You are on page 1of 66

09.19.2010 >> 09.22.2010 Washington, D.C.

Welcome to ArcSight Protect 10!


Over the next few days, you will be an integral part of something special. Now in its sixth year, the ArcSight Protect Conference has become the cybersecurity training symposium of the year to attend. This year, we have an unparalleled lineup of keynote speakers and technical sessions geared toward preparing your enterprise for the future and helping you to combat the ever-evolving, persistent and sophisticated cyberthreats that are present in our global world. Be sure to avail yourself of all the incredible opportunities here at Protect 10 from networking with industry experts and thought leaders, to attending sessions packed with information and proven techniques for securing your enterprise and reducing enterprise risks. Make sure you save time to explore the ArcSight CyberSecurity Hall. New this year and brimming with excitement, the CyberSecurity Hall is home to the ArcSight product showcase, partner solutions, global services team, the ArcSight Genius Bar as well as theater presentations: Turbo Talks, SOC Talks and Customer Success Talks. This is the global ArcSight community in action, and I encourage you to take advantage of all the offerings. And while youre there, meet Arcie, our new company mascot, and get your picture taken with NASCAR driver Nelson Piquet Jr. and the official ArcSight-sponsored truck. When you arrive at the conference on Sunday, plan to come to our evening welcome reception to meet your fellow conference attendees and ArcSight team. Our Partner Booth Crawl & Reception is Monday evening, followed by the ArcSight JazzFest; and Tuesday night is our Gala dinner done Hawaiian style, so break out your favorite loud shirt and flip flops. I look forward to seeing you at all of these special events. At ArcSight, we work hard to deliver new solutions that help you mitigate enterprise threats and risks. Your success is our success, and we sincerely appreciate your continued support. I would also like to extend a special thank you to our conference VIPs, who jumped right into the drivers seat and registered early for the conference. Heres to all of you and our continued partnership in the global race against cyberthreats. Have a great conference. Sincerely,

Tom Reilly President and CEO ArcSight

MAP
Protect 10 SeSSionS
Fort Washington Boardroom Baltimore 5 3 1

Keynotes and Panels BreaKout sessions Private meetings case study room information desK
Woodrow Wilson 3 1 Annapolis

Cherry Blossom Ballroom

Magnolia

gaylord national resort hotel Ballroom level


1

Presidential Boardroom

ArcSight cyberSecurity hAll


Networking Dining Hall Birds-of-a-Feather Turbo Talk Theater CyberShots ArcSight Mascot Customer Support SOC Talk Theater Global Services

Protect 724

Protect '10 Promos Customer Rewards Documentation Product Showcase Partner Showcase

Government Fraud Prevention

Partner Showcase

N A Tr SC uc AR k

CyberBookstore Genius Bar

CyberSeCurity Hall HourS


Monday: 7:00am 8:00pm tuesday: 7:00am 5:00pm Wednesday: 7:00am 2:00pm

Customer Success Theater ArcSight University CyberRange

gaylord national resort Prince georges exhiBition hall B

Registration

netWorking eventS

Gaylord National Resort


Hotel Entrance

WATERFRONT STREET

CyberSecurity Hall

FLEET STREET WATERMAN PASSAGE MARINER PASSAGE AMERICAN WAY

Registration

Pose Lounge Orchard Terrace

WATERFRONT STREET

NATIONAL PLAZA

Sunset Room

gala dinner - sunset room, national harBor welcome recePtion - orchard terrace, convention center atrium level Protect 724 Jazzfest - Pose lounge, 18th floor Partner Booth crawl & recePtion - cyBersecurity hall registration

AGENDA

The UlTimaTe

enTerprise ThreaT and risk managemenT plaTform.


Introducing the ArcSight ETRM Platform. The worlds most advanced system for safeguarding digital assets, complying with policy and controlling internal and external risks. Finely tuned to combat cybertheft, cyberfraud, cyberwarfare and cyberespionage.

The BesT Defense is a GooD offense.

AGENDA

arcsight esM
Enterprise-wide solution for capturing and analyzing security information to increase visibility and reduce risks. A serious security platform for todays serious threats.

