TechTarget Information Security Decisions Conference

[Dave Aitel <dave () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm here in Chicago at the TechTarget Information Security Decisions
conference [1]. It seems like every second person in Chicago worked
for the Obama campaign, although my cabbie on the way to the airport
was convinced Obama was a Muslim and "The Antichrist".

One interesting thing they did was have 5 ten minute sessions for new
technology companies in information security. Probably my favorite was
NetWitness. Like every new company, NetWitness focuses on data
correlation almost as much as they focus on data collection, if not
more. One of the more striking things about it was the speaker they
sent up - very non-marketing. He sounded like he'd written some of the
code behind it.

His talk was simple: Here's what you do today, and it just doesn't
work against 0day. Here's some graphs we have that help you analyze
0day attacks on your network, which we generate by collecting every
packet you send. That way you can do your own anomaly detection
instead of relying on some sort of algorithm to give you fuzzy results.

*I* don't believe any sort of sniffer is the answer, but he was still
the best-in-show in my opinion. In any case, I'll be talking on the
panel today at 1:55pm if you want to come by and grade MY performance. :>


[1] http://infosecurityconference.techtarget.com/conference/index.html

- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJEvqktehAhL0gheoRAjwbAJ0fs91Cjur09yiBRaeTJNZuaWD9NACfVyhv
Jmn6+itZHUVEgzIlAIutSNE=
=eCZU
-----END PGP SIGNATURE-----

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave