The RSA security conference is known for being a vendor-heavy, corporate-speak shindig that lacks quality content. I disagree. I spent some time perusing the conference agenda this year and found 15 must-attend sessions:
1. The Seven Most Dangerous New
Attack Techniques and What Is Coming Next
Tuesday, March 02 01:00 PM, Blue Room 103
Nation states and organized crime groups are rapidly increasing the sophistication, virulence, and effectiveness of attack tools and techniques. In this session, three people in unique positions to see the newest attack patterns will share what they believe are the seven most dangerous new attack vectors and how they think attack tools and patterns will evolve over the coming year.
— Alan Paller, Director of Research, The SANS Institute; Ed Skoudis, Senior Security Consultant, InGuardians, Inc.; Rohit Dhamankar, Director of DVLabs, TippingPoint Technologies; Johannes Ullrich, Chief Research Officer, The SANS Institute.
2. Meet the Wizards: Behind the Industry Threat Reports
Tuesday, March 02 01:00 PM, Orange Room 307
risk and threats is a core challenge of IT security. We now have a few
extensive industry threat reports that analyze and digest large sets of
data about vulnerabilities, breaches, and attacks. In this panel we
look behind some of the biggest industry threat reports. Where does the
data come from? How is it gathered? What methodology sits behind it?
What do the results tell us about where we are headed in security? This
panel will explore those critical questions.
Jaquith (moderator), Senior Analyst, Forrester Research, Inc.; Alex
Hutton, Risk Management, Verizon Business; Dean Turner, Director,
Global Intelligence Network, Symantec; Jeff Williams Principal Group
Program Manager, Microsoft Corporation.
3. Case m00p
Tuesday, March 02 02:30 PM, Blue Room 102
This session is a case study into an investigation against an international malware writing group, “m00p.” The investigation spanned several years, included law enforcement from multiple counties, and resulted in arrests on multiple continents.
— Mikko Hypponen, Chief Research Officer, F-Secure Corporation.
4. Banking Malware – All Your Bank Accounts Belong to Us
Tuesday, March 02 03:40 PM, Blue Room 102
have evolved banking malware to defeat consumer and bank anti-fraud
systems. We will survey Zeus, Bankhook.A and other leading malware
families’ sophisticated attack methods that defeat anti-virus, machine
identification and two-factor authentication. Two leading financial
service companies will share how they are meeting this challenge with
innovative security approaches.
— Patrick Peterson, Cisco
Fellow & Chief Security Researcher (moderator); Michael Barrett
CISO and VP of Information Risk Management, PayPal; Laura Mather,
Founder and VP of Product Marketing, Silver Tail Systems; David
Shroyer, SVP, eChannels Identity, Security, and Fraud Executive, Bank
5. The Relevance of Anti-Malware Testing
Tuesday, March 02 03:40 PM, Orange Room 301
has been tested for two decades now. More people are trying to test
Anti-Malware products, but the results are diverse. What is being
tested and why are the outcomes so diverse? To better clarify the test,
methodology and results, the industry combined efforts in the
Anti-Malware Testing Standards Organization to describe tests which are
clear to the reader. This panel will look at the testing from all
perspectives and points of view, making it as broad as possible.
Larry Bridwell, Global Security Strategist, AVG Technologies
(moderator); Neil Rubenking, Lead Analyst, OS and Security, PC
Magazine; Andreas Marx, CEO, AV-Test GmbH; Righard Zwienenberg,
President, AMTSO; Roel Schouwenberg, Senior AV Researcher, Kaspersky
6. Good Sites Gone Bad
Wednesday, March 03 8AM, Green Rm 130
The Web’s greatest accomplishments have become its
biggest threats. Compromised sites, user-generated content and social
networks challenge traditional domain-based trust mechanisms. The
growth of the Web has outpaced traditional URL filters. Web
applications bypass legacy file-based anti-virus engines. Search engine
optimization and trending topics are used by attackers to increase
their attack performance. This session reviews these shifts and new
approaches to defending users online.
— Dr. Paul Judge, CRO & VP, Barracuda Networks Inc.
7. Lessons in Botnets: The After-effects of ISP Takedowns
Wednesday, March 03 09:10 AM, Blue Room 102
takedown of four major ISPs over the past year has offered deep insight
into spamming behavior and the life expectancy of some of the most
powerful botnets ever known. With the demise of Intercage, McColo,
Pricewert and Real Host, spam levels dropped to some of the lowest
levels ever seen, but then quickly rose again in varying capacities.
What have we learned about botnets from these landmark events and how
can we use this intelligence to better track and defeat them?
— Alex Shipp, Senior Anti-Virus Technologist and Imagineer, Symantec Hosted Services.
