| Wednesday, September 17 |
|---|
| 1:30 pm–2:30 pm |
Conference Sessions
 Preventing Data Leaks: How to Identify, Protect and Sustain Sensitive Data Concept: Data Leak PreventionFor security programs to be successful in 2008, executives must be able to consistently evaluate their organization's security performance, determine the highest "at risk" areas within the organization, and ensure that their most sensitive data remains protected. This includes evaluating sensitive information, writing enforceable policies, implementing appropriate security mechanisms, educating employees on policies and compliance and assessing and monitoring the security program once in place. Businesses who can find a way to securely share information and protect it from exploitation while complying with strictly enforced governmental regulations will emerge as leaders. This session will discuss the value of protecting sensitive content within an organization and study the steps required to plan, implement, deploy and sustain a solution to secure it. Speaker - Todd Graham, Chief Scientist, RSA, The Security Division of EMC Todd Graham brings a unique blend of technical knowledge and an understanding of market requirements that allows RSA to provide powerful solutions to real-world problems. During his tenure at Tablus (now RSA Security), Graham has been an integral part in the development of the Tablus content loss prevention platform that enables organizations to locate, monitor and protect sensitive content from loss or misuse. Graham joined Tablus through its acquisition of Indigo Security in January, 2005 where he was the founder and chief technology officer. Prior to founding Indigo, he was founder and CEO of Digital-3, a digital audio device platform start-up. Graham was honored as the Michigan Young Entrepreneur of the Year in 2002 and named one of BusinessWeek's Best Young Technology Entrepreneurs in 2007.
|
| 2:45 pm–3:45 pm |
Conference Sessions
What About the Endpoint? A Discussion of Endpoint Security Concepts and TrendsThe attack community has begun to shift gears and focus more on the endpoint and less on the network, as well as the supporting infrastructure that the endpoint relies upon. This new level of attention has already resulted in numerous attacks using spyware tools, Trojan horse applications, keystroke loggers and other malicious software that is being installed without the knowledge of the users and under the radar screen of current endpoint protection techniques. This session will discuss the key concepts that need to be considered when choosing an endpoint security solution and highlight some of the capabilities that exist in the market today for endpoint security solutions. Moderator - Khalid Kark, Principal Analyst , Forrester Research
Speaker - Michael Maloof, CTO, TriGeo Network Security Michael Maloof, CISSP, is the Chief Technology Officer for TriGeo Network Security where he leads an award-winning team of engineers and researchers working on the cutting edge of real-time network security analysis, event correlation and automated remediation. As a serial entrepreneur, TriGeo is Michael's fourth venture in a career that spans twenty five years of technology research, design and development.
|
| 4:00 pm–5:00 pm |
Conference Sessions
Virtual Reality: Understanding the Security and Compliance Implications of Server VirtualizationServer virtualization is hot! Whether your executives think green or simply want to save some green, everyone is deploying virtualization - the benefits are undeniable. As we embrace virtualization, we must strategically approach security and compliance from the start. Virtualization introduces new attack surfaces and a swath of new availability risks. This brave new world also impacts how we approach compliance, governance, and risk Management. Joshua Corman will explore best practices and real world successes in assuring virtualization benefits while mitigating new risks. Are you virtually secure? Or are you securely virtual? Speaker - Joshua Corman, Principal Security Strategist, IBM Internet Security Systems
Building Security into Your Software Development LifecycleIn the beginning, software vendors thought that they could handle security vulnerabilities as they handle software bugs using their regular support process. Unfortunately, it's not always so easy. Software security vulnerabilities are not like other software defects; they have a timeline and they are not simply triggered by random user events. Once attackers know how to exploit a vulnerability, they will actively attack until it is patched. This "window of vulnerability" has gotten smaller with auto-update and patch management solutions, but having a window of vulnerability at all is a problem. If you are not doing anything to reduce security flaws during your development cycle, you certainly have them in your software. In this session, Chris Wysopal will explain the steps that reduce security defects and how they will be beneficial to securing your code. Speaker - Chris Wysopal, Co-Founder and CTO, Veracode
| | Thursday, September 18 |
|---|
|
| 10:15 am–11:15 am |
Conference Sessions
NAC, NAC - What's There?Network access control has been offered as the Swiss army knife of IT security solutions. It has promised to provide authentication, policy enforcement, identity and access management, ongoing security for the life of a connection, seamless usage in any network that is NAC enabled and many other capabilities. If NAC is the answer then what is the right question to ask? This session will provide a realistic perspective on what NAC can and cannot provide in regards to information security. Concepts that will be discussed will include an update on vendor interoperability and standards, case studies of successful and not so successful implementations, an overview of what NAC truly can and cannot provide, discussion of requirements (both network and application), and what the future holds for NAC. Speaker - Brendan O'Connell, Senior Manager, Product Management, Cisco Systems, Inc.
