LSEC - Leaders in Security

Vulnerabilty and intrusion detection and management are key components in any security assessment and consideration to improve the existing environment. During this seminar, LSEC and its partners will inform attendees about current methodologies, best practices, how to recognize the experts, DIY, outsourced or as a service ...

Intrusion Detection and Vulnerability Management

Vulnerabilities in an environment, being it a network, network components, a computer system or an application; vulnerabilities are key in the challenge to secure an information or IT environement. Knowing about them in the first place and next, making sure they should not be considered vulnerabilities going forward.
These vulnerabilities provide holes for hackers, information thieves, and others to exploit your environments. Sometimes they are wrongfully or carelessly engineered, but in many occassions they are just human errors through maintenance or other interventions. They can be basic ports in servers or firewalls, they could be misconfigurations in a database, they might be errors in an adobe pdf reader and can be challenged to either cause a denial of service, or just provide unintended access to the protected information.

Detecting vulnerabilities before they are exploited is a key part of a proactive security strategy, and is required by many compliance regimes as part of due diligence. However, most compliance regimes only require simple forms of vulnerability scanning, causing strong downward price pressure when compliance (versus proactive security) is the driving requirement. Deeper methods of vulnerability discovery, such as penetration testing and static/dynamic application security testing, are being deployed to take more proactive steps against targeted threats that go beyond simply exploiting missing patches or misconfigured operating systems.

During this seminar, LSEC has the intention to inform Information Security professionals, Security Managers, CSO’s, CISO’s, IT Management, CIO’s and Auditors about the current trends, evolutions, methodologies and systems that could help and facilitate in the process of vulnerability management, including assessment, pen testing, intrusion detection and managed or outsourced services.

Final Program

The following speakers and topics have been put under consideration. The organizers are open to other suggestions and ideas, as well as to comments on the current program overview.

9.00 : Welcome Coffee & Registration

9.30 :  Introduction, Vulnerability Assessment Framework, by Ulrich Seldeslachts, CEO LSEC

9.45 :  Turning a blind eye to cyber threats? Consider an effective approach to security testing, by Daniel Lucq, Dimension Data (BE)

Abstract : Security assessment and penetration testing contribute to understanding the risks to and exposure of critical data. A means of empirically determining and validating vulnerabilities that lead to compromised data will assist organisations in pinpointing the glaring risks that should be focused on as a priority. Effectively assessing its security posture and the threats to its protected data is best achieved through a combination of network and application-level assessments. However there is a lack of consensus regarding the best approach to security testing. Organisations are faced with a multitude of options, not all as effective or with equal ROI.

About : Daniel is a Security Consultant and Team Leader of the Security Governance Line of Business at Dimension Data Belgium. In his position he manages a dedicated team of security consultants engaged in security advisory and assurance services.  Being active in IT for over 10 years, of which the majority devoted to software development and IT security, he is an expert in a variety of domains, specialising in Penetration Testing, Application Security, Security Policy and Compliance engagements, Threat and Risk Assessments, ISO 27001 and PCI DSS.

10.30 :  Advanced Network Security Forensics, by Hans De Raeve, Product Manager ICT Security, Belgacom ICT - Telindus (BE)

11.15 :  Vulnerability management – the common pitfalls, Outpost 24, Ron Perris, CTO (US)

About : Ron Perris is Chief Technical Officer at Outpost24, a global leader in vulnerability management. At Outpost24, Ron leads the research and development team of world class computer security researchers and engineers. Under his leadership the team at Outpost24 has spoken at major security events around the world and found numerous vulnerabilities in core components in the internet and applications from vendors like Cisco, Microsoft, Apple, Checkpoint and others. Ron is a Certified Information Systems Security Professional as awarded by the International Information Systems Security Certification Consortium. He is also a Certified Information Security Manager designated by the Information Systems Audit and Control Association.