8. How to Expedite Patching in the Enterprise? A View from the Trenches
Wednesday, March 03 10:40 AM, Orange Room 301
the attention Microsoft Patch Tuesday brings to the industry, recent
studies still show that enterprises struggle with patching their
critical systems in a timely manner. The average half-time of
vulnerabilities is lingering at 30 days for the past four years. This
panel will present live data on patching cycles and discuss
methodology, processes and technology that can be used to minimize risk
and expedite patching of critical vulnerabilities.
Mogull Analyst, CEO, Securosis (moderator); Robert Duran, CISO, TIME;
Doug Dexter, Audit Team Lead, Cisco Systems; Wolfgang Kandek, CTO,
Qualys, Inc.; Regis Rogers, Manager, Client Security, GE Corporation.
9. Years of Real World Content Type Attacks
Wednesday, March 03, 10:40AM, Blue 104
Criminals have been using content type attacks (DOC, XLS, PPT, PDF) to infiltrate networks for several years now. Very little has been openly published about these attacks, the vulnerabilities used, the phone-home geographic locations, and the mechanism used to trick users into opening them. We have gathered and categorized five years of real-world exploits sent to real customers and present the results of our analysis and simple techniques prevent these attacks from being successful.
— Maarten Van Horenbeeck, Bruce Dang, Jonathan Ness, Microsoft Corp.
10. Industry Efforts To Secure Cloud Computing
Wednesday, March 03 01:00 PM, Orange Room 302
internal systems to a cloud model may seem appealing, but from a
security perspective much remains unresolved. What form will SLAs with
cloud providers take? Can popular cloud providers survive the rigor of
audit? How can you ensure your systems will be available or your data
recoverable? What are industry best practices in system design, vendor
selection, and governance around cloud computing services? This session
will explore industry efforts trying to answer these critical questions
Steve Riley Sr., Technical Program Manager, Amazon Web Services; Jim
Reavis, Co-Founder & Acting Executive Director, Cloud Security
11. Crowd Sourcing Fraud & Abuse Detection
Wednesday, March 03 01:00 PM, Orange Room 308
hackers have an organized community that openly shares information
about new attacks. In contrast, the abuse departments responding to
these attacks are often siloed and slowly, if at all, share information
about threats they have seen with other organizations. This session
discusses Project Honey Pot’s early success in breaking down these
barriers and facilitating the free flow of abuse information between
— Lee Holloway, Lead Engineer, Project Honey Pot.
12. Clampi Deconstructed: Inside The Black Box Botnet
Thursday, March 04 08:00 AM, Blue Room 104
(also known as Ilomo, Ligats or Rscan) is a botnet trojan operated by a
serious and sophisticated organized crime group from Eastern Europe and
has been implicated in numerous high-dollar thefts from banking
institutions and businesses. This session is an in-depth, technical
exploration of how Clampi uses advanced packing, encryption,
exploitation and anonymity to maintain one of the most sophisticated
and pervasive bank account theft botnet operations in the world.
— Joe Stewart, Director of Malware Research, SecureWorks.
13. Arrests, Indictments, Convictions: Prosecution of Two Sophisticated Hacking Rings
Thursday, March 04 09:10 AM, Blue Room 102
In 2009, activities of two of the most sophisticated hacking rings were brought to an abrupt end by arrests and indictments by the Department of Justice. One group hacked into retailers and processors, putting over 170 million payment cards at risk of fraud. The second group stole payroll debit cards, cashing them out for over $9 million at over 2,100 ATMs in 280 cities – all within 12 hours. This session will provide insight into these cases.
— Howard Cox, Assistant Deputy Chief, U.S. Department of Justice; Kimberly Kiefer Peretti
Senior Counsel, U.S. Department of Justice.
14. Botnets Gone Wild! Captured, Observed, Unraveled, Exterminated
Thursday, March 04 09:10 AM, Blue Room 104
have captured and observed five of the most dangerous botnet families.
In this session, using demonstrations, packet captures and video, we
unravel their technical operations: malware infection, botnet command
& control, botnet size and how their weaknesses enable
extermination. We will follow the money to unravel business models,
criminal actors, relationships and profits.
— Henry Stern,
Senior Security Researcher, Cisco Systems, Inc., Patrick Peterson,
Cisco Fellow & Chief Security Researcher, Cisco Systems, Inc.
15. Is This Link Safe? – Exploiting Trust Through Search Engine Manipulation
Friday, March 05 09:00 AM, Blue Room 104
implicitly trust search engines to deliver safe, relevant links to the
information they seek. That trust, however, is being exploited by web
parasites through link farms and gray search engines that herd
unsuspecting users towards hidden threats. This session will explore
the mechanisms cybercriminals use to abuse search engines and discuss
search engine manipulation protection options.
— Chris Larsen, Senior Malware Researcher, Blue Coat.