SANS Incident Detection Summit in DC in December
Last month I blogged about the SANS Forensics and Incident Response 2009 Summit Round-Up. I am pleased to announce that I will be working with SANS to organize a two day SANS Incident Detection Summit in DC in December. I am working on a preliminary agenda that includes two major themes: network-centric detection and host-centric detection. The Summit will include keynotes, practitioner briefings, tool briefings, vendor briefings, and panels.
As we develop the content I will report it here. I am excited about this event and look forward to seeing you in December. My goal is to "bring detection back", since we all know that detection never really died!
If there are topics you'd like to see at the Summit, feel free to share them here. Thank you.
Update: 9-10 December are the days for the Summit.
As we develop the content I will report it here. I am excited about this event and look forward to seeing you in December. My goal is to "bring detection back", since we all know that detection never really died!
If there are topics you'd like to see at the Summit, feel free to share them here. Thank you.
Update: 9-10 December are the days for the Summit.
Comments
- Realtime detection of memory based malware that never touches the disk. We have the tools to investigate it after the fact, but that is after the damage has been done. Maybe clear documentation of what occurs when process injection happens at the Native API level and how we can alert on it.
- Detecting tunneled, possibly encrypted traffic buried in http, ssl, dns, etc.
maybe at the summit you can comment on why the DOD thinks HIPS will solve all thier problems and the reality that it won't..
Would be great if you can afford time to do some training.
Look forward.
Regards,
SC
With Melissa Hathaway resigning and many security experts stating they are ready to step up to the plate if called upon, why do you think the position of Cyber Security Coordinator is still vacant?
What would it take to appoint someone of your stature or similar credentials and personality to this position and do you think the politics of D.C. ready for this pro-active change?
The political side of security is such a mind draining and in-efficient way of doing business. Winning over mid-level politics seems to be lost cause unless someone higher is holding management's feet to the fire.
What better way to affect change than at the White House level pushing from the top-down national level priorities and accountability.
There are a lot of great security minds being squashed with mid-level politics all over the U.S. If we are going to win the war of the digital age, we cannot wait until a national level cyber security disaster happens for the right people to start listening.
Security specialists seem to be ready for their call to arms when called upon, but it seems the right people at the top are not hearing them loud enough.
maybe a session about how to best detect routing/BGP threats?