AgenDA
conference overvieW
sunday, sePtemBer 19
Noon 7:00pm 6:00pm 8:00pm Registration Welcome Reception

eventS not to MiSS


Sunday, September 19
Welcome Reception
6:00pm 8:00pm; Orchard Terrace, Gaylord

monday, sePtemBer 20
7:00am 8:00pm 7:00am 8:00pm 9:00am Noon 2:30pm 5:30pm 6:00pm 8:00pm 8:00pm 11:00pm CyberSecurity Hall Partner Showcase Keynotes Conference Sessions Partner Booth Crawl & Reception ArcSight Protect 724 JazzFest

Monday, September 20

Partner Booth Crawl & Reception

6:00pm 8:00pm; CyberSecurity Hall

ArcSight Protect 724 JazzFest


8:00pm 11:00pm; Pose Lounge

Tuesday, September 21
Birds-of a-Feather
12:00pm 2:00pm; CyberSecurity Hall (Lunch Area)

tuesday, sePtemBer 21
7:00am 5:00pm 7:00am 5:00pm 8:00am 11:00am 11:00am 6:00pm 6:30pm 11:00pm CyberSecurity Hall Partner Showcase Keynotes Conference Sessions Gala Dinner

Protect 10 Gala Dinner Aloha!

6:30pm 11:00pm; Sunset Room at National Harbor

CyberSecurity Hall Happenings


Partner Showcase ArcSight Product Showcase Turbo Talk Theater SOC Talk Theater Customer Success Theater Global Services Genius Bar CyberRange Contest Technical Support CyberBookstore ArcSight NASCAR Meet the ArcSight Mascot

wednesday, sePtemBer 22
7:00am 2:00pm 7:00am 2:00pm 9:00am 5:30pm CyberSecurity Hall Partner Showcase Conference Sessions

thank you to the conference Advisory board Members!


a great conference transforms into an excellent one with thoughtful input from our customers. if you would like to be part of the Protect 11 conference advisory board, send email to userconference@arcsight.com.

SunDAy, SePteMber 19
tiMe
Noon 8:00pm 6:00pm 8:00pm

eVeNt
Registration Open Welcome Reception

rooM
CyberSecurity Hall Orchard Terrace, Gaylord

MonDAy, SePteMber 20
general sessions
tiMe
7:00 8:30am 7:00am 8:00pm 9:00 10:00am

eVeNt
Registration; Breakfast CyberSecurity Hall the Formula for CyberSecurity Success Speaker: Tom Reilly, President and CEO, ArcSight

rooM
CyberSecurity Hall CyberSecurity Hall Woodrow Wilson Ballroom

10:00 11:00am

international Perspectives on CyberCrime How Governments with borders Deal with an internet that has None Speaker: Dr. Prescott Winter, CTO, Public Sector, ArcSight

Woodrow Wilson Ballroom

11:00am Noon

infrastructure Protection & advanced Persistent threat Management lessons learned in the Private & Public Sector Moderator: William Crowell, Former CEO, CyLink Corporation; Former Deputy Director of Operations and Deputy Director of the NSA

Woodrow Wilson Ballroom

Noon 2:30pm

Lunch

CyberSecurity Hall

evening events
tiMe
6:00pm 8:00pm 8:00pm 11:00pm

eVeNt
Partner Booth Crawl & Reception ArcSight Protect 724 JazzFest

rooM
CyberSecurity Hall Pose Lounge

MonDAy, SePteMber 20
BreaKout sessions
NuM title leVel rooM 2:30pm 3:20pm
SN53 CSN08 SN01 SN39 CSN20 CSN30 Using ArcSight Express to Analyze Flow Events Realizing End-to-End Encryption in the Payments Industry Primer: Auditing Oracle Database Activity The Last 1000 Engagements Lessons from the Field Death by Acronym How to Survive HIPAA, HITECH, and FTC Red Flag Rules with ArcSight Security Operations that Cross International Boundaries Intermediate Basic Basic Basic Basic Basic Baltimore 1 Baltimore 3 Baltimore 5 Annapolis 1 Annapolis 3 Magnolia 3

3:30pm 4:20pm
SN59 CSN33 SN03 SN72 CSN04 CSN15 Optimizing ArcSight Express Bridging the Gap between Security Monitoring and Security Management Primer: Got Reports? The ABCs ArcSight FraudView The Next Generation Bots/Malware Detection by Leveraging Open Source Resources Using ArcSight ESM for Malicious Domain Detection Basic Intermediate Basic Intermediate Intermediate Intermediate Baltimore 1 Baltimore 3 Baltimore 5 Annapolis 1 Annapolis 3 Magnolia 3

4:30pm 5:20pm
SN42 CSN31 SN04 SN68 CSN27 CSN03 Investigating Financial Application Modeling Techniques in ArcSight ESM Ensuring Inactive IDs Stay Inactive Primer: Got Reports? Beyond the Basics Maximize Connector Deployment with the ArcSight Connector Appliance Automated ArcSight ESM Content Replication Synergizing New Threats with ArcSight ESM Basic Basic Intermediate Advanced Advanced Advanced Baltimore 1 Baltimore 3 Baltimore 5 Annapolis 1 Annapolis 3 Magnolia 3

