Recommended Presentations from Cyber Defense Summit 2014

SANS Cyber Defense SummitI wasn’t at the SANS Cyber Defense Summit (full agenda – pdf) last month but found some of the presentations interesting as you might expect. No videos have been released as far as I know but here’s a quick link to the slides. My favorite decks included “OODA Security” by Kevin Fiscus, “Developing Cyber Threat Intelligence” by Adrien de Beaupre, and “Delivering Security from the Cloud” by John Pescatore.

Kevin’s slides on the OODA loop started with some basic material but quickly expanded into emphasizing how defenders actually have the significant advantage on our own turf. This is especially true when we speed up our perspective with “triggers” that alert us to abnormalities. It even comes with a few command line examples to run your own mini-honeypot triggers — nc –l –p 80; date >> trigger.txt — as well as a host of other tricks (e.g., common but unlinked webpages, fake administrator accounts, or important sounding documents).

With threat intelligence getting all the hype recently I didn’t anticipate much but Adrien’s slides exceeded my expectations. The slides nicely categorized the different types of data sources (i.e., free and commercial matrixed with internal and external) and suggested specific sites and services for each group. The free resources (e.g., your own infrastructure, SANS ISC, SRI,, Team Cymru, various CERTs, Twitter, AV blogs [Avert, TrendLabs, Kaspersky, and F-Secure], BugTraq, MSRC, MMPC, MR&D, etc.) were especially helpful for those just getting started. Threat intel is so much more than just those expensive external commercial offerings. Adrien closed his talk with architectures and free platforms for aggregating and correlating all that data (e.g., CIF, MANTIS, MISP, and CRITS) with the goal of making it actionable.

Finally, John’s material covered how the cloud can be used to ironically reduce risk by taking advantage of managed security services. Beyond some standard cloud foundation material, the slides covered how we can use current services to quickly stand up a security infrastructure (e.g., DDoS mitigation, email security, vulnerability assessments, and web security gateways) to protect cloud services without all the costly upfront investment in equipment, licenses, and expertise. Essentially, use the cloud to protect the cloud. Some interesting growth services that John mentioned included CipherCloud (StorageaaS), Incapsula (WAFasS), and Citadel (SIEMaaS). For many organizations using these services reduces risk since they are “doing” security for their cloud deployments rather than not because of the tremendous initial investment.

Here’s a rundown of the remaining presentations for those interested in investigating some of the other talks.


What were your favorite slide decks? Let us know in the comments below. Today’s post pic is from See ya!

4 comments for “Recommended Presentations from Cyber Defense Summit 2014

  1. September 5, 2014 at 12:12 am

    BLOGGED: Recommended Presentations from Cyber Defense Summit 2014

  2. September 5, 2014 at 12:55 am

    #NOVABLOGGER: Recommended Presentations from Cyber Defense Summit 2014

  3. September 5, 2014 at 11:02 am

    Recommended Presentations from @SANSEMEA #Cyber Defense Summit 2014 by @novainfosec,

  4. September 5, 2014 at 11:37 am

    Recommended Presentations from Cyber Defense Summit 2014

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.