Abstract : 
The number of organizations falling victim to data breaches through network and web-based vulnerabilities has increased substantially, with Sony, Lady Gaga, David Beckham and eHarmony all falling victim to this rising threat.  This session will explore the main reasons behind this, and offer participants insight into how to assess if current vulnerability management programs will succeed.  Through reference to recent breach incidents, the session will also explore the most common pitfalls when setting up a vulnerability management program and detail how organizations can look to avoid them.

3 promises you make the audience: “When you leave this session you will...”

1.  Have insight into the current threat associated with network and web-based vulnerabilities
2.  Understand the most common pitfalls presented by vulnerability management
3.  Realize how to adapt your security strategy to effectively avoid this problem

12.30 : networking lunch

13.30 :  Demystifying Advanced Persistent Threats, by Christophe Bianco, General Manager of EMEA, Qualys

The term Advanced Persistent Threat (APT) has been used frequently over the last 18 months, triggered initially by the attack on Google, then refreshed by attacks on high other profile companies, including RSA and Lockheed Martin. These attacks proved that no company is immune, even with advanced security measures in place. But while organizations should understand how APTs work, it is important to remember that they face constant attacks that are not APT-related, mostly by mass malware. Why we are so vulnerable and what can be done to prevent such “advanced” attacks? This session will explore recent threat vectors and show some of the highly publicized malware and 0-day exploits that were used in these attacks. Bianco will then go over the preventative measures that organizations should take to increase their protection and demonstrate the benefits of software hygiene to keep systems patched and up-to-date with recent software updates and meet compliance requirements.

This talk is primarily focused on explaining the benefits of software hygiene and regular software updates by demonstrating using live examples how un-patched systems or software behave when attacked with malware and 0-day exploits.

What delegates will learn at this session:
• Benefits of software Hygiene
• Ability to prevent attacks against zero-days with proper software updates
• Effective ways to expedite PCI compliance audits
• Live examples of recent zero-days

About : With 15 years of experience in providing security services, including security policy and governance, audits, and intrusion detection, Christophe is responsible for strategic, operational, field sales and marketing activities in EMEA. Most recently leading Western Europe sales and managing the Luxembourg subsidiary for Verizon Business Security Solutions, Christophe led a team advising the extended enterprise on how to secure information, secure the infrastructure, and implement governance, risk and security policies. Christophe has also served as the general manager for Ubizen in Luxembourg, where he managed operations and executed the company’s partner and vendor strategy, set up a customer loyalty program, and extended the products and services offered. He has also been manager of information security for SkillTeam, an IBM subsidiary, and network and telecoms engineer for Banque Paribas, both based in Luxembourg. Christophe has a master’s degree in telecoms from the National Superior School of Telecommunications of Brittany, a degree in engineering from the National School of Brest, and an Executive MBA from HEC Paris.

14.15 : Next Generation of Intrusion and Anomaly Detection, by Zdenek Vrbka , AdvaICT (CZ)

Intrusion Detection Systems have had a good reputation for a long time, when most of the threats could be kept outside of the network perimeter and when those threats were known. Today, we don’t know about all threats, how they operate and how to detect them. What are anomalies and how will your systems be capable of protecting you if they don’t know what to look for?

About : Zdenek Vrbka received master degree from computer science in 2005 at Faculty of Informatics of Masaryk University in Brno and holds his PhD degree in Information Science with a specialization in Quality Assurance. Currently he works in AdvaICT, Masaryk University spin- off, which develops the network security and monitoring solution FlowMon ADS (Anomaly Detection System). His main focus is in business development. He is an author of online network security and monitoring service NetHound.

15.00 : Coffee Break

15.30 : OSSEC : All your logs belong to you, by Xavier Mertens, Telenet C-Cure

Log management is a critical step to build your SIEM and SOC. Even small organisations may find lots of interesting stuff in their logs. This session will present OSSEC, an open source log management solution, and explore how it can increase the value of your logs and how to find potential vulnerabilities.

