Security Theme
Sponsored by:

Blue Coat logo

Download Free Cloud Networking Whitepaper

Exhibit at Interop

To learn about sponsorship and exhibiting opportunities, please contact .

Get Updates Via Email

Track Chair:
John Pironti
President
IP Architects, LLC

Hear more from John Pironti about key Security topics at Interop.

Information Security and Risk Management Track

Information Security and Risk Management capabilities and technologies have been identified as one of the few areas that organizations and governments are consistently increasing their investments and activities in while sustaining or reducing activities in other areas. This phenomenon validates the fact that the challenges associated with information infrastructure and data protection are growing significantly, and that organizations have recognized the need to comprehensively address them. The multi-million dollar question that now needs to be asked is “Where should all that money go?” Unfortunately investment of dollars alone will not solve the current and future information security problems that exist and in some instances can be counterproductive.

The Interop Las Vegas 2012 Information Security and Risk Management track will bring together some of the industry’s best and brightest thought leaders and will focus on identifying the existing and emerging threats and vulnerabilities as well as the concepts, technologies, and industry leading practices that can be utilized to manage the risks that they create. Sessions in the track will focus on effectively identifying and understanding attacks as well as provide useful and pragmatic insights on how to effectively defend against them. There will also be sessions whose speaker’s will provide thought provoking insights as they reexamine existing technologies such as SSL, Virtualization, Browsers, and others for their security capabilities and current day usage considerations. The information risk management focused sessions will discuss concepts including intelligence gathering and usage concepts, culture change within organizations, and discussions of current and future trends.

