2013 – Schedule

Check as we get near our date to be sure you don’t miss out on any of your favorites.

(Note that we do not require registration for Breakout Sessions)

Wednesday, October 23, 2013

8:00 – 8:30 am Welcome and Opening Remarks Mayor Tim Burchett

Special Agent in Charge Kenneth Moore, FBI Knoxville Field Office

8:30 – 9:30 am Lawrence (Larry) K. Zelvin

Director, National Cybersecurity and Communications Integration Center

U.S. Department of Homeland Security

9:30 – 9:45 am Break  
9:45 am – 10:45 pm Tom Cross

Director of Security Research, Lancope

Working late again, Bob? Traits exhibited by your hardest working employee can be the same as those of the malicious (or sometimes even unwitting) insider. The prevalence of Insider Threat is often a subject of disagreement and unsourced statistical assertions. Many approaches to addressing the problem are both ineffective and overbearing at the same time. Complicating the issue as well is the need to detect the use of legitimate access credentials by external attackers. Learn how to spot insider threats, identify their network activity, and discuss best practices to protect your organization. This talk will review academic research into Insider Threats, discussing the frequency and impact of the attacks and who does them and why. The talk will then cover strategies for managing the problem from both a business and technical point of view, discussing different techniques for identifying suspicious activity in large collections of data.
10:45 – 11:00 am Break  
11:00 am – 12:00 pm Michelle Caswell

Sword & Shield Enterprise Security

Healthcare Data Breach from a Legal Perspective – The recent breaches of healthcare data have skyrocketed in the recent years, causing much concern in healthcare entities. As physical office moves beyond locked doors, modern healthcare IT organizations must also focus on data aspects outside of data centers and server platforms. This session will assist in defining what constitutes a data breach, how do breaches occur, how to respond in the event of a breach, the hidden costs of a breach and what you can do to assist in preventing a breach. The same security measures that can prevent a breach of protected health information can apply to other data types (i.e. trade secrets, payment card data, personal identifiable information etc…).
  Breakout Session — Tom Cross Sophisticated, targeted attacks have become increasing difficult to detect and analyze. Attackers can employ 0-day vulnerabilities and exploit obfuscation techniques to evade detection systems and “fly under the radar” for long periods of time. Reports cataloging trends in data breaches reveal a systematic problem in our ability to detect that they ever occurred. Gartner estimates 85% of breaches go completely undetected and 92% of the detected breaches are reported by third parties. New strategies for identifying network attack activity are needed.

The purpose of the session is to review how network logging technologies such as NetFlow and IPFIX can be applied to the problem of detecting sophisticated, targeted attacks. These technologies can be used to create an audit trail of network activity that can be analyzed, both automatically and by skilled investigators, to uncover anomalous traffic. We will demonstrate how to these records can be used to discover active attacks in each phase of the attacker’s “kill chain.” We will also cover how these records can be utilized to determine the scope of successful breaches and document the timeline of the attacks. The session will demonstrate these processes and techniques in both open source and commercial solutions.

12:00 – 1:00 pm Lunch  
1:00 – 2:00 pm Grier Weeks

Founder and Executive Director
Protect: America’s Pro-Child, Anti-Crime Lobby

2:00 – 2:15 pm Break  
2:15 – 3:15 pm Michael T. Geraghty

Vice President, Chief Information Officer, National Center for Missing and Exploited Children

3:15 – 3:30 pm Break  
3:30 – 4:30 pm Jonathan Underwood

Oak Ridge National Laboratory

Social Media

Thursday, October 24, 2013

8:00 – 8:30 am Opening Remarks A.J. Wright

Chief Technical Officer/Chief Information Security Officer

University of Tennessee

8:30 – 9:30 am Betsy Woudenberg

CEO, IntelligenceArts, LLS

Betsy returns to the Summit this year with updates on the global threats.
9:30 – 9:45 am Break  
9:45 – 10:45 am Bill Dean