*Sessions marked CSN are customer-led sessions.

tueSDAy, SePteMber 21
general sessions
tiMe
7:00 8:30am 7:00am 8:00pm 8:00 9:15am

eVeNt
Breakfast CyberSecurity Hall arcSight Product Showcase Speaker: Hugh Njemanze, CTO and EVP of Research and Development, ArcSight

rooM
CyberSecurity Hall CyberSecurity Hall Woodrow Wilson Ballroom

9:15 10:00am

the Future of Global CyberCrime Moderator: Joseph Menn, Author of Fatal System Error

Woodrow Wilson Ballroom

10:00 10:45am

enterprise threat and risk Monitoring in the real World Moderator: Colby DeRodeff, Enterprise Strategist, Worldwide Strategic Solutions, ArcSight

Woodrow Wilson Ballroom

10:45 11:00am

Break

evening event
tiMe
6:30pm 11:00pm

eVeNt
Gala Dinner

rooM
Sunset Room at National Harbor

BreaKout sessions
NuM title leVel rooM 11:00am 11:50am
SN73 CSN02 SN02 SN65 CSN34 CSN23 Preparing for Your ArcSight ESM Upgrade Threat Response Triage System Primer: Auditing Microsoft SQL Database Activity ArcSight ESM Tools and Integration with ArcSight Logger and ArcSight TRM Integrating ArcSight ESM with Network Access Control to Help Manage 100,000+ Endpoints Context is King! Basic Basic Basic Intermediate Intermediate Intermediate Baltimore 1 Baltimore 3 Baltimore 5 Annapolis 1 Annapolis 3 Magnolia 3

11:50am 2:00pm
Lunch and Birds-of-a-Feather
*Sessions marked CSN are customer-led sessions.

CyberSecurity Hall

tueSDAy, SePteMber 21
BreaKout sessions
NuM title leVel rooM 2:00pm 2:50pm
SN41 CSN13 SN06 SN10 CSN28 CSN25 Moving Enterprise Security Monitoring to the Next Stage Mozillas Use of CEF in their Web Applications Primer: Got FIPS? (ends at 3:50pm) Tips and Tricks in ArcSight ESM Research to Detection: Developing Content to Counter APT-Class Threats Realizing the Value-Add: Operationalize Your ArcSight ESM Deployment Basic Intermediate Basic Advanced Intermediate Intermediate Baltimore 1 Baltimore 3 Baltimore 5 Annapolis 1 Annapolis 3 Magnolia 3

3:00pm 3:50pm
SN52 CSN17 SN64 CSN01 CSN5 All About Actors The Evolution of Malware Detection Dynamic Multidimensional Schemas with ArcSight ESM 5.0 The Who User Activity Monitoring in SIEM How to Write Anything to CEF (Easy Integration with ArcSight) Basic Basic Intermediate Intermediate Intermediate Baltimore 1 Baltimore 3 Annapolis 1 Annapolis 3 Magnolia 3

4:00pm 4:50pm
SN12 CSN12 SN07 SN47 CSN35 CSN29 Monitoring Applications without Application Development Achieving PCI Compliance Without Modifying Your Applications Primer: Using Varable$ (ends at 5:50pm) Windows Unified Connector Planning, Implementation and Troubleshooting ArcSight IdentityView 2.0 Make Identity Context a Part of Everyday Monitoring Implementing ArcSight Logger for Sustainable PCI DSS 1.2 Compliance Intermediate Intermediate Basic Intermediate Intermediate Basic Baltimore 1 Baltimore 3 Baltimore 5 Annapolis 1 Annapolis 3 Magnolia 3

5:00pm 5:50pm
CSN26 SN66 SN58 CSN19 CSN22 Achieving Situational Awareness by Integrating NetWitness and ArcSight ESM APIs, SDK and Service-Oriented Architecture in ArcSight ESM ArcSight, Monitor Thyself Building Your Baseline Rule Development Vulnerability Management with ArcSight ESM Intermediate Advanced Advanced Intermediate Intermediate Baltimore 1 Baltimore 3 Annapolis 1 Annapolis 3 Magnolia 3

*Sessions marked CSN are customer-led sessions.

