Saturday, December 12, 2009

SANS Incident Detection Summit Wrapup

This past week I was able to attend the SANS Incident Detection Summit in Washington DC. [In full disclosure, I should point out that I was on two of the panels so I did not have to pay admission to attend.] I'll fully admit that the summit blew away all expectations I had of it!

The SANS 'What Works' Summits are not like their typical SANS conferences. The summits, or at least this one, are a single track where each session will either have a briefing (a presentation by someone) or a panel of experts discussing a specific topic. The audience gets to participate by asking questions via yellow note cards that are given to the moderator. The moderator then chooses which questions to ask.

Many of the briefings and panels were amazing and gave great insights into different techniques to detect bad guys. if I had to choose my favorites they probably were Seth Hall discussing Bro, the Honeynet Project briefing and AAron Walters and Brendan Dolan-Gavitt's talk on memory analysis. Matt Richard's after-hours talk on analyzing PDF and office malware was amazing as well.

As great as the panels and briefings were, the best part was being able to talk to the people afterwards. The whole summit had less than 100 people (I'm guessing here) and everyone was willing and happy to talk. Where else do you get a chance to sit down and talk with people such as AAron Walters, Matt Jonkman, Andre Ludwig, Bamm Visscher, David Bianco, Ken Bradley, Matt Olney and Ken Dunham in one place?

I will definitely be coming back next year if I can.