CCi5 is honored to present "Watching the Watchers"; this updated eye-opening presentation is primarily told from the intruder’s perspective, providing a state-of-the-union style examination of the challenges facing IT Security today. Topics covered include risk reduction, policy implementation, systems configuration and other areas of interest that should appeal to both the technical audience as well as the executive leadership.The presentation has been built to provide an understanding of both technical considerations as well as the business, fiduciary and legal responsibility within organizations. We will review several topics including business awareness to the security climate in today’s world, accountability within an organization for the actions of Information Security practices and understanding the technical and theoretical path that the intruders are taking in the future and other.Risk reduction will be introduced throughout the discussion as the barometer many organizations use to gauge the initiatives that are undertaken as part of an Information Security program. We will look to assess the impact of both technical and policy based solutions giving examples, as well as case studies and real world examples of where ideas have both worked and fallen on the rocks.We will touch upon regulatory with the aim being is to provide an oversight into the main initiatives companies are facing today. We will be discussing both the theory as well as practical applications of both technical and policy based solutions that businesses are challenged with implementing. As with both risk and regulatory sections of the presentation, the goal is to provide insight into the potential business impact of security within the enterprise through examples and case studies.We will examine how foreign governments, organized crime, motivated computer hackers and competitors are just a small fraction of the threats facing companies today and we will review what is being done to try and combat this offensive both domestically as well as within the greater global community.

Speaker Bio
Chris Roberts, co-founder and president of CCi5, heads a team of cyber security professionals specializing in assessment and forensic investigation. He brings a wealth of knowledge, technical expertise, leadership and analytical skills gained from seventeen years experience in information technology. With a focus on information security, his professional experience includes roles as Information Security Officer and Director of Engineering and Architecture for a large retail firm, CTO and Technical Architect for a counterintelligence firm and leader of IT Security Architecture Project Management for a major international retailer. Mr. Roberts’ background in security assessment and vulnerability testing includes penetration testing, compromise investigation, analysis and documentation. He has developed and implemented company-wide information security awareness programs and frequently speaks and gives presentations on topical security issues. He is an active member of the Systems Administration and Network Security (SANS) organization and an active participant in the Open Web Application Security Project (OWASP) community. He currently serves as a member of ISSC and as a FBI business liaison. His credentials include: CISSP, CCIE and MCT. Chris was educated in the United Kingdom.

Presented by: Chris Roberts, CEO & Founder, CCi5 Inc.

Securing the information assets of an enterprise has never been so important or so complicated. The past several years have seen a significant increase in the number of security threats and vulnerabilities and significant advancements in attack methodologies with new tools, techniques, and attack vectors being released on a weekly basis. Join Accuvant for a lively, interactive discussion to review the latest in current vulnerabilities and tools for ensuring security. Through presentation and live demonstration, attendees will learn about the latest attacks, tools, and techniques employed by today’s hackers, as well as countermeasures that can help protect against these attacks.

Topics of discussion:

• Password security
• Google hacking (data mining)
• Exploit and attack frameworks
• Wireless insecurities (WEP and WPA cracking)
• Application attacks from Information Gathering to SQL Injection
• Physical security (key bumping)
• VoIP hacking and games
• RFID cloning and threats
• Ideas and resources for combating vulnerabilities

Presented By: Accuvant

Securing the information assets of an enterprise has never been so important or so complicated. The past several years have seen a significant increase in the number of security threats and vulnerabilities and significant advancements in attack methodologies with new tools, techniques, and attack vectors being released on a weekly basis. Join Accuvant for a lively, interactive discussion to review the latest in current vulnerabilities and tools for ensuring security. Through presentation and live demonstration, attendees will learn about the latest attacks, tools, and techniques employed by today’s hackers, as well as countermeasures that can help protect against these attacks.

Topics of discussion:

• Password security
• Google hacking (data mining)
• Exploit and attack frameworks
• Wireless insecurities (WEP and WPA cracking)
• Application attacks from Information Gathering to SQL Injection
• Physical security (key bumping)
• VoIP hacking and games
• RFID cloning and threats
• Ideas and resources for combating vulnerabilities

Presented By: Accuvant

Today companies must find ways to achieve business priorities, while cutting costs and doing more with existing staff. That means the value of IT must be strategic and flexible to give their company the business agility to take advantage of new priorities and opportunities as rapid change occurs. This presentation will address how the different approaches to Desktop delivery make IT more strategic and flexible. Attendees of this session will learn about different industries that have implemented a variety of Desktop delivery methods including: VDI, terminal services, hosted desktops, Desktop OS, Application Streaming and BYOC. These solutions have helped companies achieve such business priorities as: Reducing non-essential spends; addressing IT security and BC initiatives; flexible IT to support business changes; and Leveraging the Cloud while reaping Green IT benefits.

Presented By: Citrix Systems

Virtualization technologies have forever changed networks, storage, and servers. As organizations adopt virtual desktops, traditional application distribution and management tools no longer apply. Is application virtualization the next logical step? In this session we’ll compare and contract various approaches to application virtualization. From application streaming to SaaS, we’ll cut through the “markitecture” and examine some of the implications for TCO, licensing and data security. We’ll review customer experiences to date and lessons learned along the way. What actionable steps can organizations take today, and what are the implications for desktop and app rollouts in 2010?

Presented By: Citrix Systems

Download Presentation

There are many attack vectors for compromising the privacy of customers, patients, and employees. Web applications continue to expose valuable information to legitimate users, but are often ill-protected against determined hackers. Lost laptops and USB memory devices risk large scale breaches of thousands of private records. And legitimate insiders, many of whom are now in fear of losing their jobs due to the recession, often email or copy sensitive information ‘just in case.’