WeDneSDAy, SePteMber 22
general sessions
tiMe
7:00 9:15am 7:00am 2:00pm 9:00 9:50am

eVeNt
Breakfast CyberSecurity Hall Closing Ceremonies Speaker: Tom Reilly, President and CEO, ArcSight

rooM
CyberSecurity Hall CyberSecurity Hall Woodrow Wilson Ballroom

BreaKout sessions
NuM title leVel rooM 10:00am 10:50am
CSN32 CSN18 SN08 SN09 SN17 CSN24 Achieving Continuous Compliance of Privileged Identities in Challenging Environments Measuring Security Using ArcSight Solutions Primer: Writing Rules Not Meant to be Broken (ends at 11:50am) From Water to Wine (or Use Cases to Content) (ends at 11:50pm) ArcSight Architectures Driving Content Creation with Use Case Forms Basic Intermediate Basic Intermediate Intermediate Basic Baltimore 1 Baltimore 3 Baltimore 5 Annapolis 1 Annapolis 3 Magnolia 3

11:00am 11:50am
CSN06 SN21 SN18 SN48 Using Reporting to Optimize IT Security How it Works: Assets, Zones, Networks and Customers Mastering ArcSight Platform Security Let ArcSight Logger Leverage your Logs Basic Basic Intermediate Basic Baltimore 1 Baltimore 3 Annapolis 3 Magnolia 3

11:50am 1:30pm
Lunch
*Sessions marked CSN are customer-led sessions.

CyberSecurity Hall

WeDneSDAy, SePteMber 22
BreaKout sessions
NuM title leVel rooM 1:30pm 2:20pm
SN51 SN67 SN54 SN11 SN62 SN30 Got Patterns? Creative Uses of Pattern Discovery ArcSight Logger All You Can Feed! ArcSight ESM 5.0 Image Dashboards Correlating Efficiently: Tips, Techniques and Troubleshooting for Writing Content Gain Rock Star Status as ArcSight ESM Manager Administrator (ends at 3:20pm) Use Cases for Automating Integration with ArcSight ESM and Remedy Intermediate Intermediate Intermediate Intermediate Advanced Advanced Baltimore 1 Baltimore 3 Baltimore 5 Annapolis 1 Annapolis 3 Magnolia 3

2:30pm 3:20pm
SN36 SN13 SN05 SN31 SN23 Cybercrime Investigator: Forensic Use of ArcSight ESM Integration Commands Best Practices for Scaling Log Management Primer: Auditing Network and Firewall Activity (ends at 4:20pm) Inside an ArcSight Connector the Journey of a Security Event Advanced ArcSight Logger Techniques Intermediate Basic Basic Intermediate Advanced Baltimore 1 Baltimore 3 Baltimore 5 Annapolis 1 Magnolia 3

3:30pm 4:20pm
SN50 SN14 SN25 SN71 SN28 APT Episode 1: Rise of the Bots Network Modeling Best Practices Best Practices in Using and Understanding Trends ArcSight ESM Database Performance from the Bottom-Up ArcSight FlexConnector Development Methodology Intermediate Intermediate Intermediate Advanced Intermediate Baltimore 1 Baltimore 3 Annapolis 1 Annapolis 3 Magnolia 3

4:30pm 5:20pm
SN73 SN24 SN10 SN52 SN12 Preparing for Your ArcSight ESM Upgrade (2nd Showing) Jump Start with Use Cases Tips and Tricks in ArcSight ESM (2nd Showing) All About Actors (2nd Showing) Monitoring Applications without Application Development (2nd Showing) Basic Intermediate Advanced Basic Intermediate Baltimore 1 Baltimore 3 Annapolis 1 Annapolis 3 Magnolia 3

*Sessions marked CSN are customer-led sessions.

10

ArcSight cyberSecurity hAll theAter ScheDule


monday, sePtemBer 20
turbo talk tHeater: tiMe
12:00pm 12:30pm Fast, 20-minute talks by the ArcSight engineering team.

SoC talk tHeater:

A variety of topics led by the ArcSight consulting team. Security Operations for the Federal Set

CuStoMer SuCCeSS tHeater:

Rich learning tips and tricks presented by ArcSight instructors. Building a Successful ArcSight Team Solution Building by Example

Concept to Implementation Real-World Use Cases Protect 724, Your Problem Solved: Correlation in ArcSight Logger Create a Report with Session Information Shedding Light on Side Tables Goals, Needs and Motives: Detecting Patterns and Behaviors ArcSight ESM 5.0 Overview Improvements to Correlated Event Forwarding

1:00pm 1:30pm 2:00pm 2:30pm 3:00pm

Has Your SOC Hit Puberty?

