Thanks for a Great Incident Detection Summit

December 12th, 2009 admin

We had a great SANS WhatWorks in Incident Detection Summit 2009 this week! About 100 people attended. I’d like to thank those who joined the event as attendees; those who participated as keynotes (great work Ron Gula and Tony Sager), guest moderators (Rocky DeStefano, Mike Cloppert, and Stephen Windsor), speakers, and panelists; Debbie Grewe and Carol Calhoun from SANS for their excellent logistics and planning, along with our facilitators, sound crew, and staff; our sponsors, Allen Corp., McAfee, NetWitness, and Splunk; and also Alan Paller for creating the two-day “WhatWorks” format. I appreciate the …


Originally posted on TAOSecurity

Related Videos from Youtube

  • phone security and cybersecurity ar...
    taosecurity.blogspot.com another of my two in one videos but this time i want to say to my subbers, that i will protect you guys from hackers, whenever i can in any form, cell phone security or pc i'm here for you guys and the youtube cominuty at large....
  • is prillo a nice security person or...
    geeks.pirillo.com i wouldn't mind if i got more subscribers who can watch my videos and i could help them in a friendly way and a good way, i'm not like prillo in any way i don't get mad at hateful comments etc taosecurity.blogspot.com
  • Zombie aware month.......avi...
    blog.fortinet.com come on join me and help in the fight against pc zombies..... i will deffend the youtube comminuty against hackers...... taosecurity.blogspot.com
  • AFCERT circa 2000...
    This video shows the United States Air Force Computer Emergency Response Team (AFCERT) in 2000. Kelly AFB, Security Hill, and Air Intelligence Agency appear. The colonel who leads the camera crew into room 215 is James Massaro, then commander of the Air Force Information Warfare Center. The old Web-based interface to the Automated Security Incident Measurement (ASIM) sensor is shown, along with a demo of the "TCP reset" capability to terminate TCP-based sessions. We have a classic quote about a "digital Pearl Harbor" from Winn Schwartau, "the nation's top information security analyst." Hilarious, although Winn nails the attribution and national leadership problems; note also the references to terrorists in this pre-9/11 video. "Stop the technology madness!" Incidentally, if the programs shown were "highly classified," they wouldn't be in this video!

More videos ...