Tuesday

Wednesday

Thursday

Open All Descriptions Close All Descriptions

Tuesday, May 8
10:15 AM–11:15 AM The Dark Side of Virtualization: 10 Reasons These Are Not the Virtualized Apps You're Looking For Location: Room 6 Virtualization and private cloud have enabled server consolidation, created more flexible environments, and saved companies a ton of money. In fact, a survey of 1200 companies with more than 500 employees showed that 56 percent had server virtualization in production or pilot. But based on a decade of experience with large enterprise users of virtualization, this presentation covers the types of situations when you should consider not virtualizing some of your applications for reasons ranging from technical to legal and highlight security considerations that should be addressed when adopting and utilizing virtualization. Speaker - Dave Asprey, VP of Cloud Security, Trend Micro Dave Asprey brings more than 15 years experience to his position of Vice President of Cloud Security at Trend Micro. In this role, Mr. Asprey helps to shape the company’s cloud strategy, focusing specifically on expanding a Cloud Security Alliance partner ecosystem; participating in cloud security organizations; and cultivating Trend Micro partnerships with cloud security vendors. Prior to joining Trend Micro, Mr. Asprey was an Entrepreneur in Residence at Trinity Ventures, focused on early stage investment opportunities with companies in the cloud and virtualization markets. Previously, he served as Vice President of Technology and Business and Corporate Development at Blue Coat Systems. He also served as Vice President of Marketing and Technology Strategy at UK-based virtual appliance company Zeus Technology. Other professional roles have included Director of Product Management for Acceleration and WAN Optimization NetScaler and, when that company was acquired by Citrix, responsibility for strategic planning for Citrix’s virtualization business unit, reporting directly to the CTO. He was also held senior management positions at Speedera Networks (now Akamai); Exodus Communications (now Savvis); and the University of California at Santa Cruz. Dave Asprey holds degrees in computer science from the University of California, Santa Barbara and holds a master of business administration degree from the University of Pennsylvania’s Wharton School of Business.
11:30 AM–12:30 PM Securing Social Media in the Enterprise Location: Room 6 As corporations continue to struggle over the decision to ban or allow unrestricted access to social media, the medium continues to build momentum as a modern business tool. Further, employees are increasingly mobile, accessing social applications from their own devices on the corporate network. It’s a runaway train, so businesses are on the hook to enable social media in a way that balances security and privacy concerns with productivity and business enablement. The key to the right social media policy is to understand the usage patterns and the business case, as well as the risks, and weight these appropriately to make the best decision for the business and its employees. Session attendees will learn more about the pitfalls and opportunities presented by social media, and how to determine what type of social media policy is appropriate for their business. We will share ways to proactively manage the corporate network to protect against these threats, discuss how to train employees to recognize malware threats in social mediums and how to mitigate the fallout from a social media attack. Speaker - Nicholas Arvanitis, Security Consulting Services, Dimension Data Nick is a security consultant for global IT services provider Dimension Data. With more than a decade of IT security experience, he specializes in security assessment and penetration testing. He has deep expertise deploying complex security architectures across a broad range of industries, including financial services and government institutions. He has published a number of articles and speaks regularly at conferences including Defcon, BlackHat, DavCon and CSI, among others.
2:30 PM–3:30 PM Modern Two-Factor Authentication: Defending Against Today's User-Targeted Attacks Location: Room 6 Since 2005, attackers have gone after users, not systems, to penetrate organizations of any size or sophistication. Credential theft via automated malware, targeted phishing campaigns, and massive database breaches have rendered nearly all security controls impotent in the face of attackers that masquerade as legitimate users. Two-factor authentication demonstrably stops such account takeover and fraud but has been hampered by the cost, complexity, and technical limitations of traditional solutions. In this session, we examine the evolution of two-factor authentication over its 20-year history, and identify the modern innovations that promise to democratize strong authentication as a security measure of first resort. Speaker - Dug Song, CEO, Duo Security
3:45 PM–4:45 PM Point of Entry: How Browser Attacks have Marginalized Internet Security Location: Room 6 The prevention of online theft and fraud is an obvious priority for organizations that rely on the web to interact with customers, partners, and citizens, including corporations, government, banks, online brokerages, healthcare providers, retailers, and more. In addition to lost customers, compensation costs, and brand damage, organizations are subject to a wide range of regulatory measures that mandate data protection and privacy. Yet despite widespread attention, most organizations today have no control over the most commonly exploited vulnerability in their security infrastructure – web browsers. This session will explain how cyber-criminals are able to carry out browser-based attack that can bypass virtually every traditional internet security mechanism, the methods used by criminals to evade detection once they have penetrated the security perimeter, and what can be taken to defeat these threats. Speaker - Amit Klein, Chief Technology Officer, Trusteer Inc. As Trusteer’s CTO, Amit Klein manages the company’s Security team which is one of the world’s leading financial malware research groups. Prior to Trusteer, Mr. Klein was Chief Scientist at Cyota Inc. (acquired by RSA Security) a leading provider of layered authentication solutions. In this role, Mr. Klein researched technologies that prevent online fraud, phishing and pharming and filed several patents in those areas. Prior to this, Mr. Klein worked as Director of Security and Research at Sanctum, Inc. (acquired by Watchfire) where he was responsible for the security architecture of all Sanctum products. Mr. Klein holds a B.Sc. (cum laude) in Mathematics and Physics . Mr. Klein is a world renowned security researcher, having published over thirty articles, papers and technical notes on the topic of Internet security. He was named CTO of the Year by InfoWorld Magazine and has presented at many prestigious conferences including RSA, FSISAC, OWASP and CertConf.