Threat Intelligence Integration with DeepSight Detecting APT with ArcSight ThreatDetector

SOC Blueprint

High Risk User Monitoring Winning Architectures Customer Success Roadmap

Protect 724, Your Problem Solved: Going Over the Waterfall How Overlapping Session Lists Help with Correlation Fast Start with ArcSight ESM Protect 724, Your Problem Solved: Security Operations How to Preserve Values from the as a Service (SOaS) Same Field from Multiple Events in a Join Rule Correlation Event Idefense Integration in ArcSight ESM Console

3:30pm 4:00pm

Compliance Enablement Methodology Windows Jump Start

4:30pm

folloW @ArcSightProtect on tWitter for late-BreaKing


conference news, event highlights and session recommendations

11

ArcSight cyberSecurity hAll theAter ScheDule


tuesday, sePtemBer 21
turbo talk tHeater: tiMe
11:00am 11:30am Fast, 20-minute talks by the ArcSight engineering team.

SoC talk tHeater:

A variety of topics led by the ArcSight consulting team.

CuStoMer SuCCeSS tHeater:

Rich learning tips and tricks presented by ArcSight instructors. Solution Building by Example High Risk User Monitoring

Advance Techniques in Populating Wiki What!?! Active Lists Why Wikis Work for SOC Protect 724, Your Problem Solved: Use Conditional Evaluations to Create a Pivot Report Has Your SOC Hit Puberty?

12:00pm 12:30pm 1:00pm

Enhancing the Value of McAfee HIPS with ArcSight Customer Success Roadmap

No Sessions: Visit the Development Team at the Birds-of-a-Feather Tables in the Lunch Area.

Its a Cluster! Installing and Managing ArcSight ESM on Windows High-Availability Clusters

Threat Intelligence Integration with DeepSight

1:30pm 2:00pm 2:30pm ArcSight ESM 5.0 Upgrade at-aGlance Advanced ArcSight Logger Searching with the Rex Pipeline Operator How to Get the Most Out of Your Console Microsoft Windows Event Log Unified SmartConnector Enhancements ArcSight FlexConnector Wizard What You Need to Know for Connector Upgrades Going Over the Waterfall Seeing the Woman in the Red Dress Security Operations for the Federal Set

Building a Successful ArcSight Team Windows Jump Start Winning Architectures

3:00pm 3:30pm

Customer Success Roadmap Executive Threat Reporting

4:00pm 4:30pm

Detecting APT with ArcSight ThreatDetector

12

ArcSight cyberSecurity hAll theAter ScheDule


wednesday, sePtemBer 22
turbo talk tHeater: tiMe
10:00am 10:30am 11:00am Fast, 20-minute talks by the ArcSight engineering team. IP Flow Connector Image Editor: What You Need to Know Protect 724, Your Problem Solved: Insiders vs. Outsiders: What Devices Havent Sent Who Should Manage Events in the Last Day to Your Security Operations? ArcSight Logger? ArcExchange Protect 724 Your Problem Solved: Store a Moving Average in an Active List Using Trend Actions and Overlapping Queries Leveraging Template Designer to Build Custom Reports Protect 724, Your Problem Solved: Who is Security Operations Counting Large Numbers over Consulting? Time The Power of the Top Value Count Data Monitor Best Practices for Scheduling the Trends and Report Jobs Seeing the Woman in the Red Dress

SoC talk tHeater:

A variety of topics led by the ArcSight consulting team. Security Operations as a Service (SOaS)

CuStoMer SuCCeSS tHeater:

Rich learning tips and tricks presented by ArcSight instructors. Planning a Successful Upgrade High Risk User Monitoring ArcSight ESM HealthCheck

11:30am 12:00pm

Solution Building by Example Threat Intelligence Integration with DeepSight

12:30pm 1:00pm

Enhancing the Value of McAfee HIPS with ArcSight Detecting APT with ArcSight ThreatDetector

1:30pm

13

The sysTem doesnT care who logs in. But you do.
arcsight identityView
Your employees now have a digital face and you have control. Get easy, complete visibility of user activity by linking the user, role and group information in directory, HR, and IdM systems with the users activity logs.

