Security Visibility in the Enterprise
- Jim Hendrick - Master's Degree Candidate
- Wednesday, June 17th, 7:15pm - 7:55pm
Security Visibility. What is it? Don't we get that from our tools? We passed compliance, don't we have visibility? Often driven by regulatory and compliance efforts, security visibility means different things to organizations of all sizes. Many tools or services promise to provide protection, deliver insight, achieve compliance, and a host of other things. And, many projects that are run to implement "best practices" leave the customer feeling either unsure of what they got for the effort or completely overwhelmed and unable to see any real value. In this brief talk, the speaker will cover at a very high level one organization's journey to implement an internal SOC and SIEM, touching on the project structure itself but largely focused on key elements and decisions that can hopefully be instructive in your own organization.
Speaker Bio: Jim Hendrick has been in the IT and computer security field since the 1990s and currently is on the Enterprise Information Security team at Liberty Mutual Insurance where he works on security monitoring efforts including log analysis tools and techniques. He works with local and regional groups to help share what works and learn from what doesn't. Jim has been a developer, a sys-admin, played several technical management roles, and been an infrastructure and security architect on several large projects. He has achieved multiple GIAC certifications including GPPA (formerly GCFW), GCIA, GCIH, GCUX, GCWN and GCPM. Jim is currently enrolled in the SANS Technology Institute working toward his MSISE.
Bonus Sessions
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
- Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
- Vendor: Events hosted by external vendor exhibitors.
- Lunch & Learn: Short presentations given during the lunch break.
- Master's Degree Presentation: Presentations given by SANS Technology Institute's Master's Degree candidates.
Sunday, June 14
| Session | Speaker | Time | Type |
|---|---|---|---|
| Registration Welcome Reception | — | Sunday, June 14th, 5:00pm - 7:00pm | Reception |
Monday, June 15
| Session | Speaker | Time | Type |
|---|---|---|---|
| General Session - Welcome to SANS | Johannes Ullrich | Monday, June 15th, 8:15am - 8:45am | Special Events |
| SANS Technology Institute Information Session | Bill Lockhart | Monday, June 15th, 5:30pm - 7:00pm | Special Events |
| State of the Internet Panel Discussion | Dr. Johannes Ullrich, ISC Director and Marcus Sachs, ISC Director Emeritus | Monday, June 15th, 7:15pm - 9:15pm | Keynote |
Tuesday, June 16
| Session | Speaker | Time | Type |
|---|---|---|---|
| Protecting the Things, Including the Ones You Already Have (and don't know about) | John Thompson, Director, Systems Engineering, ThreatSTOP | Tuesday, June 16th, 12:30pm - 1:15pm | Lunch and Learn |
| Tell It Like It Is - Managing Business Risk with Assurance Report Cards | Kelly Prevett, Product Manager, Tenable Network Security | Tuesday, June 16th, 12:30pm - 1:15pm | Lunch and Learn |
| An Architecture for Continuous Monitoring and Mitigation | Shane Stephens, Federal Systems Engineer | Tuesday, June 16th, 12:30pm - 1:15pm | Lunch and Learn |
| Connect the Dots with Domain Name Intelligence from DomainTools | Mark Kendrick, Director of Solution Engineering, Domain Tools | Tuesday, June 16th, 12:30pm - 1:15pm | Lunch and Learn |
| Advanced Threats Need Comprehensive Defense | Gerald Mancini, Vice President of Engineering | Tuesday, June 16th, 12:30pm - 1:15pm | Lunch and Learn |
| An Incident Response Walk-through: Identifying APT Remote Administration Tools (RATs) with EnCase Endpoint Security | Steve Sunday, Senior Solutions Consultant , Guidance Software | Tuesday, June 16th, 12:30pm - 1:15pm | Lunch and Learn |
| Women in Technology Meet and Greet | — | Tuesday, June 16th, 5:30pm - 6:15pm | Reception |
| A Special Reception for Cyber Leaders & Application Security Professionals | — | Tuesday, June 16th, 6:00pm - 7:00pm | Reception |
| GIAC Program Overview | Jeff Frisk | Tuesday, June 16th, 6:15pm - 7:15pm | Special Events |
| Online Training Baseball Bash | — | Tuesday, June 16th, 6:30pm - 8:00pm | Reception |
| The State of the Takedown: Disrupting Online Cybercrime | John Bambenek | Tuesday, June 16th, 7:15pm - 8:15pm | SANS@Night |
| The 13 Absolute Truths of Security | Keith Palmgren | Tuesday, June 16th, 7:15pm - 8:15pm | SANS@Night |
