RSA 2010: Top 15 Conference Sessions You Shouldn't Miss

The RSA security conference is known for being a vendor-heavy, corporate-speak shindig that lacks quality content.   I disagree.   I spent some time perusing the conference agenda this year and found 15 must-attend sessions:

1. The Seven Most Dangerous New

Attack Techniques and What Is Coming Next     

Tuesday, March 02 01:00 PM,  Blue Room 103  

Nation states and organized crime groups are rapidly increasing the sophistication, virulence, and effectiveness of attack tools and techniques. In this session, three people in unique positions to see the newest attack patterns will share what they believe are the seven most dangerous new attack vectors and how they think attack tools and patterns will evolve over the coming year.

--  Alan Paller, Director of Research, The SANS Institute; Ed Skoudis, Senior Security Consultant, InGuardians, Inc.; Rohit Dhamankar, Director of DVLabs, TippingPoint Technologies;  Johannes Ullrich, Chief Research Officer, The SANS Institute.

2. Meet the Wizards: Behind the Industry Threat Reports

Tuesday, March 02 01:00 PM, Orange Room 307

Quantifying risk and threats is a core challenge of IT security. We now have a few extensive industry threat reports that analyze and digest large sets of data about vulnerabilities, breaches, and attacks. In this panel we look behind some of the biggest industry threat reports. Where does the data come from? How is it gathered? What methodology sits behind it? What do the results tell us about where we are headed in security? This panel will explore those critical questions.

-- Andrew Jaquith (moderator),  Senior Analyst, Forrester Research, Inc.; Alex Hutton,  Risk Management, Verizon Business; Dean Turner, Director, Global Intelligence Network, Symantec; Jeff Williams Principal Group Program Manager, Microsoft Corporation.

3.  Case m00p

Tuesday, March 02 02:30 PM,  Blue Room 102

This session is a case study into an investigation against an international malware writing group, “m00p.” The investigation spanned several years, included law enforcement from multiple counties, and resulted in arrests on multiple continents.

--   Mikko Hypponen, Chief Research Officer, F-Secure Corporation.

4. Banking Malware – All Your Bank Accounts Belong to Us

Tuesday, March 02 03:40 PM, Blue Room 102

Criminals have evolved banking malware to defeat consumer and bank anti-fraud systems. We will survey Zeus, Bankhook.A and other leading malware families’ sophisticated attack methods that defeat anti-virus, machine identification and two-factor authentication. Two leading financial service companies will share how they are meeting this challenge with innovative security approaches.

-- Patrick Peterson, Cisco Fellow & Chief Security Researcher (moderator); Michael Barrett CISO and VP of Information Risk Management, PayPal; Laura Mather, Founder and VP of Product Marketing, Silver Tail Systems; David Shroyer, SVP, eChannels Identity, Security, and Fraud Executive, Bank of America.

5. The Relevance of Anti-Malware Testing

Tuesday, March 02 03:40 PM, Orange Room 301

Anti-Malware has been tested for two decades now. More people are trying to test Anti-Malware products, but the results are diverse. What is being tested and why are the outcomes so diverse? To better clarify the test, methodology and results, the industry combined efforts in the Anti-Malware Testing Standards Organization to describe tests which are clear to the reader. This panel will look at the testing from all perspectives and points of view, making it as broad as possible.

-- Larry Bridwell, Global Security Strategist, AVG Technologies (moderator); Neil Rubenking, Lead Analyst, OS and Security, PC Magazine; Andreas Marx, CEO, AV-Test GmbH; Righard Zwienenberg, President, AMTSO; Roel Schouwenberg, Senior AV Researcher, Kaspersky Lab.

6. Good Sites Gone Bad

Wednesday, March 03 8AM, Green Rm 130

The Web’s greatest accomplishments have become its biggest threats. Compromised sites, user-generated content and social networks challenge traditional domain-based trust mechanisms. The growth of the Web has outpaced traditional URL filters. Web applications bypass legacy file-based anti-virus engines. Search engine optimization and trending topics are used by attackers to increase their attack performance. This session reviews these shifts and new approaches to defending users online.

-- Dr. Paul Judge, CRO & VP, Barracuda Networks Inc.

7. Lessons in Botnets: The After-effects of ISP Takedowns

Wednesday, March 03 09:10 AM, Blue Room 102

The takedown of four major ISPs over the past year has offered deep insight into spamming behavior and the life expectancy of some of the most powerful botnets ever known. With the demise of Intercage, McColo, Pricewert and Real Host, spam levels dropped to some of the lowest levels ever seen, but then quickly rose again in varying capacities. What have we learned about botnets from these landmark events and how can we use this intelligence to better track and defeat them?

-- Alex Shipp, Senior Anti-Virus Technologist and Imagineer,  Symantec Hosted Services.