KEYNOTES

HALL
ARCSIGHT CYBERSECURITY
Experience 35,000 square feet of pure adrenalin. Located in Prince Georges Exhibition Hall B

KEYNOTES

keynoteS AnD PAnelS


MonDAy, SePteMber 20
The Formula for Cybersecurity Success
9:00 10:00am, Woodrow Wilson Ballroom
During the course of a race, a driver and his crew have several hundred adjustments that can be dynamically made to the car on the fly to improve performance and competitiveness, and reduce risks. Many of these adjustments are determined by a remote team of engineers monitoring the cars performance in real time. As security specialists, we need to have similar monitoring skills across all of our enterprise networks, applications and users to confidently reduce enterprise risks and respond to modern advanced threats. It is well understood that enterprises are rapidly changing and that traditional signature-based perimeter security approaches are no longer adequate. We know we need to move security controls and monitoring inside the firewall and begin to have an understanding of who and what is on networks, especially around sensitive data files, critical transactions and mission-critical systems, in order to quickly identify anomalous behaviors. At ArcSight, we are working hard to deliver these new enterprise management capabilities and, in doing so, we are leveraging our SIEM product leadership to deliver the industrys first true platform finely tuned for Enterprise Threat and Risk Management.

Speaker: Tom Reilly, President and CEO, ArcSight


Mr. Reilly has served as ArcSight Chief Executive Officer since September 2008 and as President since August 2007. Mr. Reilly served as ArcSight Chief Operating Officer from November 2006 to September 2007. From April 2004 to November 2006, Mr. Reilly served as Vice President of Business Information Services of IBM. From November 2000 until its acquisition in April 2004 by IBM, Mr. Reilly served as Chief Executive Officer of Trigo Technologies, Inc., a product information management software company. He holds a B.S. in mechanical engineering from the University of California, Berkeley.

14

International Perspectives on CyberCrime How Governments with Borders Deal with an Internet that has None
10:00 11:00am, Woodrow Wilson Ballroom
We all say the Internet is borderless, but what does that really mean in terms of developing the kinds of international cooperation required to identify and respond to threats, eliminate botnets, track and prosecute cybercriminals, and make the Internet safe and reliable for public and private use? Given the global nature of cybercrime, supranational institutions are likely to carry enormous power in the fight against such crimes. Hear the latest perspectives and thinking on how we can take the management of cybersecurity and countermeasures to combat cybercrime across international boundaries.

Speaker: Dr. Prescott Winter, CTO, Public Sector, ArcSight


Dr. Winter has served as ArcSight Chief Technology Officer for the Public Sector since March 2010. Prior to ArcSight, Dr. Winter served as Associate Deputy Director of National Intelligence for Information Integration for the National Security Agency (NSA) from 2008 to 2009. He served more than 25 years at the NSA, including positions as CIO and CTO; Chief, NSA Commercial Solutions Center; Chief, Customer Response; and Deputy Chief, Defensive Information Operations.

Special Guest:
Eneken Tikk
Head of legal and Policy branch, Cooperative Cyber Defence Centre of excellence
Eneken Tikk holds a Magister Juris degree from the University of Tartu and is pursuing a PhD degree. After working many years for both government and private sector enterprises, advising on information law, she joined the Cooperative Cyber Defence Centre of Excellence activation team, later becoming the head of the Centres Legal Task Team. Eneken headed the Cyber Defence Legal Expert Team involved in the drafting of Estonian Cyber Security Strategy; she is also a frequent lecturer on information technology and information law in Estonian universities and author of an information law textbook. Currently she is acting Legal and Policy Branch Chief at CCD COE. Her areas of research interest include information technology and cyber security law, as well as legal policy.

share ideas with the nations most advanced security gurus.

15

Infrastructure Protection & Advanced Persistent Threat Management Lessons Learned in the Private & Public Sector
11:00 Noon, Woodrow Wilson Ballroom
Protecting your enterprise network infrastructure requires first understanding the threat. This panel will break down the hype around todays top security concerns. Based on lessons learned from breaches in both the private and public sector, you will gain the knowledge you need to prepare your organizations defenses against advanced persistent threats.

Moderator: William Crowell, Former CEO, CyLink Corporation; Former and former Deputy Director of Operations and Deputy Director of the NSA
Mr. Crowell has served as an ArcSight Director since 2003. He is an independent consultant in the areas of information technology, security and intelligence systems, and served as the Chairman of the Senior Advisory Group to the Director of National Intelligence. He also worked at the National Security Agency (NSA), where he held a series of senior executive positions, including Deputy Director of Operations and Deputy Director of the NSA. He also serves as a director of several private companies.

Panelists:
Kris Herrin
Chief technology officer, Heartland Payment Systems
Kris is responsible for delivering secure and reliable IT services for Heartlands state-of-the-art payments processing platforms and enterprise applications, including product development, infrastructure and operations. He joined Heartland in April 2008 as chief security officer and transitioned to the role of chief technology officer in August 2009 where his work to drive operational efficiencies and delivery of innovative services using industry IT Service Management best practices won him recognition in the InfoWorld CTO 25 Awards. Kris is an adjunct professor at the University of Dallas Graduate School of Management and an advisory board member for their Information Assurance Program.

