Topic: How to Stop Serious Threats from Evading Detection
Date: Tuesday, August 12, 2008
Time: 1 p.m. EST/10 a.m. PST




Co-hosted with SANS
Playback & Listen

Topic Description:

Many of today’s network threats are evading detection by your perimeter defenses – whether you know it or not. That’s because most organizations have developed an over-reliance upon perimeter-based, network-layer focused defenses. The flawed assumption is that deployed network countermeasures will have signatures or profile-based foreknowledge of a given threat. As proven through numerous serious security breaches over the last few years, however, most signature and log-file-based security solutions are already entirely obsolete.

Consider STORM: a daily polymorphic, self mutating, encrypted, P2P, worm Trojan with compartmentalized botnet functionality. Also think about any number of successful spear phishing attacks combined with low and slow “beacon Trojan” footholds that have been placed inside victim networks – all of which have been invisible and entirely undetected by current detection countermeasures.

This Webcast focuses on the true nature and sources of today’s threats, and proven solutions, both technology and operations- related, required to solve this problem. We will describe an effective operational plan of action consisting of the use of automated reporting and alerting, and interactive threat analysis applications built upon a distributed full packet capture and session reconstruction infrastructure. This Webcast will describe an approach that will enable your organization to detect and stop designer malware, zero-day attacks, and non-signature-based threats to improve overall network visibility, and to detect the leakage and exfiltration of valuable corporate data. We will employ specific technical case studies and demonstrations to highlight the value of such an approach.

Attendees will learn:

• The technical reasons that current threats are evading current perimeter-based defenses such as IDS, log monitoring and flow-based technologies.

• The true nature and sources of threats facing public and private organizations.

• Advanced techniques for next generation network monitoring using full packet capture and session reconstruction, and the network visibility improvements provided by this approach.

• Specific examples of adversary exploits (demonstrations) similar to trends observed within organized crime groups and state- sponsored attacks.

Meet our speaker:

Eddie Schwartz | Chief Security Officer | NetWitness Corporation

As Chief Security Officer for NetWitness, Eddie Schwartz is responsible for the alignment of the NetWitness product strategy with the evolving operational threat management needs of government and commercial organizations. Prior to joining NetWitness, Mr. Schwartz served as CTO of ManTech Security Technologies Corp, Senior Vice President of Operations of Guardent Inc, (acquired by Verisign), and EVP of Operations for Predictive Systems (acquired by INS). Mr. Schwartz also worked as Chief Information Security Officer at Nationwide Insurance, as a Senior Computer Scientist for CSC, and a Foreign Service Officer with the U.S. Department of State.