How to Stop Advanced Persistent Threats from Evading Detection

Speaker: Eddie Schwartz, CISSP, CISA, ISSEP, PMP, CISM, MCSE, IAM, CAP
Chief Security Officer, NetWitness Corporation, eddie@netwitness.com

Abstract:
Many of today's network advanced persistent threats are evading detection by your perimeter defenses - whether you know it or not. That's because most organizations have developed an over-reliance upon perimeter-based, network-layer focused point solutions that require signatures or profile-based foreknowledge of a given technical threat. As proven through numerous serious security breaches over the last few years, most signature and log-file-based security solutions are already entirely obsolete, and solutions based upon statistical analysis of netflows and other network-layer telemetry provide limited and incomplete network visibility.
This session focuses on the true nature and sources of today's most difficult threats, and describes solutions, both technology and operations-related, required to detect invisible threats. The speaker will illustrate actual technical case studies from the commercial and public sector to describe an effective operational plan of action consisting of the use of automated reporting and alerting, and interactive threat analysis applications built upon a distributed full packet capture and session reconstruction infrastructure. The session will demonstrate techniques that will enable your organization to detect and stop designer malware, zero-day attacks, and non-signature-based threats to improve overall network visibility, and to detect the leakage and exfiltration of valuable organizational data.
Attendees will learn:
• The technical reasons that advanced persistent threats are evading current perimeter-based point solutions such as IDS, log monitoring and flow-based technologies.
• The true nature and sources of threats facing public and private organizations and the gaps in current network visibility.
• Advanced techniques for next generation network monitoring using full packet capture and session reconstruction, and the network visibility improvements provided by this approach.
• Specific examples of adversary exploits (demonstrations) similar to trends observed within organized crime groups and state- sponsored attacks.

Speaker Bio:
As Chief Security Officer for NetWitness, Eddie Schwartz is responsible for the alignment of the NetWitness product strategy with the evolving operational threat management needs of government and commercial organizations. Prior to joining NetWitness, Mr. Schwartz served as CTO of ManTech Security Technologies Corp, Senior Vice President of Operations of Guardent Inc, (acquired by Verisign), and EVP of Operations for Predictive Systems / Global Integrity (acquired by INS). Mr. Schwartz also worked as Chief Information Security Officer (CISO) at Nationwide Insurance, as a Senior Computer Scientist for CSC, and a Foreign Service Officer with the U.S. Department of State. Mr. Schwartz has a B.I.S. in Information Security Management and an M.S. in Information Technology Management from the George Mason University School of Management.

On-site registration and networking begins at noon, and lunch will be served at approximately 12:15. The presentation will run from 1:00pm to 2:00pm, to be followed by an open discussion forum. Members and non-members of the ISSA are welcome but space is limited. Cost for the event is $35.00 for non-members, $25.00 for ISSA members and $20.00 for students payable in advance at our web site using Paypal®, or at the door in cash or by cheque payable to “ISSA Vancouver”. RSVP to to guarantee your seat. Please note that we require 72 hours notice of any cancellations, or you will be invoiced for the event since we are required to finalize the food orders.

Please note that the TCC has a business-casual dress code, and contact us in advance if you have special dietary requirements or would like wheel chair accessible parking so that we can make the necessary arrangements on your behalf.

Contact:
James Crooks: (604) 806-7027.