Tim McKnight
Vice President and CiSo, Northrop Grumman
Mr. McKnight is responsible for developing the strategy and vision of the Northrop Grumman global computer and network information security systems, and enhancing the security of the companys products, services and infrastructures. He has completed training with the National Security Agency (NSA) in the areas of information security assessment methodology, operating secure networks and advanced system security and exploitation. Mr. McKnight served as a police training instructor and on the computer analysis response and evidence response teams of the FBI. He holds a bachelors degree from Rutgers College.

Dr. Phyllis Schneck


VP threat intelligence, office of the Cto, Mcafee
Dr. Schneck is responsible for design and applications of McAfees global threat intelligence, strategic thought leadership around technology and policy in cybersecurity, and leading McAfee initiatives in adaptive security and intelligence in networks for critical infrastructure protection and cross-sector cybersecurity. Dr. Schneck is the Chairman of the Board of Directors of the National Cyber Forensics and Training Alliance, a partnership between corporations, government and law enforcement for cyberanalysis to combat international cybercrime. In addition to a Ph.D. in computer science, she holds three patents in high-performance and adaptive information security, and has six research publications in the areas of information security, real-time systems, telecom and software engineering.

Dr. Prescott Winter


Cto, Public Sector, arcSight
Dr. Winter has served as ArcSight Chief Technology Officer for the Public Sector since March 2010. Prior to ArcSight, Dr. Winter served as Associate Deputy Director of National Intelligence for Information Integration for the National Security Agency (NSA) from 2008 to 2009. He served more than 25 years at the NSA, including positions as CIO and CTO; Chief, NSA Commercial Solutions Center; Chief, Customer Response; and Deputy Chief, Defensive Information Operations.

16

tueSDAy, SePteMber 21
ArcSight Product Showcase
8:00 9:15am, Woodrow Wilson Ballroom
From ArcSight Express to ArcSight Logger and ArcSight ESM, the product family has become more advanced. Hear from the founder and CTO as he discusses and shows exciting, recently released products and new developments on the horizon.

Speaker: Hugh Njemanze, CTO and EVP of Research and Development, ArcSight
Mr. Njemanze co-founded ArcSight in 2000 and has served as EVP of Research and Development and CTO since 2002. He leads product development, information technology deployment and product research, and is an advisor at Silicon Valley Internet Capital. Prior to ArcSight, Mr. Njemanze served as CTO at Verity, a provider of knowledge retrieval software products. Mr. Njemanze also worked at Apple Computer in software engineering, where he was one of the key architects of the Apple Data Access Language (DAL). Prior to that, he co-architected CL/1 (Connectivity Language One) at Network Innovations and co-developed several language compiler products at Hewlett Packard. Mr. Njemanze is a CISSP and holds a B.S. in computer science from Purdue University. Hugh was honored as the 2010 Ernst & Young Entrepreneur Of The Year.

The Future of Global CyberCrime


9:15 10:00am, Woodrow Wilson Ballroom
In this keynote session, Mr. Menn, Mr. Lyon and Mr. Crocker will reveal behind the scenes insights surrounding todays underworld of cybercrime as documented in Mr. Menns recent book, Fatal System Error. Cybercrime is metastasizing leaving international law enforcement agencies deeply challenged with the complexity of cross-border enforcement and prosecution. However, in this unprecedented case, Mr. Lyon and Mr. Crocker prevailed and eventually sent three Russian cyber gangsters to prison. Our speakers will reflect on their first hand experiences and share their perspectives on what is needed to enable true sustained international cooperation and discuss how companies can best protect themselves now.

Moderator: Joseph Menn, Author of Fatal System Error


Mr. Menn has reported on cybersecurity and other technology issues for more than a decade at the Financial Times and the Los Angeles Times. He is the author of Fatal System Error, published in January 2010, which documents Barrett Lyons infiltration into the Russian cyber underground, and All the Rave: The Rise and Fall of Shawn Fannings Napster, published in 2003. All the Rave has received accolades for its well-documented history of one of the most celebrated collapses of the Internet, and going deep into the Napster controversy. Mr. Menn is a two-time finalist for the Gerald Loeb Award, the top prize in business reporting. He graduated with honors from Harvard College, where he was executive editor of The Harvard Crimson.

