Session Descriptions

Threat Management Decisions is a complimentary, customized educational seminar designed by the editors of Information Security Magazine Online and SearchSecurity.com. By focusing specifically on network and endpoint security, our free one-day seminar tackles threat management from all angles. As a result, our experts help you create an effective defense-in-depth strategy surrounding the latest threats and their implications.

"Something old, something new, something borrowed…..”: Emerging (and Continuing) Threats
David Sherry, CISO, Brown University

Malware, spam, and spyware. LinkedIn, Facebook, Twitter. Social networks, blogs, wikis. SAML, XML, AJAX. Cloud, Saas, PaaS, IaaS. Most of these terms and solutions are part of the Web 2.0 revolution, and are (or will soon be) facts of life in the enterprise. While there are many positives to these dramatically emerging technologies, there is also the potential for new risks to be introduced to your environment. While new technologies are embraced, you must be aware of the emerging risks and how to mitigate them, in addition to not neglecting older threats. This high-level, broad, and fast-moving session covers a lot of ground quickly, with a goal of highlighting and raising awareness of the evolution, maturation, and introduction of security threats. In this session Sherry covers:

• The danger of complacency with “old” threats
• Why 2.0 threats are the same, and why they’re not
• The threat of the Cloud
• Why you need to involve many areas in addressing the risks
• Cultural issues, and social/business convergence
• Recommendations for reducing the risk
  

What You Need to Know to Secure the Application Layer

Joel Snyder, Senior Partner, Opus One

All of today's biggest threats are at the application layer. The complexity of web-based applications and the tenacity of those who wish to break them have combined to form a massive snarl; one that leaves network and security managers wondering what they can do to help secure Internet-facing web applications. Traditional tools such as firewalls are ineffective at blocking application layer attacks. Building a secure application layer requires new knowledge of the attacks, new ways of thinking about security, and new tools. While the final responsibility for application security lies with application developers, network and security managers can provide defense-in-depth all the way up to the application layer. In this session, learn:

• What the main threats are to the application layer
• How existing tools can be used to help protect the application layer
• Where you can, and cannot, provide protection
• New tools and techniques that reduce application layer threats

How to Build a Security Dashboard to Streamline Your Data

Joel Snyder, Senior Partner, Opus One

With security tools bolted into all parts of our networks, we're now left with two big questions: first, is all this doing any good, and second, how will I know when something is wrong?

The answers to these questions can be found by paying close attention to what these devices are telling you, but unfortunately, security products are too chatty and overwhelm us with raw data that can't be easily absorbed. One solution to this problem is the creation of a "Security Dashboard," a set of carefully considered measurements and key performance indicators that can help you turn the data coming from your security products into useful, actionable information. During this session Snyder focuses on:

• Finding the critical information coming from your security products
• Understanding the importance of aggregation and summarization
• Identifying areas where trend graphs give valuable information
• Correlation rules and policies that identify trouble spots quickly

Network Access Control: A Whirlwind Tour Through The Basics
Joel Snyder, Senior Partner, Opus One

Network Access Control (NAC) is one of the last steps in the long progression of making enterprise networks secure. Starting from the firewall and working in, enterprises are now ready to make every point of network connection a secure connection. With this movement forward, a host of new products focused on LAN and user-centric security have entered the marketplace, from startups up to Cisco, Juniper, and Microsoft. This session provides a technical view of NAC and a framework to understand what everyone is selling—and how to decide which products and services are right for their network. Joel Snyder addresses these questions around NAC:

• What is NAC?
• Why are we thinking about NAC?
• What are the four key components of any NAC solution?
• What are the industry NAC architectures?