Tuesday, October 27, 2009

Wednesday is Last Day for Discounted SANS Registration

In my off time I'm still busy organizing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 SANS WhatWorks in Incident Detection Summit 2009, taking place in Washington, DC on 9-10 Dec 09. The agenda page should be updated soon to feature all of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 speakers and panel participants. Wednesday is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 last day to register at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 discounted rate.

I wrote cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following to provide more information on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Summit and explain its purpose.

All of us want to spend our limited information technology and security funds on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 people, products, and processes that make a difference. Does it make sense to commit money to projects when we don’t know cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir impact? I’m not talking about fuzzy “return on investment” (ROI) calculations or fabricated “risk” ratings. Don’t we all want to know how to find intruders, right now, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n concentrate on improvements that will make it more difficult for bad guys to disclose, degrade, or deny our data?

To answer this question, I’ve teamed with SANS to organize a unique event -- cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 SANS WhatWorks in Incident Detection Summit 2009, on 9-10 December 2009 in Washington, DC. My goal for this two-day, vendor-neutral, practitioner-focused Summit is to provide security operators with real-life guidance on how to discover intruders in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 enterprise. This isn’t a conference on a specific commercial tool, or a series of death-by-slide presentations, or lectures by people disconnected from reality. I’ve reached out to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 people I know on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 front lines, who find intruders on a regular, daily basis. If you don’t think good guys know how to find bad guys, spend two days with people who go toe-to-toe with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 worst intruders on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 planet.

We’ll discuss topics like cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following:

  • How do Computer Incident Response Teams and Managed Security Service Providers detect intrusions?

  • What network-centric and host-centric indicators yield cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best results, and how do you collect and analyze cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m?

  • What open source tools are cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best-kept secrets in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 security community, and how can you put cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m to work immediately in your organization?

  • What sources of security intelligence data produce actionable indicators?

  • How can emerging disciplines such as proactive live response and volatile analysis find advanced persistent threats?


Here is a sample of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 dozens of subject matter experts who will pack cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 schedule:

  • Michael Cloppert, senior technical member of Lockheed Martin's enterprise Computer Incident Response Team and frequent SANS Forensics blogger.

  • Michael Rash, Senior Security Architect for G2, Inc., author of Linux Firewalls and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 psad, fwsnort, and fwknop security projects.

  • Matt Richard, Malicious Code Operations Lead for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Raycá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365on corporate Computer Emergency Response (RayCERT) Special Technologies and Analysis Team (STAT) program.

  • Martin Roesch, founder of Sourcefire and developer of Snort.

  • Bamm Visscher, Lead Information Security Incident Handler for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 General Electric CIRT, and author of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 open source Sguil suite.


Ron Gula is scheduled to do one keynote and I'm working on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 second. We'll have guest moderators for some panels too, such as Mike Cloppert and Rocky DeStefano.

I look forward to seeing you at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 conference!

2 comments:

Anonymous said...

This will definitely be a 'must attend' for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 season...

Really looking forward to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 investigation of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 issues involved.

Best,
Hal

Unknown said...

I think a three effective and probably underutilized and overlooked ways to determine if hosts in your network are compromised are asset vulnerability and detection/protection signature reference correlation, monitoring of online attack databases and monitoring of outbound web proxy logs.

First, performing your own vulnerability analysis against your hosts using host and network-based enumeration and vulnerability scanning and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n to correlate this with IDS and anti-virus alerts. If you have an alert for an attack to a particular host but you know that host is already patched for that particular CVE or you know you have specific anti-virus/IPS signature protection or not cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n you can have reasonable assurance about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 success of an attack.


A Second way is to monitor online databases such as SANS Dshield to see if any IPs from your public netblocks show up. If ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rs on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 internet are reporting attacks from hosts in your network cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n it's very likely your host is compromised. Setting up an automated process to monitor and alert on several of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se online attack databases would be anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r good layer in your defense-in-depth approach to incident detection.

Third and last, is assuming your company has a restrictive outbound firewall policy and forces users through a content filtering web proxy, you should monitor that proxy log for suspicious activity such as request failures, requests to domains in a black list like Maleware Domain Blocklist or IPs in DShield and to organization or countries that don't make sense for your companies business needs.