitoring. Learn how both IT network and security professionals can share a common access point to view network traffic.

Tara Reeve is responsible for Business Development at Net Optics. In this role she works with OEM's and Strategic Partners to develop passive monitoring solutions for customer networks. She is well versed in the entire Net Optics product line and is a frequent speaker for Net Optics.

Sourcefire Cocktail Brief
- The Evolution of Network Security Technologies
- Speaker: Martin Roesch, CTO and Founder, Sourcefire®, Inc., Creator of Snort
- Friday, July 25th, 2008 * 6:00pm - 7:15pm

Mr. Roesch will explore what lies beyond IPS and how you can get there. He will address the importance of having context as part of real-time networking security monitoring. Mr. Roesch will also address the value of technologies such as Network Behavior Analysis, Vulnerability Assessment, and Network Access Control.

Martin Roesch founded Sourcefire in 2001 and serves as its CTO. An authority on intrusion prevention technology and forensics, he is responsible for the technical direction and product development efforts. Mr. Roesch is also the author and lead architect of the SNORT® Intrusion Prevention System that forms the foundation for the Sourcefire 3D™ System.

Core Security Lunch and Learn Presentation
- "Efficient Vulnerability Management with Penetration Testing"
- Speaker: Anthony Alves, CISSP and Sr. Systems Engineer
- Saturday, July 26th, 2008 * 12:30pm - 1:15pm

This talk will be an opportunity for attendees to see a live demonstration of automated penetration-testing. In just minutes attendees will see CORE IMPACT safely exploit vulnerabilities in a target network, replicating the kinds of access an intruder could achieve, and proving actual paths of attacks that must be eliminated.

Anthony Alves is a CISSP and a Sr. Systems Engineer for Core Security Technologies, providing pre-sales and post-sales support and training for the Core Security Technologies Impact user base. Mr. Alves has more than 8 years of experience working with network and computer security products and tools. He was a Systems Engineer with SonicWALL, Intel Corporation, and Shiva Corporation specializing in their firewall and VPN products.

Norman Data Defense Systems Lunch and Learn Presentation
- Fighting Self-Defending Malware
- Speaker: Matt Allen, Technology & Forensics Analyst
- Saturday, July 26th, 2008 * 12:30pm - 1:15pm

The session will discuss self defending code techniques used in today's malware. Live malicious samples will be used to demonstrate solutions for dealing with advanced packers, rootkits, and encrypted data sent over the network.

Matt Allen: With backgrounds in computer and information sciences as well as Business, Matt Allen has worked in a number of different roles at Norman during the past 5 years, varying from incident response to web and software Development. Matt is currently working with the SandBox team on various projects ranging from development to marketing.

Cenzic, Inc. Lunch and Learn Presentation
- Stay Ahead of the Hacker Curve - Common Mistakes to Avoid in Securing Web Applications.
- Ed Bender, Director, Technical Services
- Saturday, July 26th, 2008 * 12:30pm - 1:15pm

Join Cenzic for an interactive Lunch & Learn demonstration of Cenzic Web Applications Security Solutions - see how you can prevent hacker attacks via our Enterprise and SaaS solutions. Hear how the threat of hackers and breaches in application security is a fact of life for you and other security professionals; and though finding vulnerabilities fast and adapting to increase government regulations is the name of the game, just keeping up can leave you behind.

In this very interactive demonstration, we will discuss how application vulnerability assessments can be performed using the Hailstorm line of products. Application security testing strategies will be discussed via the Hailstorm web and fat client interfaces. Attention will be paid to using available browser resources to uncover vulnerabilities and handling state during the testing process.

Edward Bender has 20 years of experience within the technology industry undertaking Systems Engineering work for organizations. Ed has performed various roles including application development and application-performance optimization at Convex Computer Corporation, Hewlett Packard and Mercury Interactive. As Director of Technical Services at Cenzic, Ed now uses these experiences to support clients and organizations integrate solutions and address technology challenges in the rapidly evolving Application Security Lifecycle.

Trusted Computer Lunch and Learn Presentation
- Fast, Easy, Automated. . . Linux OS Lock Down
- Sherryl Dorch, VP of Marketing
- Saturday, July 26th, 2008 * 12:30pm - 1:15pm

OS lock down is critical in ensuring security but it can be difficult, time consuming, and prone to error. This session discusses a new tool that allows users to quickly and easily lock down any number of Linux servers to be compliant with industry standard or customized lock down guidelines.

Sherryl Dorch is Vice President of Marketing for Trusted Computer Solutions. With more than eighteen years of information technology marketing experience, Ms. Dorch drives to increase overall brand awareness for TCS in both the government and commercial sectors through strategic marketing programs. Dorch also oversees product marketing and played a significant role in the development and launch of Security Blanket, TCS' new automated Linux lock down tool.