| Tuesday, May 19 |
|---|
| 11:30 am–12:30 pm |
Conference Sessions
 Anatomy of Attack - Detecting and Responding to Fraudulent ActivityFraud-related trends will be covered, as well as ways to address those trends including: real-time and forensic analysis, pattern investigation and advanced correlation. Advanced use cases will be explored illustrating perspectives ranging from the nefarious fraudster to the security analyst. Each fraud concept will be juxtaposed against how security information and event management (SIEM) solutions can be leveraged to detect and mitigate the fraud. Speaker - Brian Contos, CSO, Arcsight Mr. Contos has over a decade of worldwide security engineering and management expertise. As ArcSight's CSO he advises government organizations and Global 1,000s on security strategy related to Enterprise Security Management while being an evangelist for the security space. He frequently appears in the media has delivered security-related speeches, white papers, webcasts, podcasts and most recently published two security books: Enemy at the Water Cooler and Physical and Logical Security Convergence. Mr. Contos has held management and engineering positions at Riptech, Lucent Bell Labs, Compaq Computers and the Defense Information Systems Agency.
| | Wednesday, May 20 |
|---|
|
| 10:15 am–11:15 am |
Conference Sessions
Virtual Reality: Understanding the Security and Compliance Implications of Server VirtualizationServer virtualization is hot! Whether your executives think green or simply want to save some green, everyone is deploying virtualizationm - the benefits are undeniable. As we embrace virtualization, we must strategically approach security and compliance from the start. Virtualization introduces new attack surfaces and a swath of new availability risks. This brave new world also impacts how we approach compliance, governance and risk management. Corman will explore best practices and real world successes in assuring virtualization benefits.
Speaker - Josh Corman, Principal Security Strategist, IBM/ISS Joshua Corman serves as Principal Security Strategist for IBM Internet Security Systems. With over a decade in security and IT, Corman designs strategic and technical vision of security solutions for emerging issues. He has spoken at leading industry events such as RSA, Interop, InfoSec, LinuxWorld, and IT Security World. His Evolving Threat campaign encourages strategic approaches for dynamic threats.
VoIP SecurityWe're getting more reports of vulnerabilities being found in IP telephony products, but are any of these being exploited yet? What parts of an IP telephony system are most likely to be targeted, and how likely is it that attackers will succeed in damaging your system? This session will focus on the state of the art in voice over internet protocol (VoIP)/IP telephony/Unified Communications security.
|
| 11:30 am–12:30 pm |
Conference Sessions
The Hows and Whys of Intrusion Detection Event CorrelationIntrusion detection systems (IDSs) have improved over time, but they nevertheless miss attacks and also produce false alarms. Correlating the output of multiple IDSs and devices can compensate for this. This presentation explains how and why this should be done. The manner in which data are correlated is a critical consideration, however. This presentation will explain and critique the major approaches to event correlation, such as statistical correlation, Baysian correlation, alert fusion and rule-based event correlation. The advantages and limitations associated with each type of event correlation method will be explained. Finally, this presentation takes a look at intrusion detection analysis is likely to take in the future.
Speaker - Gene Schultz, CTO/CSO, HighTower Technologies
|
| 2:00 pm–3:00 pm |
Conference Sessions
Network Access Control - Is It Ready For Prime Time?Network access control (NAC) has been offered as the "Swiss Army knife" of IT security solutions. It promises to provide authentication, policy enforcement, identity and access management, ongoing security for the life of a connection, seamless usage in any NAC-enabled network, in addition to many other capabilities. If NAC is the answer, then what are the right questions to ask? This session will provide a realistic perspective on what NAC can and cannot provide in regards to information security. Concepts that will be discussed will include an update on vendor interoperability and standards; case studies of successful and not-so-successful implementations; an overview of what NAC truly can and cannot provide; discussion of both network and application requirements; and what the future holds for NAC.
Are Virtual Infrastructures Secure? More or Less????Before x86 virtualization, network switches provided a secure perimeter to the data center. When IT organizations implement virtualization, some switches move from physical perimeter devices to virtual switches inside a physical server. This shift is an example of the new paradigm of security within a virtual infrastructure. In addition, virtualization introduces new attack surfaces and a swath of new risks. As we embrace virtualization, we must strategically approach security from the start.
It is prudent to secure all infrastructures, virtual ones included. But how does the addition of a virtualization software layer affect securing the entire infrastructure from the application through the hardware? This session will explore the issues around securing a virtual infrastructure and highlight some of the tools available to assist with securing the entire environment.
MBX Conference Sessions
Wireless Security - Strategies and Tools While it can be argued that wireless security has come a long way since the early days of anything but secure systems, new threats demand constant vigilance in defining and implementing enterprise wireless security strategies, policies and solutions. This session will define and explore best practices for mobile security, for both wireless LANs and wide-area, carrier-based wireless networks. We'll review key security requirements and discuss the alternatives available to build enterprise-class secure wireless implementations.
|
| 3:15 pm–4:15 pm |
Conference Sessions
Ready, Set, Attack!The hackers of the world are constantly refining and enhancing their techniques and capabilities, and are typically ahead of the curve of controls which are in place in organizations today. It is important to understand their capabilities and trends in their activities in order to effectively mitigate the risks they create and repel their attacks. This session will discuss the current attacks being utilized by the hacker community and the tools and countermeasures which can be used to repel them.
Speaker - Roel Schouwenberg, Kaspersky
| | Thursday, May 21 |
|---|
|
| 9:00 am–10:00 am |
Conference Sessions
Five Common Mistakes in Securing Web ApplicationsMany organizations lack an overall sense of the best practices for deploying and securing web applications. Despite security practices addressing vulnerability types present within the open web application security project (OWASP) and web application security consortium (WASC) threat classifications, a number of common mistakes are still being made. We will look at five common mistakes that occur when securing web applications and the impact of design flaws on the overall security of an application. Issues such as client-side trust relationships, failure to properly secure application redirection mechanisms, and other elements that can quickly undermine the security of an application, even when diligent security practices are in place.
Speaker - Lars Ewe, CTO, Cenzic Lars Ewe is a technology executive with broad background in (web) application development and security, middleware infrastructure, software development and application/system manageability technologies. Throughout his career Lars has held key positions in engineering, product management/marketing, and sales in a variety of different markets. Prior to Cenzic, Lars was software development director at Advanced Micro Devices, Inc., responsible for AMD's overall systems manageability and related security strategy and all related engineering efforts. Lars has Bachelor of Science and Master of Science degrees in Mechanical Engineering from the Technical University of Munich, Germany.
|
| 10:15 am–11:15 am |
Conference Sessions
State of the Union in Open Source Security Tools - the Good, the Bad and the Grossly Inadequate.The landscape for open source security tools is constantly changing and covers a myriad of aspects of the security world. We will discuss the current "state of the union" in the world of open source security tools, including the latest-and-greatest advancements, what's on the horizon, where there is room for improvement. Additionally, we'll be proposing some new ideas and concepts to address the greatest weaknesses in the realm of open source security tools.
Speaker - Jay Jacobson, CEO, Edgeos Jay is an innovator, serial-entrepreneur, and seasoned technology business executive with extensive experience in the information security, Internet, software, networking, and telecommunications industries. During Jay's career, he has founded and led more than six technology companies and has held key positions at several Fortune 500 enterprises, including American Express, AT&T, Cox Communications, and Sprint. Presently, Jay is the CEO of Edgeos, Inc., the company that created and leads the private-labeled network security and vulnerability assessment industry. Additionally, Jay is a board member or strategic advisor to several corporations, industry groups, and universities.
|
|