Top of Page
Wednesday, May 9
10:15 AM–11:15 AM Changing the Mindset: Key Considerations When Creating a Risk Aware and Security Conscious Culture Location: Room 6 Creating a risk conscious and security aware culture within an organization can provide more protection to an organization’s information infrastructure and associated data assets than any technology or information security related control that currently exists. A risk conscious security aware culture is key to protecting an organization’s information infrastructure and associated data assets. Information threats and adversaries are more advanced and daunting than ever and show no sign of becoming less concerning in the future. In order to effectively address this issue, organizations must create and cultivate a culture and environment that embraces information risk management and security as a business benefit rather than another hurdle on the path to success. This session will focus on the key concepts and capabilities that should be considered when creating a risk aware and security conscious culture. Speaker - John Pironti, President, IP Architects, LLC John P. Pironti is the President of IP Architects, LLC. He has designed and implemented enterprise wide electronic business solutions, information security and risk management strategy and programs, enterprise resiliency capabilities, and threat and vulnerability management solutions for key customers in a range of industries, including financial services, insurance, energy, government, hospitality, aerospace, healthcare, pharmaceuticals, media and entertainment, and information technology on a global scale. Mr. Pironti has a number of industry certifications including Certified in the Governance of Enterprise IT (CGEIT), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information System Control (CRISC), Information Systems Security Architecture Professional and (ISSAP) and Information Systems Security Management Professional (ISSMP). Mr. Pironti frequently provides briefings and acts as a trusted advisor to senior leaders of numerous organizations on information security and risk management and compliance topics and is also a member of a number of technical advisory boards for technology and services firms. He is also a published author and writer, highly quoted and often interviewed by global media, and an award winning frequent speaker on electronic business and information security and risk management topics at domestic and international industry conferences.
11:30 AM–12:30 PM IT Blind Side Location: Room 6 This session will discuss why so many IT organizations are getting "blind sided" by breaches and security incidents, in spite of a large investment in security technology. But, more importantly, this will be a discussion of some best known methods for approaches and techniques to minimize the chance that you will experience a breach without detecting it and be able to quickly assess the impact when an attack (from any source) impacts your data assets and IT infrastructure. Learn about industry guidance and best practices for IT security. Speaker - Dwayne Melancon, Vice President, Tripwire Inc. Dwayne Melançon is Tripwire's Chief Technology Officer, where he owns a critical role in driving and evangelizing the company's global overall product strategy. He brings over 25 years of security software experience, and is responsible for leading the company's long term product strategy to meet the evolving data security needs of global enterprises. Melançon joined Tripwire in 2000 and most recently served as Vice President of Products for Tripwire. He has spearheaded numerous initiatives during his tenure, including executive responsibility for business development, professional services and support, information systems and marketing. Prior to joining Tripwire, Melançon held leadership roles at DirectWeb, Inc., Symantec Corporation and Fifth Generation Systems, Inc. He is certified on both IT management and audit processes, holding both ITIL and CISA certifications, and is a frequent speaker at national and regional industry events.
2:00 PM–3:00 PM Do you know your enemy? Incorporating Security Intelligence and Adversary Centric Analysis Into Information Risk Management Location: Room 6 Who's after you and what they can do matters. As most of us leverage circa 2003 "best practices" for IT Security, 2011's more than a breach-a-week proved we're losing. Our once "best practices" were predicated on an older model of adversary and older models of IT. Our limited data shows we're most attacked where we're least invested. We cannot protect everything, so how do we best focus our defenses in a world where business leaders are tired of security FUD and are driven by compliance as the answer to all their problems? Data supported security intelligence. In this session we'll take an alternative, adversary centric look at the security challenge and see which insights and opportunities reveal themselves. We'll enumerate the emerging of Adversary Classes, their relative skills sets and capabilities, diverse target objective/asset types, and different TTPs (Tools, Techniques, and Procedures) that you can use to develop, process, analyze and communicate data supported information security intelligence.The session will also equip you with less known sources of actionable and credible intelligence to assist in your endeavors. If you know WHO you are facing and WHAT they are capable of, you can focus on WHICH assets they are after, and HOW they go after them. Speaker - Josh Corman, Director of Threat Intelligence, Akamai
3:15 PM–4:15 PM Software Security Risk Rises Along with Android Location: Room 6 Mobile devices and the security risks introduced by the software that runs them are proliferating, especially with the open and fragmented Android ecosystem. This talk scrutinizes challenges faced in securing mobile apps, focusing particular attention on the unique challenges of the Android platform, and contrasts them with legacy and more mature software security initiatives. We discuss how consumerization confounds security efforts, how the mobile app lifecycle makes risk a hot potato, and finish with the top Android threats and how to avoid them. Speaker - Jason Schmitt, Director of Product Management HP Enterprise Security Products, Fortify
Top of Page
Thursday, May 10
