Finding Advanced Persistent Threats Using Real-Time Situational Awareness
Eddie Schwartz
Abstract:
As clearly demonstrated by China's theft of Google's Gaia single-sign-on framework, and ongoing information operations against USG agencies, many of today's network-based advanced threats from state-sponsored attackers and organized criminal groups are evading current prevention and detection techniques. This session focuses on the true nature and sources of today's most difficult security threats to governments and major corporations, and describes the solutions required to detect and mitigate these invisible threats.
The speaker will illustrate actual technical case studies to describe an effective operational plan of action consisting of the use of real-time situational awareness, automated network forensics, and interactive advanced threat analysis. The session will demonstrate techniques that will enable your staff to use next generation network intrusion monitoring techniques to inspect network and application layer traffic, detect designer malware and zero-day attacks, and improve overall tactical network intelligence and situational awareness, including problems such as data leakage and exfiltration of sensitive organizational data.
Attendees will learn:
- The technical reasons that advanced persistent threats are evading current security technologies such as IDS, anti-virus, log monitoring and flow-based technologies.
- The true nature and sources of threats facing public and commercial organizations and the gaps in current network visibility.
- Advanced techniques for next generation network monitoring, continuous controls review, and real-time network surveillance using full packet capture and session reconstruction, and the situational awareness improvements provided by this approach.
- Specific examples of adversary exploits (demonstrations) similar to trends observed within organized crime groups and nation-sponsored attacks.
About the Speaker
As Chief Security Officer for NetWitness, Eddie Schwartz is responsible for the alignment of the NetWitness product strategy with the evolving operational threat management needs of government and commercial organizations. Prior to joining NetWitness, Mr. Schwartz served as CTO of ManTech Security Technologies Corp, Senior Vice President of Operations of Guardent Inc, (acquired by Verisign), and EVP of Operations for Predictive Systems (acquired by INS). Mr. Schwartz also worked as Chief Information Security Officer at Nationwide Insurance, as a Senior Computer Scientist for CSC, and a Foreign Service Officer with the U.S. Department of State.
May 18, 2010 6:30 PM
@
International Spy Museum
Garbo Room
800 F St. NW
Washington, DC 20004
Click here for details
Please RSVP if you plan to attend.