8. How to Expedite Patching in the Enterprise? A View from the Trenches

Wednesday, March 03 10:40 AM, Orange Room 301

Despite the attention Microsoft Patch Tuesday brings to the industry, recent studies still show that enterprises struggle with patching their critical systems in a timely manner. The average half-time of vulnerabilities is lingering at 30 days for the past four years. This panel will present live data on patching cycles and discuss methodology, processes and technology that can be used to minimize risk and expedite patching of critical vulnerabilities.

-- Rich Mogull Analyst, CEO, Securosis (moderator); Robert Duran, CISO, TIME; Doug Dexter, Audit Team Lead, Cisco Systems; Wolfgang Kandek, CTO, Qualys, Inc.; Regis Rogers, Manager, Client Security, GE Corporation.

9. Years of Real World Content Type Attacks

Wednesday, March 03, 10:40AM, Blue 104
 
Criminals have been using content type attacks (DOC, XLS, PPT, PDF) to infiltrate networks for several years now. Very little has been openly published about these attacks, the vulnerabilities used, the phone-home geographic locations, and the mechanism used to trick users into opening them. We have gathered and categorized five years of real-world exploits sent to real customers and present the results of our analysis and simple techniques prevent these attacks from being successful.      
 
-- Maarten Van Horenbeeck, Bruce Dang, Jonathan Ness, Microsoft Corp.

10. Industry Efforts To Secure Cloud Computing

Wednesday, March 03 01:00 PM, Orange Room 302

Migrating internal systems to a cloud model may seem appealing, but from a security perspective much remains unresolved. What form will SLAs with cloud providers take? Can popular cloud providers survive the rigor of audit? How can you ensure your systems will be available or your data recoverable? What are industry best practices in system design, vendor selection, and governance around cloud computing services? This session will explore industry efforts trying to answer these critical questions

--  Steve Riley Sr., Technical Program Manager, Amazon Web Services; Jim Reavis, Co-Founder & Acting Executive Director, Cloud Security Alliance.

11. Crowd Sourcing Fraud & Abuse Detection

Wednesday, March 03 01:00 PM,  Orange Room 308

Blackhat hackers have an organized community that openly shares information about new attacks. In contrast, the abuse departments responding to these attacks are often siloed and slowly, if at all, share information about threats they have seen with other organizations. This session discusses Project Honey Pot's early success in breaking down these barriers and facilitating the free flow of abuse information between organizations.

-- Lee Holloway, Lead Engineer, Project Honey Pot.

12. Clampi Deconstructed: Inside The Black Box Botnet         

Thursday, March 04 08:00 AM, Blue Room 104

Clampi (also known as Ilomo, Ligats or Rscan) is a botnet trojan operated by a serious and sophisticated organized crime group from Eastern Europe and has been implicated in numerous high-dollar thefts from banking institutions and businesses. This session is an in-depth, technical exploration of how Clampi uses advanced packing, encryption, exploitation and anonymity to maintain one of the most sophisticated and pervasive bank account theft botnet operations in the world.

-- Joe Stewart, Director of Malware Research, SecureWorks.

13. Arrests, Indictments, Convictions: Prosecution of Two Sophisticated Hacking Rings

 Thursday, March 04 09:10 AM,  Blue Room 102

In 2009, activities of two of the most sophisticated hacking rings were brought to an abrupt end by arrests and indictments by the Department of Justice. One group hacked into retailers and processors, putting over 170 million payment cards at risk of fraud. The second group stole payroll debit cards, cashing them out for over $9 million at over 2,100 ATMs in 280 cities – all within 12 hours. This session will provide insight into these cases.

-- Howard Cox, Assistant Deputy Chief, U.S. Department of Justice;  Kimberly Kiefer Peretti
Senior Counsel, U.S. Department of Justice.

 

14. Botnets Gone Wild! Captured, Observed, Unraveled, Exterminated

Thursday, March 04 09:10 AM, Blue Room 104

We have captured and observed five of the most dangerous botnet families. In this session, using demonstrations, packet captures and video, we unravel their technical operations: malware infection, botnet command & control, botnet size and how their weaknesses enable extermination. We will follow the money to unravel business models, criminal actors, relationships and profits.

-- Henry Stern,  Senior Security Researcher, Cisco Systems, Inc.,  Patrick Peterson, Cisco Fellow & Chief Security Researcher, Cisco Systems, Inc. 

15.  Is This Link Safe? - Exploiting Trust Through Search Engine Manipulation

Friday, March 05 09:00 AM, Blue Room 104

Users implicitly trust search engines to deliver safe, relevant links to the information they seek. That trust, however, is being exploited by web parasites through link farms and gray search engines that herd unsuspecting users towards hidden threats. This session will explore the mechanisms cybercriminals use to abuse search engines and discuss search engine manipulation protection options.

-- Chris Larsen, Senior Malware Researcher, Blue Coat.

Commenting on this Article is closed.