| How to Run Linux Malware Analysis Apps as Docker Containers | Lenny Zeltser | Tuesday, June 16th, 7:15pm - 8:15pm | SANS@Night |
| Making Awareness Stick | Lance Spitzner | Tuesday, June 16th, 7:15pm - 8:15pm | SANS@Night |
| Faster Than a Speeding Bullet: Can Geolocation Find Supervillains in Your Network? | Tim Collyer - Master's Degree Candidate | Tuesday, June 16th, 7:15pm - 8:15pm | Master's Degree Presentation |
| Insider Threat: The Enemy Within | Doug Thomas and Dr. Eric Cole | Tuesday, June 16th, 7:30pm - 9:30pm | SANS@Night |
| Attacks by BroBot against the US Financial Markets | Donald Smith | Tuesday, June 16th, 8:15pm - 9:15pm | SANS@Night |
| Enterprise PowerShell for Remote Security Assessment | James Tarala | Tuesday, June 16th, 8:15pm - 9:15pm | SANS@Night |
| Debunking the Complex Password Myth | Keith Palmgren | Tuesday, June 16th, 8:15pm - 9:15pm | SANS@Night |
| Securing The Kids | Lance Spitzner | Tuesday, June 16th, 8:15pm - 9:15pm | SANS@Night |
| Practical Attack Detection using Big Data, Semantics, and Kill Chains | Brian Nafziger - Master's Degree Candidate | Tuesday, June 16th, 8:15pm - 9:15pm | Master's Degree Presentation |
Wednesday, June 17
| Session | Speaker | Time | Type |
|---|---|---|---|
| Solutions Expo | — | Wednesday, June 17th, 12:00pm - 1:30pm | Vendor Event |
| Solutions Expo | — | Wednesday, June 17th, 5:30pm - 7:30pm | Vendor Event |
| "Network Security as Counterinsurgency" Replacing The Art of War with FM 3-24 | Kevin Liston | Wednesday, June 17th, 7:15pm - 8:15pm | SANS@Night |
| Windows Exploratory Surgery with Process Hacker | Jason Fossen | Wednesday, June 17th, 7:15pm - 8:45pm | SANS@Night |
| Bueller... Bueller...: Smartphone Forensics Moves Fast. Stay Current or Miss Evidence. | Heather Mahalik | Wednesday, June 17th, 7:15pm - 8:15pm | SANS@Night |
| Security Visibility in the Enterprise | Jim Hendrick - Master's Degree Candidate | Wednesday, June 17th, 7:15pm - 7:55pm | Master's Degree Presentation |
| Unconventional Linux Incident Response | Tom Webb | Wednesday, June 17th, 8:15pm - 9:15pm | SANS@Night |
| Evolving Threats | Paul A. Henry | Wednesday, June 17th, 8:15pm - 9:15pm | SANS@Night |
| Offensive Countermeasures, Active Defenses, and Internet Tough Guys | John Strand | Wednesday, June 17th, 8:15pm - 9:15pm | SANS@Night |
| Creating a Baseline of Process Activity for Memory Forensics | Gordon Fraser - Master's Degree Candidate | Wednesday, June 17th, 8:15pm - 9:15pm | Master's Degree Presentation |
Thursday, June 18
| Session | Speaker | Time | Type |
|---|---|---|---|
| Prevent - Detect - Respond | Rob Frickel, Security Analyst, Infogressive | Thursday, June 18th, 12:30pm - 1:15pm | Lunch and Learn |
| Anatomy of an Attack: It Takes an Expert to Stop Attackers | Stephen Coty, Chief Security Evangelist, Alert Logic | Thursday, June 18th, 12:30pm - 1:15pm | Lunch and Learn |
| Combating Insider Threats - Protecting Your Agency from the Inside Out | Andrew Wild, Chief Information Security Officer, Lancope Inc | Thursday, June 18th, 12:30pm - 1:15pm | Lunch and Learn |
| Real-time Detection, Prevention in Seconds: Make Attackers Part of Your Defense | Jonathon Ross, Systems Engineer, Bit9+Carbon Black | Thursday, June 18th, 12:30pm - 1:15pm | Lunch and Learn |
| Crack the Code and Defeat the Advanced Adversary | Brian O'Neil, SE Manager at Palo Alto Networks | Thursday, June 18th, 12:30pm - 1:15pm | Lunch and Learn |
| Examining the Phishing Aspect of the OPM Breach | Aaron Higbie, CTO and Co-Founder, PhishMe | Thursday, June 18th, 12:30pm - 1:15pm | Lunch and Learn |
| Software Defined Networking / Attacker Defined Networking | Rob Vandenbrink | Thursday, June 18th, 7:15pm - 8:15pm | SANS@Night |
| The Spy with a License to Kill | Matthew Hosburgh - Master's Degree Candidate | Thursday, June 18th, 7:15pm - 7:55pm | Master's Degree Presentation |
| Cyber Counter Intelligence and Deception: Toward Adaptive Defense | Gadi Evron | Thursday, June 18th, 8:15pm - 9:15pm | SANS@Night |
| Outsharing the Bad Guys. How to get involved with the InternetStorm Center | Dr. Johannes Ullrich, ISC Director | Thursday, June 18th, 8:15pm - 9:15pm | SANS@Night |
Friday, June 19
| Session | Speaker | Time | Type |
|---|---|---|---|
| Continuous Monitoring and Real-World Analysis | Seth Misenar | Friday, June 19th, 7:15pm - 8:15pm | SANS@Night |
| Defending Control Systems in an Enterprise Environment | Robert M. Lee | Friday, June 19th, 7:15pm - 8:15pm | SANS@Night |