Speaker - Manlio Vecchiet, Group Product Manager, Windows Server Division, Microsoft Manlio Vecchiet is a Group Product Manager for the Windows Server Marketing Group in Microsoft. His team is responsible for product management of several workloads of Windows Server, including Networking, Network Acces Protection and Terminal Services. He is also responsible for the security enhancements and security solutions in Windows Server 2008. In previous Microsoft positions, Manlio led business and marketing strategy for the Forefront line of security products and was responsible for pricing and licensing for the overall server organization. Prior to joining Microsoft, Manlio was a business consultant for McKinsey & Co. Manlio holds an MBA from INSEAD (France) and a Master in Engineering from University of Rome (Italy).
Speaker - Steve Hanna, Trusted Network Connect (TNC) Co-chair, Trusted Computing Group Steve Hanna is a Distinguished Engineer at Juniper Networks. As co-chair of the Trusted Network Connect Work Group in the TCG and the Network Endpoint Assessment Working Group in the IETF, Steve has a deep and broad understanding of Network Access Control technology. He is the author of many papers, an inventor or co-inventor on 32 issued U.S. patents, and a regular speaker at industry events.
|
| 11:30 am–12:30 pm |
Conference Sessions
|
| 3:15 pm–4:15 pm |
Conference Sessions
Anatomy of a Malware AttackToday the threat has changed. Hackers are no longer kids trying to create a name for themselves; they're professionals with a vast network and are capable of increasingly sophisticated and highly targeted attacks. In fact, many of today's attacks are so stealthy that the victims may not even realize their systems have been compromised for days, weeks or even months. So how do organizations address malware attacks as part of their overall risk management program? What steps can you take to ensure that your organization is not the next TJX or Ameritrade? This session will provide an overview of the attacks targeting the enterprise today, as well as an insider's look into how a malware attack is executed and what tools are needed to respond effectively. The presentation will provide recent statistics on malware from the Kaspersky Anti-Virus Research Lab in Moscow and the specific business risks they represent. Key components of the presentation will include: risk analysis, virus dissection and recommended mitigation frameworks. Speaker - Tom Bowers, Evangelist, Kaspersky Lab
| | Friday, September 19 |
|---|
|
| 10:15 am–11:15 am |
Conference Sessions
Fixing the Security Blind Spot: New Strategies to Monitor and Stop Insider ThreatsAccording to a survey from the Computer Security Institute, 2007 marked the first year that insider threats topped external attacks as the most pressing security issue. Despite efforts to prevent these breaches, businesses remain shockingly vulnerable. Internal blind spots leave companies open to fraud, policy violations and theft of intellectual property. Security managers lack the real-time monitoring and policy enforcement tools to effectively see and manage end-user activity. What can security teams do? This session will discuss existing approaches and current constraints to preventing insider threats. Attendees will also learn new strategies and techniques for minimizing their risks. Speaker - Paul Smith, CEO, Packet Motion
|
|