Sword & Shield Enterprise Security

Cloud Forensics

The current statistics are that 80 percent of businesses currently use the cloud or plan to in the next 12 months and that 50% of all data will be based in the cloud by 2016. With the cost savings and “on-demand” computing power, what’s not to like? It is like a dream come true, until you are relying on it for evidence. Cloud security has gotten a great deal of attention, but cloud evidence deserves attention also. If your “cloud” is compromised, what data will you have available for analysis? Will that be enough? When you are involved in civil litigation and the courts are requesting electronic data that you have stored in the cloud, how will you ensure that it will be available to you and not inadvertently destroyed? What about criminal investigations? This talk will discuss these challenges from both a business and personal perspective. We will address the various strategies of proper planning and challenges that you face.

10:45 – 11:00 am Break  
11:00 am – 12:00 pm Ron Stucker

Orange County, Florida Sheriff’s Office

The Casey Anthony Case: An overview of the case, with a focus on key points and lessons learned in the missing person and murder investigation. Specific areas that will be addressed include managing tips, the use of technology, and innovative forensic techniques.
  Breakout Session — Bill Dean Open Source Intelligence

The Internet is a phenomenal source of information. However, it can be terribly inefficient in finding focused information of value. This breakout session will be a basic open source intelligence (OSINT) course. OSINT is defined as intelligence that is publicly available by collection, dissemination or exploitation. This hands-on session will cover efficient search engine usage, monitoring websites for changes, researching and tracking people, social networks, capturing information and a little “gray hat” hacking. Bring your pen, paper and laptop with a wireless connection.

12:00 – 1:00 pm Lunch  
1:00 – 2:00 pm Marc Blackmer

Senior Manager, Industry Solutions
Sourcefire Inc.

Today’s malware is sophisticated and persistent. Layers of traditional anti-virus protection are regularly defeated by advanced malware, and research shows that up to 10 percent of all computers are infected at any given time. Last year alone, there were nearly 300 million new pieces of malware released.
Understanding the malware ecosystem and how malware behaves is paramount to preventing and remediating advanced malware. Predominantly defensive security models are no longer protecting users from malware, including the top three perpetrators found on more than 80 percent of accounts – Zero Access, Zeus/Zbot and Cridex/Carbperp. What is more, advanced malware is dropping files of unknown origin and no signature match on to networks, otherwise known as droppers, increasing the number of infections as well as the likelihood of reinfection.
In this session, we will discuss the statistics behind the existing malware ecosystem, characteristics of pervasive malware, protection techniques and their successes or drawbacks, testing limitations and next steps for rethinking malware defense.
  Breakout Session — Rob Gillen Into the Mind of a Hacker: In this session Rob digs deep into the world of exploits and malware with a specific emphasis on explaining the basic processes by which these tools are created and reverse engineered. This is a step well beyond running “exploit” from within msfconsole and attendees should expect to see a fair bit of assembly and register-level debugging. The purpose of this session is not to build an army of cyber miscreants but rather to help you understand how attackers look at your software and systems, and the types of things they are looking to exploit. You will leave this session with a better idea of how you can protect your applications from being an unknown carrier of the next bit of malware to sweep the ‘Net. This session includes a full demonstration of crafting an exploit (identifying a weakness, testing for specific vulnerabilities, execution and “weaponization”).
2:00 – 2:15 pm Break  
2:15 – 3:15 pm Rob Gillen

Oak Ridge National Laboratory

Hiding in Plain Sight: Taking cues from current research as well as industry trends, Rob walks through a prototype system that includes a malicious payload delivered via a spear-phishing attack. This system then interacts with a remote command and control system allowing for the surreptitious exfiltration of data. What is unique in this system, is that it is designed to leverage existing computational norms and user behavior patterns such that its interactions with the system are challenging to detect. The exploit, payload and command/control infrastructure are confirmed not to trip modern anti-virus systems.
  Breakout Session — Marc Blackmer
3:15 – 3:30 pm Break  
3:30 – 4:15 pm Local Panel
4:15 – 4:30 pm Closing Activities