Presented by: Joel Scambray, CEO, Consciere & Co-Author, "Hacking Exposed"

This presentation will share some candid thoughts resulting from nearly 15 years practicing information security, focusing on the way modern security leaders think, process information, and solve problems. It will cover strategies that work, don't work, and ideas for evolving the state of any information security program in step with emerging trends.

SPEAKER BIO: Joel Scambray is co-founder and Managing Member of Consciere, provider of strategic security advisory services. He has assisted companies ranging from members of the Fortune 50 to newly minted startups with information security challenges and opportunities over a dozen years. In addition to Hacking Exposed Web Apps, Joel is co-author of Hacking Exposed: Network Security Secrets & Solutions, the international best-selling Internet security book that first appeared in 1999. He is also lead author of the Hacking Exposed Windows series. He has spoken widely on information security at forums including Black Hat, I-4, and The Asia Europe Meeting (ASEM), as well as organizations including CERT, The Computer Security Institute (CSI), ISSA, ISACA, SANS, private corporations, and government agencies, such as the Korean Information Security Agency (KISA), FBI, and the RCMP.

Joel's background includes roles as an executive, consultant, and entrepreneur. He has been a Senior Director at Microsoft Corporation, where he led Microsoft's online services security efforts for three years before joining the Windows platform and services division to focus on security technology architecture. He co-founded security software and services startup Foundstone Inc. and helped lead it to acquisition by McAfee for $86M. In 2007, he helped lead US-based Leviathan Security from start-up to well-recognized boutique security consultancy. He previously held positions as a Manager for Ernst & Young, security columnist for Microsoft TechNet, Editor at Large for InfoWorld Magazine, and Director of IT for a major commercial real estate firm. Joel's academic background includes advanced degrees from the University of California at Davis and Los Angeles (UCLA), and he is a Certified Information Systems Security Professional (CISSP).

Securing the information assets of an enterprise has never been so important or so complicated. The past several years have seen a significant increase in the number of security threats and vulnerabilities and significant advancements in attack methodologies with new tools, techniques, and attack vectors being released on a weekly basis. Join Accuvant for a lively, interactive discussion to review the latest in current vulnerabilities and tools for ensuring security. Through presentation and live demonstration, attendees will learn about the latest attacks, tools, and techniques employed by today's hackers, as well as countermeasures that can help protect against these attacks.

Topics of discussion:

• Password security
• Google hacking (data mining)
• Exploit and attack frameworks
• Wireless insecurities (WEP and WPA cracking)
• Application attacks from Information Gathering to SQL Injection
• Physical security (key bumping)
• VoIP hacking and games
• RFID cloning and threats
• Ideas and resources for combating vulnerabilities

Presented By: Accuvant

Securing the information assets of an enterprise has never been so important or so complicated. The past several years have seen a significant increase in the number of security threats and vulnerabilities and significant advancements in attack methodologies with new tools, techniques, and attack vectors being released on a weekly basis. Join Accuvant for a lively, interactive discussion to review the latest in current vulnerabilities and tools for ensuring security. Through presentation and live demonstration, attendees will learn about the latest attacks, tools, and techniques employed by today's hackers, as well as countermeasures that can help protect against these attacks.

Topics of discussion:

• Password security
• Google hacking (data mining)
• Exploit and attack frameworks
• Wireless insecurities (WEP and WPA cracking)
• Application attacks from Information Gathering to SQL Injection
• Physical security (key bumping)
• VoIP hacking and games
• RFID cloning and threats
• Ideas and resources for combating vulnerabilities

Presented By: Accuvant

Today companies must find ways to achieve business priorities, while cutting costs and doing more with existing staff. That means the value of IT must be strategic and flexible to give their company the business agility to take advantage of new priorities and opportunities as rapid change occurs. This presentation will address how the different approaches to Desktop delivery make IT more strategic and flexible. Attendees of this session will learn about different industries that have implemented a variety of Desktop delivery methods including: VDI, terminal services, hosted desktops, Desktop OS, Application Streaming and BYOC. These solutions have helped companies achieve such business priorities as: Reducing non-essential spends; addressing IT security and BC initiatives; flexible IT to support business changes; and Leveraging the Cloud while reaping Green IT benefits.

Presented By: Citrix Systems

Virtualization technologies have forever changed networks, storage, and servers. As organizations adopt virtual desktops, traditional application distribution and management tools no longer apply. Is application virtualization the next logical step? In this session we'll compare and contract various approaches to application virtualization. From application streaming to SaaS, we'll cut through the "markitecture" and examine some of the implications for TCO, licensing and data security. We'll review customer experiences to date and lessons learned along the way. What actionable steps can organizations take today, and what are the implications for desktop and app rollouts in 2010?

Presented By: Citrix Systems

Download Presentation

There are many attack vectors for compromising the privacy of customers, patients, and employees. Web applications continue to expose valuable information to legitimate users, but are often ill-protected against determined hackers. Lost laptops and USB memory devices risk large scale breaches of thousands of private records. And legitimate insiders, many of whom are now in fear of losing their jobs due to the recession, often email or copy sensitive information 'just in case.'

In this session, the speaker will explore these various threats and how best to address them, especially in a climate where more access to information is being demanded. The session will focus on two aspects of potential privacy breaches: external threats such as hackers and malware, and internal threats such as careless or malicious insiders.

