Sourcefire Sessions
Strategies for Securing Virtualized Environments
With all of its benefits, virtualization also creates new security risks. An attacker who gains access to one virtual machine can potentially compromise every other virtual machine on that host. And with the growing problem of VM Sprawl, ensuring virtual machines have the latest patches and proper configuration controls is an extraordinary challenge. Yet, organizations simply can’t afford to purchase yet another security solution to protect their virtual environments. In this session, learn how the Sourcefire protects both physical and virtual environments, while also addressing the challenge of containing VM Sprawl. Hear how TransUnion defends its virtual environments, and how Sourcefire can protect your virtual infrastructure—today and tomorrow.
Speakers: Robert Wagner, Richard Park
The Ultimate Swiss Army Knife: Leveraging Sourcefire RNA Beyond the IPS
The power of Sourcefire RNA goes well beyond the IPS. Sourcefire RNA provides 24x7, passive network intelligence, storing a real-time inventory of operating systems, services, applications, protocols, and potential vulnerabilities that exist on the network. As a result, RNA can help automate key IPS functions, such as attack impact assessment and IPS tuning. However, RNA provides additional benefits beyond the IPS, including network discovery, change management, network behavior analysis, IT policy compliance, and virtual machine detection. In this session, learn how organizations have used the real-time network visibility of Sourcefire RNA to confidently protect their dynamic networks.
Speakers: Richard Park, David Thomason
Need for Speed: Defending 10G Networks
Get under the hood of Sourcefire’s 3D9800 Sensor, the industry’s first 10Gbps IPS appliance, designed to meet the performance demands of 10 gig networks while supporting the latest IPv6 deployments. For large environments with significant volumes of network traffic, the 3D9800 Sensor enables users to protect their high-throughput core from one central location, reducing the effort and complexity of intrusion prevention. Learn how to customize the sensor to specific network speeds and connectivity options, and how to create a highly redundant, fault-tolerant architecture to support an organization’s most-critical, high-speed network segments.
Speaker: Douglas Hurd
Leveraging User Identity in the Sourcefire 3D System
What good is it to know which hosts have been attacked, or which hosts are running unauthorized applications, or which hosts consume the most bandwidth, if you don’t know who to call? Sourcefire RUA links user identity to security and compliance events, to help you respond to incidents more quickly, when time is of the essence. In this session, you’ll gain technical insights into how RUA works, including deployment alternatives for both Active Directory and LDAP environments. You’ll also learn how Newell Rubbermaid uses RUA to speed incident containment, enhance control, eliminate manual efforts and associated costs, and improve network security decision-making.
Speakers: Steve Piper, Michael Wilcox
Strategies for Implementing Real-time Adaptive Intrusion Prevention
With wireless equipment, mobile employees, outsourced workers, and virtual environments, today’s networks are highly dynamic. Static defenses can’t protect these dynamic networks against today’s dynamic threats. Sourcefire RNA helps organizations better understand their continuously changing network and improve network integrity. From creating and maintaining an inventory of your environment, to automatically recommending rules and enabling them, Sourcefire RNA is a powerful tool to help organizations confidently protect their changing environments. In the session, gain technical insights into Sourcefire’s innovative Adaptive IPS strategy, and learn how Accuro Healthcare Solutions has leveraged RNA Recommended Rules to achieve real-time, adaptive intrusion prevention.
Speakers: Chris Jacob, Customer TBD
Case Study in Leveraging 3D to Achieve PCI compliance
The Payment Card Industry (PCI) Data Security Standard was developed to protect cardholder information, reduce fraud, and identify security issues that could lead to the compromise of cardholder information. The Sourcefire 3D System meets the core PCI mandates including: build and maintain a secure network, protect cardholder data, maintain a vulnerability management program, implement strong access control measures, regularly monitor and test networks and manage an information security policy. In this session, learn how the Sourcefire 3D System has helped a leading retail organization demonstrate PCI compliance while protecting critical payment-processing infrastructure.
Speakers: Mike Guiterman, Customer TBD
Avoiding Pitfalls and Sandtraps: Lessons Learned from the Field
Joel Esler is a veteran of Sourcefire’s Professional Services team, having contributed to dozens of successful 3D deployments. In this session, Joel will share tips and tricks for getting the most from your Sourcefire investment. Learn how to get your 3D System into production quickly and effectively while addressing common deployment risks and constraints. From implementation to customization, find out what to do and what not to do across the entire suite of Sourcefire solutions. A series of real-world examples based on organizations of various sizes and industries bring the implementation process to life to help you to optimize your Sourcefire 3D System deployment.