9:00 AM–10:00 AM Application Layer DDoS Attacks: Motives, Mechanisms, and Mitigation Location: Room 6 When a DDoS attack is launched against a network, how does the site admin know what’s happening? The building doesn't burn down and alarms may not even be triggered. Yet this silent event can cause devastating outcomes for the business. This session will take an in-depth look at what are predicted to be some of 2012's most menacing application-layer attacks. It will also review the impact of application-layer DDoS attacks on web server implementations. Lab and real-world observations of various attack scenarios will be identified to provide practical technical indicators including network and server activity so attendees might enhance existing monitoring systems. Attack mitigation techniques will also be highlighted for their capabilities and effectiveness. Attendees will gain insight about how to distinguish between network flood DDoS and application-layer DDoS attacks and to recognize the onset of an application-layer DDoS attack. Attendees will also learn how to determine expected impact to web sites that experience application-layer DDOS attacks. Lastly, guests will learn how to defend their web sites and servers against application-layer DDoS attacks and predict the likely future of Internet-based DDoS attack activity. Speaker - Mike Paquette, Chief Strategy Officer, Corero Network Security Mike currently serves as Chief Strategy Officer of Corero Network Security, formerly Top Layer, where he is responsible for Corero's product portfolio, product management, and strategy. Mike has 27 years of computer networking and security experience with an extensive background in the design and development of networking products. He is co-author of a patent on DDoS protection. He regularly speaks at leading industry events, is a frequent security podcast guest with Network World, and has been quoted as a security expert in Investor's Business Daily, USA Today, Wall Street Journal, and many other publications. Mike has written White papers on IPS and published articles in Health Management Technology Magazine, ISSA Journal, and other industry publications.
10:15 AM–11:15 AM Security Automation: Connecting Your Silos Location: Room 6 For enterprises, managing security in today's ever-changing technology landscape is like being a farmer: it's all about managing your silos. Most IT organizations deploy many unique technologies from multiple vendors in an attempt to secure their infrastructure. Each of these technologies generally operates in its own silo, resulting in the duplication of basic functions across multiple appliances in multiple locations in the network. With security automation - enabling information to be shared in real time between heterogeneous collections of appliances - each new component added to the security infrastructure leverages value already in place in the environment.Learn how to deploy a standards-based signaling bus to enable automated, intelligent network security decisions across a variety of technology components such as firewalls, anti-virus, intrusion detection / prevention, web application firewalls, vulnerability scanners, policy servers, CMDBs, SIEM, etc. Leverage metadata accessible through standard APIs that can be accessed for real-time actions and executed by multi-vendor products, including enterprise-specific data if needed. Maximize the value of your existing infrastructure by sharing information for dynamic, real-time visibility and control of your network. Speaker - Lisa Lorenzin, Principal Solution Architect, Security and Mobility, Juniper Networks Lisa Lorenzin is a Principal Solutions Architect with Juniper Networks, specializing in security solutions, and a contributing member of Trusted Network Connect (TNC), a work group of the Trusted Computing Group (TCG) that defines an open architecture and standards for endpoint integrity, network access control, and security automation. She has worked in a variety of Internet-related roles since 1994, with more than a decade of focus on network and information security. Her experience in data center, government and enterprise environments, as well as her active participation and service in user groups and standards bodies, has brought her a thorough understanding of the challenges network administrators and users face in today's world of expanding regulations and increasing security threats.
11:30 AM–12:30 PM Less is More: Why SSL VPN is NOT What You Think It Is Location: Room 6 Even though the OpenSSL Toolkit has been hacked 44 times since 2002, VPN solutions continue to heavily rely on this technology. In fact, some of the most high-profile security breaches have involved SSL VPNs. This begs the question, are users not using the technology correctly? Or is SSL simply not as good as all the marketing hype makes it out to be? This year alone, several incidents have surfaced that called into question the security of SSL platforms, like Comodo issuing nine fraudulent certificates affecting several domains and the recent breach at Dutch digital certificate authority DigiNotar, among others. Clearly, confusion exists about the security capabilities of SSL. Ultimately, this misinformation undermines the technology and lessens its appeal in scenarios where SSL is an ideal solution. This session will put the most persistent SSL myths to rest and clarify the technology’s capabilities – and its limitations. Speaker - Rainer Enders, CTO, NCP Engineering, Inc. Rainer started his professional career as a Research Engineer with Ericsson. At Ericsson he worked in the areas mobile communication, broadband networks and Audio/Video technologies for the purpose of telework and remote teaching and learning. In his research Rainer investigated how people can effectively communicate and collaborate across the world in different disciplines, such as Engineering, Higher Education and Medical, using video conference applications and computer aided Multimedia technologies and tools. His vision of the Internet was that of a magic cloud that would connect all people and devices regardless of location and network. The key components of this Internet Cloud are a fast broadband transport, effectively designed applications that deliver Multimedia functionality as well as special purpose technologies such as compression and transparent roaming, a protocol stack that can bind applications together providing the glue and a pervasive security technology that protects data and applications at rest and in transit.With his 20 years of experience in telecommunication systems, data and storage network technologies, Rainer had the opportunity to work with cross-functional engineering teams across Europe, Northern America and Asia to design, develop and implement mission-critical communication infrastructure technology. During the past 10 years of his career his main focus was on storage and data network security. With people moving in and out of the network and a workforce that is becoming increasingly mobile the traditional perimeter based network security approach is no longer a viable solution. The focus of his consulting practice was to provide advanced security architectures and implementations for a new and rapid changing network world with Open Source, Virtualization and Cloud Computing as key driving forces. Today Rainer is CTO for the global network security firm NCP engineering.
Top of Page