Presented By: Trend Micro

Download Presentation

Compliance continues to drive widespread adoption of logging and event management products by companies and government agencies. The SANS Institute, in a recent survey, found that not all organizations are equally satisfied with their results. In this presentation, Mike Cerick from Intellitactics, will reflect on the SANS research and highlight what the most satisfied organizations have been able to accomplish with logging products. The presentation includes several examples of live projects using the Intellitactics SAFE logging and event management appliance.

Presented By: NLE & Intellitactics

Download Presentation

Due to today’s world of ever increasing wireless bandwidth and the evolution in 802.11n, companies are challenged with this: how do you solve the additional constraints of this high throughput at the edge of your network, as it channels its way back to the core of the network? Join Bluesocket for a discussion on how to solve this problem and others in the wireless networking space.

Presented By: NLE & Bluesocket

The traditional data center has become overly complex, costly, and inefficient. Data center network architectures require excessive switching tiers to work around low performance and low-density platform characteristics. Growth in the number of users and applications is almost always accompanied by an increase in the number of “silos” of more devices—for both connectivity and security. The additional capital expenses, rack space, power consumption, and management overhead contribute to the overall complexity of maintaining data center operations. Learn how to reduce the total cost of network ownership with architectural innovations delivered via a high-performance product portfolio to provide agility and flexibility. Multiple switching tiers are collapsed, leading to a new simplified network design requiring fewer devices and interconnections. Security services are simplified by consolidating the “security sprawl” of traditional designs into fewer high-capacity and high-performance platforms. Advanced routing capabilities enhance application performance, security, and availability. All of this running over a common operating system with a single management system accelerates application deployments and leads to improved efficiencies in space, power, cooling, and management.

Presented By: Accuvant & Juniper Networks

Logs, if utilized to their full capacity, can reduce significant costs for organizations. Just as you might have seen an increase in speeding tickets lately, a cash-strapped government is taking the route of audits whether it is traffic or regulatory compliance. To add to the complexity, resources in your organization are probably shrinking and your boss expects you to get more out of less. Attend this presentation to learn:

• How can you utilize logs to improve IT operations, security posture and regulatory compliance in your organization
• What are your peers doing to keep pace with rising threats in cyberspace
• What are some of the simplest ways to start saving, today
• What is Security Information and Event Management (SIEM)
• How to achieve high 3 digit ROI with under 3 month payback using 3 simple SIEM/Log Management use cases

Presented By: Accuvant & ArcSight

Download Presentation

Every company has sensitive data that is critical to the organization, from financial data and customer records to patents and product formulas. While the proper use of this information is essential to the operations of the company, it needs to be protected from various forms of misuse and loss. CA DLP helps organizations protect and control this critical data where it is stored or used, and thus reduces the risks associated with uncontrolled information while helping to address compliance regulations and privacy directives. The presentation will focus on how DLP is critical to governance, compliance and protection of your most critical asset: information.

Presented By: CA

Download Presentation

This presentation details the robust data security strategies which have enabled high-profile organizations to successfully defend themselves against dangerous web-site attacks. The seminar will also provide insight into the unique benefits an integrated WAF-vulnerability management solution provides, including the ability to execute data policies that are unmatched in their level of accuracy and granularity.

Presented By: Imperva

Based on the current economic climate and the need to do more with less, there is an increased need to pay close attention to the effective and efficient management and utilization of corporate IT resources. Storage Optimization focuses on bridging the gap between the needs and objectives of the business and the efficient delivery of IT storage. All in an effort to “right size” their infrastructure to meet business objectives without waste or compromise.

Presented By: SunGard Availability Services

Deduplication technology has changed the economics of storage to help you build a reliable, efficient, and cost-effective data protection architecture. Enterprises of all sizes are using deduplication storage to reduce backup costs and simplify data recovery. Learn about five areas where you can leverage the power of deduplication in your environment:

• Backup & Recovery (By Application or Environment)
• Disaster Recovery
• Tape Consolidation
• Remote Site Replication
• Archiving & Compliance

Presented By: Data Domain

Download Presentation

WLAN security has continues to make tech headlines this year, with new hacks, system vulnerabilities and tightening of various compliance requirements, including PCI. Whether or not organizations are using WLAN to support their own users and business applications, clear awareness of the latest developments in WLAN security is an essential component of comprehensive network security architectures.

AirMagnet will review the state of WLAN security, covering the latest attacks, changes to industry regulatory requirements like PCI, help you sort out the real threats and critical business issues, and cover proven strategies to stay ahead of these developments.

Presented By: NLE & AirMagnet

Download Presentation

With the release of FortiOS 4.0, Fortinet has redefined network security again by extending the scope of consolidated security and networking capabilities within FortiGate multi-threat network security platforms. While FortiOS 4.0 includes many new features, the most significant additions to the FortiGate platform include Data Loss Prevention (DLP), WAN Optimization, Application Control, and SSL-Encrypted Traffic Inspection. Organizations of all sizes can now benefit from an integrated solution which offers the most comprehensive suite of security and networking services within a single device—the new services in FortiOS 4.0 joining the already included enterprise-class firewall, IPSec VPN, SSL-VPN, Intrusion Prevention, Antivirus, Web Filtering, Antispam, and Layer 2/3 routing services. With over 40 new features, FortiOS 4.0 delivers on its mission to enable secure business communications while offering the best security, performance, and total cost of ownership possible.

Presented By: Fortinet