Eddie Schwartz

Title: Understanding Social Networking Threats Using Live Threat Intelligence

Bio:
As Chief Security Officer for NetWitness, Eddie Schwartz is responsible for the alignment of the NetWitness product strategy with the evolving operational threat management needs of government and commercial organizations. Prior to joining NetWitness, Mr. Schwartz served as CTO of ManTech Security Technologies Corp, Senior Vice President of Operations of Guardent Inc, (acquired by Verisign), and EVP of Operations for Predictive Systems / Global Integrity (acquired by INS) where was responsible for the operations of the FS and Energy ISACs. Mr. Schwartz also worked as Chief Information Security Officer (CISO) at Nationwide Insurance, as a Senior Computer Scientist for CSC, and a Foreign Service Officer with the U.S. Department of State. Mr. Schwartz has a B.I.S. in Information Security Management and an M.S. in Information Technology Management from the George Mason University School of Management. CISSP, CISA, ISSEP, PMP, CISM, MCSE, IAM, CAP.

Abstract:
Social networking sites such as Facebook and MySpace represent a new generation of threats to your organization, and create fertile grounds for attackers. The end-users of these sites typically will access the sites from both work and home, and will interact with the sites under a general assumption trust of either the site itself, or the online community each individual has established on the site. This inherent personal trust relationship between an individual in your organization and a site of type can create all kinds of problems for your organization, such as numerous client-side, browser-based attacks, and palpable footholds for malware. Additionally, flaws in the online sites themselves can lead to problems associated with the exposure of personal information that can be used for spear phishing, blackmail, and other social engineering and blended attacks. Although in some cases it may be feasible to completely outlaw these sites and technologies, many organizations have either avoided such policies, or actually have adopted the use of these types of technologies as another form of online collaboration.

This session will describe in technical detail the various types of next generation threats associated with social networking and online collaboration sites, and offer methodologies for monitoring usage, detecting malicious activity, and investigating potential incidents occurring on your network. The session will describe how to attenuate your internal threat intelligence model to provide maximum visibility into these attacks, and how to leverage this active threat intelligence to perform real-time network investigations and incident response to effectively track down andkill threat agents. The session will demonstrate the automated fusion of organizational network session analysis with 3rd party automated intelligence telemetry sources such as reputation, botnet, and geoIP services.

Attendees at this session will learn the following:

• The specific nature of the most difficult cyber threats and trends associated with social network (particularly hands-on case studies involving nation-sponsored attacks on USG agencies).
• Descriptions of failures of organizations within the first 24 hours of an incident and what specific data is missing from current intelligence and defensive operational models.
• How to develop a “live threat intelligence” data model by fusing a combination of internal data, based upon full packet capture and forensic session analysis with open source and commercial automated and manual intelligence services.
• A hands-on review of case studies involving the fusion of organizational threat data with reputation services and the value created by real time data fusion and network forensics analysis techniques.
• Hands-on demonstrations of specific adversary exploit trends and how these trends are derailed and exposures are lessened using active threat intelligence and the creation of an alerting and reporting mechanism.

Technical Experience Level: 5-7 Years Networking, Security, Incident Response, Network Forensics.