 
  Related Posts
Tentative Speaker List for SANS Incident Detection Summit
Tentative Speaker List for SANS Incident Detection Summit
Thanks to everyone who attended the Bejtlich and Bradley Webcast for SANS yesterday. We recorded that Webcast (audio is now available ) to start a discussion concerning professional incident detection. I’m pleased to publish the following tentative speaker list for the SANS WhatWorks in Incident Detection Summit 2009 on 9-10 Dec in Washington,... 
SANS WhatWorks Summit in Forensics and Incident Response
SANS WhatWorks Summit in Forensics and Incident Response
I wanted to remind everyone about the SANS WhatWorks Summit in Forensics and Incident Response in DC, 8-9 July 2010. The Agenda looks great. I will offer the “Expert Briefing: CIRT-level Response to Advanced Persistent Threat” and participate on the “APT Panel Discussion.” This IR event is a great precursor to my next SANS... 
Brief Thoughts on SANS WhatWorks Summit in Forensics and Incident Response 2010
Brief Thoughts on SANS WhatWorks Summit in Forensics and Incident Response 2010
Last week I spoke at the third SANS WhatWorks Summit in Forensics and Incident Response in DC, organized and led by Rob Lee. As usual, Rob did a wonderful job bringing together interesting speakers and timely topics. I thought my presentation on “CIRT-level Response to Advanced Persistent Threat” went well and I enjoyed participating... 
Favorite Speaker Quotes from SANS Incident Detection Summit
Favorite Speaker Quotes from SANS Incident Detection Summit
Taking another look at my notes, I found a bunch of quotes from speakers that I thought you might like to hear. “If you think you’re not using a MSSP, you already are. It’s called anti-virus.” Can anyone claim that, from the CIRTs and MSSPs panel? Seth Hall said “Bro is a programming language with a -i switch to sniff... 
Bejtlich to Speak at SANS Forensics and Incident Response 2010
Bejtlich to Speak at SANS Forensics and Incident Response 2010
I am pleased to announce that I will return for the third SANS WhatWorks Summit in Forensics and Incident Response in DC, 8-9 July 2010. Rob Lee sent an email stating I would be on the Advanced Persistent Threat Panel with Chris Glyer and Mike Cloppert, so I’m looking forward to participating. I might also have a solo presentation, but I... 
Wednesday is Last Day for Discounted SANS Registration
Wednesday is Last Day for Discounted SANS Registration
In my off time I’m still busy organizing the SANS WhatWorks in Incident Detection Summit 2009 , taking place in Washington, DC on 9-10 Dec 09. The agenda page should be updated soon to feature all of the speakers and panel participants. Wednesday is the last day to register at the discounted rate . I wrote the following to provide more information... 
APT Presentation from July 2008
APT Presentation from July 2008
Some of you may remember me mentioning the 2008 SANS WhatWorks in Incident Response and Forensic Solutions Summit organized by Rob Lee. I provided the keynote and really enjoyed listening to the presentations, which Rob has graciously made available at http://files.sans.org/summit/forensics08/ . One of the presentations, by Mandiant consultant... 
DHS Completes Incident Planning for Moscow-like Attack
DHS has identified 15 hypothetical terrorist attack scenarios, but has completed the incident planning work on only one of those scenarios – referred to as “Terrorist Use of Explosives” – which happens to be the scenario that so-called “Black Widow” female Chechnyan suicide bombers appear to have followed when they detonated explosives... 
Forget Pre-Incident Cost, How Much Did Your Last Incident Cost?
Forget Pre-Incident Cost, How Much Did Your Last Incident Cost?
I just read this great post by Rich Mogull titled FireStarter: The Only Value/Loss Metric That Matters . His basic argument, or at least the idea that I derived from it, is the following (all in my own words). So-called “risk managers” spend a lot of time imagining they can determine “annualized loss expectancy” by predicting... 
Reintroducing The Alan and Mitchell Podcast
Well, we’re back at it again. Alan and I are doing the podcast again and we are enjoying it even more.  During this episode, Alan and I talk about: Is the CISO role really just a consulting gig? Microsoft Security Essentials free malware software Microsoft Forefront 2010 for Exchange and Alan’s leaving StillSecure The podcast is full... 
  Related Tweets from Twitter
asteingruebl (Andy Steingruebl)  : @taosecurity That was true of incidents Verizon and USSS handled. That doesn't by itself = all incidents. Right?..
Updated : 2010-07-31T02:40:16Z   |  Reply  |  View Tweet
shirkdog (shirkdog)  : @taosecurity so... the outsider attacks would be 69% pre 2008 :)..
Updated : 2010-07-31T01:59:43Z   |  Reply  |  View Tweet
shirkdog (shirkdog)  : @taosecurity When jobs are there, maybe some people think about getting back at the company...but people seem to be more pessimistic now...
Updated : 2010-07-31T01:58:37Z   |  Reply  |  View Tweet
alexhutton (Alex Hutton)  : RT @taosecurity: Schultz: study puts to rest the lingering legend that most attacks are due to insiders http://bit.ly/cafM51..
Updated : 2010-07-31T01:47:12Z   |  Reply  |  View Tweet
taosecurity (Richard Bejtlich)  : Schultz: This study should put to rest the lingering information security legend that most attacks are due to insiders http://bit.ly/cafM51..
Updated : 2010-07-31T01:44:00Z   |  Reply  |  View Tweet
  Related News from Digg
Leave a comment | Trackback
No comments yet.
You must be logged in to post a comment.
TOP