Speaker: Joel Esler
“Product Feedback” Roundtables
This must-attend session is so important, we’re running it twice! You don’t want to miss your chance to sit down with members of Sourcefire’s Product Management and Engineering Teams to give your feedback on Sourcefire products and to share your “wish list” of product enhancements. Sourcefire regularly solicits product requirements from customers and partners to influence its product roadmap. From new capabilities to entirely new products, Sourcefire welcomes your input. Meet with Sourcefire product decision-makers face-to-face and help shape the future of Enterprise Threat Management.
Speakers: Sourcefire Product Team
Real-World Strategies for Implementing Sourcefire RNA
Aimed at large environments, this session is designed to help you understand how to optimize your Sourcefire RNA deployment. From sizing 3D Sensors, to knowing where you need to place RNA and where you don’t, our Sourcefire experts will take you through proven best practices for deploying Sourcefire RNA. Hear how a leading enterprise approached their implementation, lessons learned and strategies for continuing to monitor and optimize their RNA environment.
Speakers: Jason Brvenik, Customer
Rapid Threat Response: A Day in the Life of the VRT
Keeping our customers safe is not just our business—it’s our mission. Meet the Sourcefire Vulnerability Research Team (VRT)—a group of leading edge intrusion detection and prevention experts working around the clock to proactively protect your organization from today’s emerging threats. In this session, we’ll talk about the difference between vulnerability-based rules and exploit-based signatures, we’ll describe our methods for gaining threat intelligence, and we’ll review our process for writing, testing and publishing new Snort rules.
Speaker: Lurene Grenier
Using White Lists for Continuous Monitoring of IT Policy Compliance
Many organizations have published Acceptable Use Policies, or AUPs, to restrict the ways in which the network and computers may be used in order to minimize risk and optimize network resources. Typically part of an overall security policy, an AUP outlines approved operating systems, services and applications. But enforcing an AUP can be extremely challenging—especially without compliance monitoring tools to automate the process. In this session, learn how Sourcefire RNA can help model an organization’s AUP through compliance white lists. By continuously profiling the network, Sourcefire RNA can make enforcing AUPs both quick and easy.
Speakers: Leon Ward, Reed Warner
Integrating with Third-Party Systems through Sourcefire APIs
Today’s IT security organizations can’t afford to implement solutions that work in complete isolation. Security systems must interact with each other to share intelligence, improve security and minimize administrative burden. The Sourcefire 3D System offers more ways to integrate with third-party systems than any other IPS on the market. In this session, you’ll learn how Sourcefire makes it easy to integrate with third-party solutions through Sourcefire’s eStreamer, Remediation API and other techniques.
Speakers: Jason Billings, Customer
Implementing Data Leakage Prevention (DLP) Within a Sourcefire Framework
Intrusion Prevention Systems keep attacks from entering an organization, but some of the most costly security violations have come as a result of information leaving an organization. Whether done maliciously or unintentionally, the unauthorized and unsecured transmission of information such as social security and credit card numbers can open the door to identity theft and irreparably harm your organization’s reputation. In this session you’ll learn about Sourcefire’s vision and plans to prevent data leakage within the Sourcefire 3D System.
Speaker: Steve Kane
The Role of Sourcefire 3D in Enterprise Risk Assessment
Weill Cornell Medical College is one of the top-ranked clinical and medical research centers in the country. Its network environment includes 5,000 users, 7,000+ workstations, 60+ terabytes of data and 25,000 email accounts. Access to critical resources was unmonitored except via local access logs, leaving the network potentially open to compromise. A formal risk assessment determined that the lack of an IPS was creating the highest risk. In this session you’ll learn about Weill Cornell Medical College’s risk assessment methodology and how to apply the risk assessment process to your organization.
Speaker: Ben Nathan
Neutralizing the Insider Threat Through Flow Analysis
An IPS cannot detect threats it cannot see. Many exploits are hand-carried right through the front door of the office, on company-owned laptops used for personal business and contractor notebooks unmanaged by IT. Learn how Sourcefire helped XanGo to neutralize an insider threat through RNA flow analysis. Learn how to establish “normal” traffic baselines using RNA and/or NetFlow flow data, how to detect network “anomalies”, and how to drastically reduce time to detection while minimizing damage caused by malware propagation.
Speakers: Richard Park, Brandon Greenwood