About
The integration of 3rd party products within SIEM and Log Management platforms is often a race to competitive parity. Unfortunately for customers, simply having cursory integration for a product without an ongoing integration lifecycle is about as useful as the platform not supporting the device in the first place.

In order to facilitate continuous value, end-to-end integration lifecycles must be designed to ensure SIEM and Log Management platform vendors have access to the most current information available from integration partners. This talk will shed light on the steps required to effectively bring a product into constant state of supportability and will equip customers with the questions to verify their vendors’ ongoing integration capabilities.

Hopefully I’ll see you there

Here are the two sessions that I’m involved with:

Friday, July 9th, 2010 – 9:30am – 10:30am
Bringing a Knife to a Gun Fight: The Arsenal Required for Modern Forensic Combat!

One of the most time consuming yet important aspects of any forensic investigation is the analysis of forensic information not located on the compromised machine. For example, logs from compromised systems and ancillary devices, such as routers, firewalls, and intrusion devices, combined with network-level flow and packet analysis help paint a picture of the compromise from start to finish. Reviewing data by hand, however, could take days, weeks, or even months to stitch together a timeline of events.

This talk serves to highlight the current forensic capabilities of Enterprise Security Information Management (ESIM) products, such as Security Information and Event Management (SIEM) and Log Management systems, and how you can best leverage the collected data to aid in forensic exercises. The speaker will also highlight how ESIM products need to evolve to best serve the forensic and incident response community in the future.

Speaker:

• Andrew Hay – Senior Security Analyst , The 451 Group.

Friday, July 9th, 2010 – 10:50am – 11:50pm
Network Forensics Panel

Panelists will tell you the challenges faced by properly collecting and analyzing network based evidence. It is critical in investigations. Data collected from intrusion detection systems, firewalls, routers, proxies, and access points all end up telling unique stories that could be critical to solving your case. Learn the latest techniques thata re utilized in reacting to real attacks that these experts have responded to. This panel includes some of the best minds for the future of Network Forensics. Listen to what they have to say. Network Forensics: No Hard Drive? No Problem.

Panelists:

• Moderator: Jonathan Ham – SANS Institute and Lake Missoula Group
• George Bakos – Senior Engineer, Northrup Grumman
• Andrew Hay – Senior Security Analyst , The 451 Group’s Enterprise Security
• Charles Smutz – Software Engineer Lockheed Martin-CIRT

Hopefully I’ll see you there. Sign up today!

About:
Have you ever thought about writing a security book, but were not sure where to start? What kind of book should you write? How do you get a publisher? What can you expect to make off your book?

Join Andrew Hay, author of the OSSEC Host-based Intrusion Detection Guide, Nagios 3 Enterprise Network Monitoring, and the Nokia Firewall, VPN, and IPSO Configuration Guide, to learn the pros and cons of being a security author and to learn if you’ve got what it takes to write the next great security book.

Please RSVP today!

So You Want to Write a Security Book, Eh?
- Andrew Hay
- Friday, September 18 * 8:00pm – 9:00pm

Have you ever thought about writing a security book, but were not sure where to start? What kind of book should you write? How do you get a publisher? What can you expect to make off your book?

Join Andrew Hay, author of the OSSEC Host-based Intrusion Detection Guide, Nagios 3 Enterprise Network Monitoring, and the Nokia Firewall, VPN, and IPSO Configuration Guide, to learn the pros and cons of being a security author and to learn if you’ve got what it takes to write the next great security book.

Full details here: http://www.sans.org/ns2009/night.php