ISSA Central Plains Chapter
October 7th,  2005

 

Central Plains Chapter Meeting:

"The War Against Internal Attacks and Worms: Network Anomaly Detection and Mitigation",
Aaron Torres, Senior Security Engineer

 

As a Security Engineer for Lancope, Aaron Torres has been a significant driver in the industry of Network Behavior Anomaly Detection in the South Central Region. Aaron has many years experience in consulting and training as well. He has a decade of operational and engineering experience in enterprise IP security technologies. Aaron commands considerable expertise in datacenter network design, IP flow analysis techniques, network management, and enterprise network security planning and management. During his tenure as a Netscout Systems (Cisco Works) and Avnet, Aaron managed security solutions and IP networks across the Southwest of the United States. He has been a well received speaker at many customer sites and conferences.


Aaron will be presenting on Network Anomaly Detection and Mitigation

    Internal Attacks and worms continue to strike fast and furious. Their aggressive nature in exploiting unknown vulnerabilities combined with their rapid propagation only strengthen their ferocity and increase the damage they can inflict upon the network. Past experience and current technology limitations force today’s security administrators to look to behavioral anomaly systems that provide visualization tools, alarming technology, and mitigation techniques specifically designed to help recover from fast spreading Internal attacks and worms. These behavioral anomaly systems analyze traffic patterns called "flows" (not signatures) in order to automatically detect and alert on statistical deviations from the normal "hum" of a healthy network. Using flow-analysis technologies to "profile" network behavior on a host or per "zone" basis, they enable early detection and mitigation of network Internal attacks and worms.

    Join Aaron as he explores multiple methods for Internal attacks and worm detection including:
    • Analysis of traffic patterns, protocol usage, and inter-zone communications.
    • OS fingerprinting.
    • Statistical, flow-based anomalies.
    • Mitigation of these attacks.

 

 

The Information Systems Security Association (ISSA)® is a not-for-profit international organization of information security professionals and practitioners.  It provides education forums, publications and peer interaction opportunities that enhance the knowledge, skill and professional growth of its members. We hope the ISSA will provide a chance to interface with other IT professionals and further your awareness of security practices and technologies.

 

This meeting is open to the general public with no expectations of membership.


Date:        Friday, October 7th, 2005
Location: Rockwell Branch Public Library

                5939 E 9th ST N, Wichita, KS 67208
Time:        1:00 pm until 3:00 pm