Network Security 2015

Las Vegas, NV | Sat, Sep 12 - Mon, Sep 21, 2015

eAUDIT: Designing a Generic Tool to Review Entitlements

  • Francois Begin - Master's Degree Candidate
  • Tuesday, September 15th, 7:15pm - 7:55pm

In a perfect world, identity and access management would be fully automated. On their first day of work, new employees would receive all the required access to the systems they need in order to perform their job function. Over time, as their roles within the company evolved, these entitlements would be automatically adjusted. Unfortunately, we do not live in a perfect world. Access to systems is often cumulative, with employees keeping access they no longer require. This in turn poses a risk to the enterprise: unneeded access can lead to abuses and increases the possibility of data leakage if an employee is social engineered. This presentation discusses the author's journey in building an entitlement review tool that will be used at TELUS to address some of these challenges. eAUDIT is a custom-built, generic entitlement review system that can simplify the task of reviewing user entitlements. eAUDIT is well-suited to cases where no such tool exists in an enterprise, but can also complement an identity management system that does not fully cover all systems and applications. The presentation covers the design of eAUDIT as well as its current implementation.

Speaker Bio: Francois Begin is a senior security consultant at TELUS, one of the largest telecommunications companies in Canada. In his current role, Francois works on the Security Development, Design and Implementation team. The two prime mandates of this team are to design and deploy large-scale security systems, and to deliver small innovation projects to help security teams at TELUS become more efficient in their day-to-day operations. Francois was accepted as a candidate for the SANS MSISE in 2014 and expects to graduate from the program in September 2016. Outside of work & study, Francois is typically busy trying to keep up with his two young children and his wonderful wife.