In this session, the speaker will explore these various threats and how best to address them, especially in a climate where more access to information is being demanded. The session will focus on two aspects of potential privacy breaches: external threats such as hackers and malware, and internal threats such as careless or malicious insiders.

Presented By: Trend Micro

Download Presentation

Compliance continues to drive widespread adoption of logging and event management products by companies and government agencies. The SANS Institute, in a recent survey, found that not all organizations are equally satisfied with their results. In this presentation, Mike Cerick from Intellitactics, will reflect on the SANS research and highlight what the most satisfied organizations have been able to accomplish with logging products. The presentation includes several examples of live projects using the Intellitactics SAFE logging and event management appliance.

Presented By: NLE & Intellitactics

Download Presentation

Due to today’s world of ever increasing wireless bandwidth and the evolution in 802.11n, companies are challenged with this: how do you solve the additional constraints of this high throughput at the edge of your network, as it channels its way back to the core of the network? Join Bluesocket for a discussion on how to solve this problem and others in the wireless networking space.

Presented By: NLE & Bluesocket

The traditional data center has become overly complex, costly, and inefficient. Data center network architectures require excessive switching tiers to work around low performance and low-density platform characteristics. Growth in the number of users and applications is almost always accompanied by an increase in the number of “silos” of more devices—for both connectivity and security. The additional capital expenses, rack space, power consumption, and management overhead contribute to the overall complexity of maintaining data center operations. Learn how to reduce the total cost of network ownership with architectural innovations delivered via a high-performance product portfolio to provide agility and flexibility. Multiple switching tiers are collapsed, leading to a new simplified network design requiring fewer devices and interconnections. Security services are simplified by consolidating the “security sprawl” of traditional designs into fewer high-capacity and high-performance platforms. Advanced routing capabilities enhance application performance, security, and availability. All of this running over a common operating system with a single management system accelerates application deployments and leads to improved efficiencies in space, power, cooling, and management.

Presented By: Accuvant & Juniper Networks

Logs, if utilized to their full capacity, can reduce significant costs for organizations. Just as you might have seen an increase in speeding tickets lately, a cash-strapped government is taking the route of audits whether it is traffic or regulatory compliance. To add to the complexity, resources in your organization are probably shrinking and your boss expects you to get more out of less. Attend this presentation to learn:

• How can you utilize logs to improve IT operations, security posture and regulatory compliance in your organization
• What are your peers doing to keep pace with rising threats in cyberspace
• What are some of the simplest ways to start saving, today
• What is Security Information and Event Management (SIEM)
• How to achieve high 3 digit ROI with under 3 month payback using 3 simple SIEM/Log Management use cases

Presented By: Accuvant & ArcSight

Download Presentation

Every company has sensitive data that is critical to the organization, from financial data and customer records to patents and product formulas. While the proper use of this information is essential to the operations of the company, it needs to be protected from various forms of misuse and loss. CA DLP helps organizations protect and control this critical data where it is stored or used, and thus reduces the risks associated with uncontrolled information while helping to address compliance regulations and privacy directives. The presentation will focus on how DLP is critical to governance, compliance and protection of your most critical asset: information.

Presented By: CA

Download Presentation

This presentation details the robust data security strategies which have enabled high-profile organizations to successfully defend themselves against dangerous web-site attacks. The seminar will also provide insight into the unique benefits an integrated WAF-vulnerability management solution provides, including the ability to execute data policies that are unmatched in their level of accuracy and granularity.

Presented By: Imperva

Based on the current economic climate and the need to do more with less, there is an increased need to pay close attention to the effective and efficient management and utilization of corporate IT resources. Storage Optimization focuses on bridging the gap between the needs and objectives of the business and the efficient delivery of IT storage. All in an effort to “right size” their infrastructure to meet business objectives without waste or compromise.

Presented By: SunGard Availability Services

Deduplication technology has changed the economics of storage to help you build a reliable, efficient, and cost-effective data protection architecture. Enterprises of all sizes are using deduplication storage to reduce backup costs and simplify data recovery. Learn about five areas where you can leverage the power of deduplication in your environment:

• Backup & Recovery (By Application or Environment)
• Disaster Recovery
• Tape Consolidation
• Remote Site Replication
• Archiving & Compliance

Presented By: Data Domain

Download Presentation

WLAN security has continues to make tech headlines this year, with new hacks, system vulnerabilities and tightening of various compliance requirements, including PCI. Whether or not organizations are using WLAN to support their own users and business applications, clear awareness of the latest developments in WLAN security is an essential component of comprehensive network security architectures.

AirMagnet will review the state of WLAN security, covering the latest attacks, changes to industry regulatory requirements like PCI, help you sort out the real threats and critical business issues, and cover proven strategies to stay ahead of these developments.

Presented By: NLE & AirMagnet

Download Presentation

With the release of FortiOS 4.0, Fortinet has redefined network security again by extending the scope of consolidated security and networking capabilities within FortiGate multi-threat network security platforms. While FortiOS 4.0 includes many new features, the most significant additions to the FortiGate platform include Data Loss Prevention (DLP), WAN Optimization, Application Control, and SSL-Encrypted Traffic Inspection. Organizations of all sizes can now benefit from an integrated solution which offers the most comprehensive suite of security and networking services within a single device—the new services in FortiOS 4.0 joining the already included enterprise-class firewall, IPSec VPN, SSL-VPN, Intrusion Prevention, Antivirus, Web Filtering, Antispam, and Layer 2/3 routing services. With over 40 new features, FortiOS 4.0 delivers on its mission to enable secure business communications while offering the best security, performance, and total cost of ownership possible.

Presented By: Fortinet