SANS @Night

Enrich your conference experience!

Evening talks given by our faculty and selected subject matter experts help you broaden your knowledge, get the most for your training dollar, and hear from the voices that matter in computer security.

Hot Trends 2009-2010
- Stephen Northcutt
- Monday, January 26th * 7:00pm-8:00pm

What are the bad guys up to these days, and what do they plan to do next? What are the new technologies? What works and what doesn't? What are leaders in security predicting and are they right? Join Stephen Northcutt as he surveys the present dangers faced by the infosec community and looks ahead to what will be the next security battlegrounds. Our data is in so many places, in so many formats, and we so love to be mobile now, where will we be attacked next, and what can we do to defend?

State of the Hack: The Chinese Threat
- Rob Lee
- Monday, January 26th * 8:00pm-9:00pm

This "straight from the battlefield" presentation will provide case studies that describe in detail the most recent computer security incidents Mandiant has responded to on behalf of the organizations. The three or four anonymous in-depth case studies will be covered about the recent complex hacks against commercial, government, and financial organizations. The talk will go into how the intruders are gaining access, what they are doing, and a discussion of the malware used in the attacks.

Client Side Attacks: Forget 0-day, time for 0-exploit
- Kevin Johnson
- Tuesday, January 27th * 7:00pm-8:00pm

While client side exploit get all the attention, our browsers have become capable of attacking us without an exploitable flaw. Kevin Johnson will present a series of attacks that use the power of our browsers against us. He will explore how the attacks work, and the means of using them during a penetration test.

Electronic Records Out of Control
- Ben Wright
- Tuesday, January 27th * 8:00pm-9:00pm

Technology is creating business records faster than we can update policies to manage them. Lawsuits are demanding e-mails, text messages, meta-data and more in e-discovery, but authoritative guidance on what to keep, how to keep it and how long to keep it is thin. Will artificial intelligence ultimately save the day? Mr. Wright will update with latest developments and thinking.

The Intelligent Network: Protecting the Evolving Network and Securing Virtual Environments
- Stephen Northcutt, SANS Institute
- John Pirc, IBM ISS Product Line & Services
- Wednesday, January 28th * 7:00pm - 8:30pm

What is an Intelligent Network?
Network components are evolving into intelligent convergence equipment, able to make smart decisions about network traffic. Instead of traditional "silos", where each piece of equipment analyzes network traffic for its own purpose (ie: firewall, IPS, IDS, VPN, AV), new convergence equipment combines all of these technologies to deliver Unified Threat Management from a single device. This presentation will discuss how an intelligent network can benefit organizations by providing:

• Network awareness - these devices are aware of normal network traffic.
• More adaptive threat defense - understanding the network traffic and inspecting from multiple "angles" means the devices can adapt to more scenarios than traditional equipment that is checking for only specific types of threats.
• Enabling standardization - administration of the security devices is simplified when it takes place through a single device.
• Simplifying design and deployment - the intelligent network built with convergence technologies can offer a simplified network design over individualized security tools.

John Pirc bio: As IBM ISS Product Line & Services Executive, John is responsible for the direction of the IBM Proventia Network IPS G/GX appliances that compromise IBM's extensive security product portfolio. In addition to providing strategic direction for the Proventia G/GX product line, John works very closely the X-Force team to ensure that critical security content is integrated into the product line. Prior to IBM, John worked as a Product Manager for Cisco's IPS product line and the U.S. Intelligence Community.

John has more than 10 years experience in security research, forensics, and architecting/deploying enterprise wide security solutions for both public and private organizations worldwide. In addition to a BBA in Information Systems from the University of Texas, John also holds the NSA Information Assurance Methodology and Certified Ethical Hacker certifications.

Eliminating Corporate Malware Infections Without Running A/V Software (and, yes, still let your users run Windows)
- Chris Brenton
- Wednesday, January 28th * 8:00pm-9:00pm

Anti-virus software was an effective method of eliminating viruses when propagation rates were slow and malware authors were focused on infecting the largest quantity of systems possible. While we still see some of that today, the true threat over the last four years has been spear attacks for the purposes of extortion or stealing critical business or government information. A signature based solution is ineffective in this model because by the time an attack is detected in the wild, the damage is already done. This talk will present options beyond the treadmill that is an A/V software signature based system. Chris Brenton will demonstrate how application control and white listing can do a better job of controlling malware and virus infections than running actual A/V software.

Crypto: The Pain Killer of Choice
- Dr. Eric Cole, Ph.D.
- Thursday, January 29th * 7:00pm-8:00pm

Many people get addicted to pain killers because they make you feel good. However the problem with pain killers by themselves, is that they treat the symptom, not the problem. If not used carefully, the real problem could get significantly worse since you are not aware of the pain. Crypto has huge value in organizations and is a critical component for a defense in depth strategy. However, many organizations use it incorrectly and therefore it becomes more of a pain killer as opposed to a solution. In this riveting talk, Dr. Cole will dissect the value of Crypto, common mistakes, ways to avoid the pitfalls and creative ways to implement effective crypto within your organization. If your organization is using or thinking about using full disk encryption, SSL, VPNs or encrypted USB devices, you will not want to miss this presentation.

Endpoint Security: The State of the Desktop
- Stephen Northcutt, SANS Institute
- Thursday, January 29th * 8:00pm-9:00pm

The continuous and rapid changes in malware and antivirus solutions are a reflection of the creativity and passion today's hackers and cyber-criminals have for damaging and disrupting an individual or organizational IT environment. As malware improves, better endpoint security solutions must follow. Currently it is unlikely an endpoint system outside of a corporate network could survive a determined attacker's efforts. Classic personal firewall and antivirus solutions are not proving to be enough in the fight against malware, and products in these markets are being replaced with endpoint protection using whitelisting or blacklisting techniques to help enterprises with both performance gains and reduction of security related costs. This talk will discuss the current trends in endpoint solutions and offer guidance on both commercial and free tools to seek the functionality they need, even if it comes from multiple solutions. Join Stephen as he reviews the key features in endpoint security that really matter, how to shop for the best products, and why implementing defense in depth on your organization's endpoint is a best practice.