Xavier Mertens is a Security Consultant working for C-CURE, a Belgian consultancy company. His job focuses mainly on “security monitoring” solutions such as log management, SIEM, incident management but also on audits and pentests. Instead of following vendors, he prefers to find the best solutions to solve security issues. One of his preferred tool at the moment is OSSEC. He wrote several blog articles about this software to increase its performance or visibility. In parallel to his daily job, Xavier maintains his security blog and offers some spare time and resources to initiatives like BruCON, EuroTrashSecurity.

16.15 :  Next generation datacenters: vulnerability protection and intrusion prevention as part of à 10Gb and virtualization strategy, by Manu Luyten, On2It (BE)

Abstract : the ever growing datacenters where virtualization and next generation data transfer rates are determining the current architectures, bring along old and new challenges for it security.
Learn how to deal with vulnerbility managament and intrusion prevention at gigaspeed.

About : ON2IT Belgium, part of the SAGA Group, specialises in IT security & lifecycle management. We provide highly skilled consulting and managed security services, assisting our customers in gaining visibility, control and automation over the entire IT infrastructure using next generation security technologies.

17.00 : Combining vulnerability management with web application firewalls: a perfect fit!, by Erwin Geirnaert, Zion Security

Abstract : Application vulnerability management is typically not a focus of an IT environment when it comes to managing security. Most companies tend to focus on networks, perimeter and devices. Today however, most vulnerabilities are exploited through applications. Both desktop applications, but also in combination or even stand alone application servers or web applications. Both the detection and the protection are seamlessly integrated and will help you reducing your vulnerabilities significantly.

About : Erwin founded ZION SECURITY in 2005 to help companies to protect against the latest threats, attacks against web applications. ZION SECURITY is nowadays a Belgian market leader in the field of security testing, vulnerability management, penetration testing and banking security. Erwin has more than 10 years of experience in web security, graduating with a Master of Science in Software Development from the University of Ghent. Erwin executes different types of projects for a lot of international software companies, financial institutions, telecom and web agencies. Specialist in executing code reviews in different development languages for critical applications, executing continuous penetration tests of their infrastructure and Internet applications. A specialist in J2EE security, .NET security and web services security. Erwin architects secure e-business projects for web agencies and software companies. He is a recognized application security expert and speaker at international events like Javapolis, OWASP, Eurostar,

17.45 Conclusions and Networking Drink

19.00 Close of seminar

Some of the following questions and considerations will be discussed :
- what is vulnerability management, intrusion detection, pen testing, ethical hacking, ...
- methodologies, standards, certifications, ...
- DIY vs outsourced, key elements and considerations
- hosted, as a service vs appliances vs manual, complementary or competitive
- forensics and what if ...
- ...

Practical

LSEC 2012 intrusion detection and vulnerability management

Ubicenter, Verizon Business, Philipssite 5, 3000 Leuven

Thursday, April 19th, from 9 AM to 18h, with networking and tradeshow facilities, coffees, lunches.
Limited seating, ensure your seat and reserve today.

Register now at : http://vulnerabilitymanagement2012.eventbrite.com

Free if registered before March 31st. 150 € participation fee if registrered before April 15th, 250 € from April 16th and onwards.
Cancellation fee of 150 € upon cancellation after April 1st.

Free to participate for LSEC Expert Members and Members of TeleTrust, SITC, Systematic, Cluster Seguridad and NSM upon confirmation of their membership.

About the organizers :
This event is organized by LSEC, a not-for-profit association focused on Information Security in Belgium. LSEC has been organizing over the last couple of years over 100 highly professional information security oriented activities. LSEC is a founding member of the European Security Innovation Network, a project supported by the European Commission through the INTERREG IVb program that supports innovative developments in the North Western European region in Security. With its partners Systematic Paris region in France, SITC in the UK and TeleTrusT in Germany, LSEC welcomes the active participation of companies to participate in the discussion of potential threats, challenges and opportunities for companies in the domain of Security, or to the enterprise market and government institutions.