Friday, August 07, 2009

SANS Incident Detection Summit in DC in December

Last month I blogged about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 SANS Forensics and Incident Response 2009 Summit Round-Up. I am pleased to announce that I will be working with SANS to organize a two day SANS Incident Detection Summit in DC in December. I am working on a preliminary agenda that includes two major cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365mes: network-centric detection and host-centric detection. The Summit will include keynotes, practitioner briefings, tool briefings, vendor briefings, and panels.

As we develop cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 content I will report it here. I am excited about this event and look forward to seeing you in December. My goal is to "bring detection back", since we all know that detection never really died!

If cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re are topics you'd like to see at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Summit, feel free to share cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m here. Thank you.

Update: 9-10 December are cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 days for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Summit.

13 comments:

CyberG said...

My 2 cents
- Realtime detection of memory based malware that never touches cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 disk. We have cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 tools to investigate it after cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 fact, but that is after cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 damage has been done. Maybe clear documentation of what occurs when process injection happens at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Native API level and how we can alert on it.

- Detecting tunneled, possibly encrypted traffic buried in http, ssl, dns, etc.

P@ck3t P1MP said...

Richard,

maybe at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 summit you can comment on why cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 DOD thinks HIPS will solve all thier problems and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 reality that it won't..

Anonymous said...

Don;t forget cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 obligatory "Management" track. /grin/ SANS could call its cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 "Management Incident Handling/Response" track. /grin/ And maybe EdS will keynote that track.

Anonymous said...

Hi Richard,

Would be great if you can afford time to do some training.

Look forward.

Regards,
SC

Rob Lee said...

Would love to see a presentation or a panel on utilizing Indicators of Compromise (IOC) lists to perform a Threat Identification Assessment of an enterprise organization. It is anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r way to detect cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Advanced Persistent Threat or Financial Attacks? How can you do this efficiently in an organization beyond network based indicators? Also, should we publicize a known IOC list. How would that be shared? What is preventing that from being shared now?

Anonymous said...
This comment has been removed by a blog administrator.
Unknown said...
This comment has been removed by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 author.
Unknown said...

Would be a great venue to talk more about your 5/30/09 post on Cyber Security!

With Melissa Hathaway resigning and many security experts stating cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y are ready to step up to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 plate if called upon, why do you think cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 position of Cyber Security Coordinator is still vacant?

What would it take to appoint someone of your stature or similar credentials and personality to this position and do you think cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 politics of D.C. ready for this pro-active change?

The political side of security is such a mind draining and in-efficient way of doing business. Winning over mid-level politics seems to be lost cause unless someone higher is holding management's feet to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 fire.

What better way to affect change than at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 White House level pushing from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 top-down national level priorities and accountability.

There are a lot of great security minds being squashed with mid-level politics all over cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 U.S. If we are going to win cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 war of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 digital age, we cannot wait until a national level cyber security disaster happens for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 right people to start listening.

Security specialists seem to be ready for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir call to arms when called upon, but it seems cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 right people at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 top are not hearing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m loud enough.

Dremspider said...

Who is saying HIPs is going to solve everything? To me it is a perfert defense in depth strategy. It isn't perfect but I think for what it does it is a great idea. I do think that it will become better over time.

Anonymous said...

Hi Richard,

maybe a session about how to best detect routing/BGP threats?

Anonymous said...
This comment has been removed by a blog administrator.
wan said...

I think we need to define cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 acceptable Framework for any security monitoring deployment since as far as i know cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is no standard guidelines for example build up SOC

Anonymous said...

I'm interested in how best to scale incident detection on DoD networks.