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
  • Vendor: Events hosted by external vendor exhibitors.
  • Lunch & Learn: Short presentations given during the lunch break.
  • Master's Degree Presentation: Presentations given by SANS Technology Institute's Master's Degree candidates.
Saturday, September 12
Session Speaker Time Type
GSE Lab Examination Saturday, September 12th, 9:00am - 5:00pm Special Events
Sunday, September 13
Session Speaker Time Type
GSE Lab Examination Sunday, September 13th, 9:00am - 5:00pm Special Events
Registration Welcome Reception Sunday, September 13th, 5:00pm - 7:00pm Reception
Monday, September 14
Session Speaker Time Type
General Session - Welcome to SANS Dr. Eric Cole Monday, September 14th, 8:15am - 8:45am Special Events
Women in Technology Meet and Greet Monday, September 14th, 6:15pm - 7:15pm Reception
WHY? Dr. Eric Cole Monday, September 14th, 7:15pm - 9:15pm Keynote
Tuesday, September 15
Session Speaker Time Type
Want to be a SANS Instructor? Eric Conrad Tuesday, September 15th, 12:30pm - 1:15pm Lunch and Learn
An Architecture for Continuous Monitoring and Mitigation Robert McLean, Systems Engineer, Forescout Technologies Tuesday, September 15th, 12:30pm - 1:15pm Lunch and Learn
Raising the Security Bar with Integrated Threat Defense William Young, Security Sales Engineer, Cisco Systems, Inc. Tuesday, September 15th, 12:30pm - 1:15pm Lunch and Learn
Achieving Continuous Security with Your Limited Resources Dick Faulkner, Vice President of Worldwide Sales, EiQ Networks Tuesday, September 15th, 12:30pm - 1:15pm Lunch and Learn
A Practitioner and Manager's Guide to Optimizing Enterprise Vulnerability Management Jack Daniel, Tenable Network Security Tuesday, September 15th, 12:30pm - 1:15pm Lunch and Learn
Breach Detection 101: What Do Attackers Actually Do In A Network, And How Can You Catch Them? DT Thompson, Sr. Director Product Management, LightCyber Tuesday, September 15th, 12:30pm - 1:15pm Lunch and Learn
Aligning Vulnerability and Privilege Management in the Context of Business Risk Morey Haber, Vice President of Technology, BeyondTrust Tuesday, September 15th, 12:30pm - 1:15pm Lunch and Learn
ICS Security's Response to Targeted Attacks Mike Assante Tuesday, September 15th, 12:30pm - 1:15pm Lunch and Learn
Making Threat Intelligence Work Better for Security Operations Teams Allan Thomson, Chief Technology Officer, LookingGlass Cyber Solutions Tuesday, September 15th, 12:30pm - 1:15pm Lunch and Learn
Turn on the Lights! Case Studies of Malware in Memory Tyler Halfpop , Threat Researcher, Fidelis Cybersecurity Tuesday, September 15th, 12:30pm - 1:15pm Lunch and Learn
Identity is the New Perimeter Dean Thompson, VP Technical Services, Centrify Corporation Tuesday, September 15th, 12:30pm - 1:15pm Lunch and Learn
Evolving Threats Paul Henry Tuesday, September 15th, 7:15pm - 8:15pm SANS@Night
Playing with SCADA's Modbus Protocol Justin Searle Tuesday, September 15th, 7:15pm - 8:15pm SANS@Night
Using an Open Source Threat Model for Prioritized Defense James Tarala Tuesday, September 15th, 7:15pm - 8:15pm SANS@Night
eAUDIT: Designing a Generic Tool to Review Entitlements Francois Begin - Master's Degree Candidate Tuesday, September 15th, 7:15pm - 7:55pm Master's Degree Presentation
What's New in Windows 10 and Server 2016? Jason Fossen Tuesday, September 15th, 8:15pm - 9:45pm SANS@Night
Card Fraud 101 G. Mark Hardy Tuesday, September 15th, 8:15pm - 9:15pm SANS@Night
A History of ATM Violence Erik Van Buggenhout Tuesday, September 15th, 8:15pm - 9:15pm SANS@Night
Coding For Incident Response: Solving the Language Dilemma Shelly Giesbrecht - Master's Degree Candidate Tuesday, September 15th, 8:15pm - 8:55pm Master's Degree Presentation
Wednesday, September 16
Session Speaker Time Type
Vendor Solutions Expo Wednesday, September 16th, 12:00pm - 1:30pm Vendor Event
Vendor Solutions Expo Wednesday, September 16th, 5:30pm - 7:30pm Vendor Event
DLP FAIL!!! Using Encoding, Steganography, and Covert Channels to Evade DLP and Other Critical Controls Kevin Fiscus Wednesday, September 16th, 7:15pm - 8:15pm SANS@Night
iOS Game Hacking: How I Ruled the Worl^Hd and Built Skills For AWESOME Mobile App Pen Test Josh Wright Wednesday, September 16th, 7:15pm - 8:15pm SANS@Night
The Crazy New World of Cyber Investigations: Law, Ethics and Evidence Ben Wright Wednesday, September 16th, 7:15pm - 8:15pm SANS@Night
Death from Above: Hands-On Drone and IoT Hacking Josh Wright, Tim Medin, James Lyne, Steve Sims Wednesday, September 16th, 7:15pm - 9:15pm Special Events
Finding Evil in the Whitelist Josh Johnson - Master's Degree Candidate Wednesday, September 16th, 7:15pm - 7:55pm Master's Degree Presentation
Meterpreter without Meterpreter Mark Baggett Wednesday, September 16th, 8:15pm - 9:15pm SANS@Night
Hacking Back, Active Defense and Internet Tough Guys John Strand Wednesday, September 16th, 8:15pm - 9:15pm SANS@Night
Smartphone and Network Forensics Goes Together Like Peas and Carrots Heather Mahalik and Phil Hagen Wednesday, September 16th, 8:15pm - 9:15pm SANS@Night
Live Long and Prosper by Protecting SPoC! David Belangia - Master's Degree Candidate Wednesday, September 16th, 8:15pm - 8:55pm Master's Degree Presentation
Thursday, September 17
Session Speaker Time Type
A Methodology for Real-Time Automated Threat and Cyber Attack Detection Pablo Garcia, Sales Engineer, Vectra Networks Thursday, September 17th, 12:30pm - 1:15pm Lunch and Learn
"Change the Game -Fight Those who Fight You" Ronnie Tokazowski., Senior Research Engineer, PhishMe Thursday, September 17th, 12:30pm - 1:15pm Lunch and Learn
Crack the Code: Defeat the Advanced Adversary Richard Porter, System Engineer, Palo Alto Networks Thursday, September 17th, 12:30pm - 1:15pm Lunch and Learn
Hackers are Equal Opportunity Businessmen: Everyone's a Target John Thompson, Director, Systems Engineering, ThreatSTOP Thursday, September 17th, 12:30pm - 1:15pm Lunch and Learn
Sophos/Infogressive Lunch and Learn Justin Kallhoff, CEO and Founder, Infogressive Thursday, September 17th, 12:30pm - 1:15pm Lunch and Learn
Tackling Application Security Challenges Through Progressive Scanning Michael M. Class, Web Application Security Subject Matter Expert, Qualys Thursday, September 17th, 12:30pm - 1:15pm Lunch and Learn
Anomaly Detection: Boots on the Ground for 21st Century Cyber Warfare Greg Wessel, COO, Triumfant Thursday, September 17th, 12:30pm - 1:15pm Lunch and Learn
Social Threat Intelligence (STI) Trevor Welsh Principal Security Strategist, ThreatStream Thursday, September 17th, 12:30pm - 1:15pm Lunch and Learn
#SecurityisaMyth Jeff Guilfoyle, Principal SE, Symantec Managed Security Services Thursday, September 17th, 12:30pm - 1:15pm Lunch and Learn
Debunking the Complex Password Myth Keith Palmgren Thursday, September 17th, 7:15pm - 8:15pm SANS@Night
Malware Analysis Essentials using REMnux Lenny Zeltser Thursday, September 17th, 8:15pm - 9:15pm SANS@Night
Friday, September 18
Session Speaker Time Type
Making Awareness Stick Lance Spitzner Friday, September 18th, 7:15pm - 8:15pm SANS@Night
Securing The Kids Lance Spitzner Friday, September 18th, 8:15pm - 9:15pm SANS@Night