Panelists:

Andy Crocker
Coo, Cybyl technologies; Former investigator, uk National Hi-tech Crime unit
Mr. Crocker, a former member of the elite UK National Hi-Tech Crime Unit and the UK Serious Organised Crime Agency, led the most successful collaborative cyberprobe in history involving multinational law enforcement groups across the globe. His unprecedented three-year investigation alongside the Russian MVD, or national police, resulted in the capture and imprisonment of the three men who were at the heart of an Internet-enabled extortion ring. Mr. Crocker is a leader in combating the evolving technology employed by organized crime in mass identity theft, financial fraud and the misappropriation of trade secrets.

17

Barrett Lyon
Ceo 3Crowd technologies; entrepreneur, influential technologist and CyberProtector
Mr. Lyon has tracked Russian denial of service attack extortion groups; his work has been featured around the globe and is included in the cyberthriller, Fatal System Error. He provided details and helped coordinate with multinational law enforcement groups, resulting in the capture of the three men who were at the heart of an Internet-enabled extortion ring. Mr. Lyon created Opte Project, an Internet mapping project, which is featured at the Boston Museum of Science and the Museum of Modern Art in New York. He is working on his third start-up, 3Crowd Technologies, which improves the economics of delivering large amounts of data across the Internet.

Enterprise Threat and Risk Management in the Real World


10:00 10:45am, Woodrow Wilson Ballroom
Managing enterprise threats and risk in the real world means moving beyond managing just the network infrastructure to looking for threats and risk across the entire enterprise from both within the firewall and out in the cloud. This keynote will provide you with real-world insights on how to finally remove the security blind spots lurking in your enterprise.

Moderator: Colby DeRodeff, Enterprise Strategist, Worldwide Strategic Solutions, ArcSight


Mr. DeRodeff has spent his career working with global organizations, guiding best practices and empowering the use of ArcSight products across all business verticals, including government, energy, healthcare and finance. In this capacity, he has been exposed to countless security and organizational challenges, giving him a unique perspective on todays information security challenges. Recognized as an expert in the field of IT security, Mr. DeRodeffs primary areas of focus are fraud, insider threats, the convergence of physical and logical security, as well as enterprise security and information management. He is the author of The Convergence of Physical and Logical Security, an in-depth history of physical security and information management through real world case studies.

Panelists:
Patty Long
Director of information Security, iNG americas
Ms. Long is responsible for the security operations center for ING Americas. She has over 20 years of information technology and information security experience, and served as CISO of CitiStreet for four years prior to its acquisition by ING Americas in July 2008. Ms. Long is a CISSP and holds a bachelors degree in economics from Columbia University and an MBA from New York University.

Steve Brown
Director of enterprise information Management operations, Wells Fargo
Mr. Brown leads Information Management Operations at Wells Fargo, including Enterprise Security Operations and Services, Information Security Risk Assessment Services, and Security Architecture Consulting. He has been with Wells Fargo for 10 years in a variety of leadership roles within the areas of information security and network engineering, and brings more than 20 years of information management expertise to this critical enterprise role.

Nick Galletto
Partner, information & risk, Deloitte
Mr. Galletto is a Partner with Deloitte Information and Technology Risk Services in Canada. Mr. Galletto has over 20 years of experience in information technology, networking, systems management and information security. He has extensive experience in the management, design, development and implementation of information security and risk management programs. He has helped organizations assess the threats, risks and overall security posture of their applications, infrastructure architecture and IT environment. Mr. Galletto has worked with a number of large organizations, helping them implement enterprise wide security strategies, security governance frameworks, policies, procedures and end-to-end security programs.

18

VIPs Redeem Your Perks!


enjoy your special treatment. P.S. Dont miss out next year! Register early to get VIP status for Protect 11!

If you registered early then you have official VIP status! VIPs enjoy premier seating at breakout sessions, a special express line for meals, a fast pass to the Genius Bar and get exclusive VIP swag. Look for the VIP signs throughout the conference and

ToTal SecuriTy inTelligence aT your FingerTipS. anywhere. anyTime.

ACTIVITIES

arcSight express
Comprehensive security and fast response with fewer resources. Now you get can have it all: complete security, compliance and a life.

Got Questions? Get Answers.

ACTIVITIES

Visit the Genius Bar


Bring your toughest questions and hardest challenges to the genius bar in the CyberSecurity Hall and get the answers you need.

ActivitieS
netWorking eventS
Lets face it. Most people dont get what you do. But everyone at Protect 10 does. From formal activities to spontaneous gatherings, throughout the conference youll encounter endless opportunities to relax, unwind and connect with peers on your top security issues.
Welcome Reception
September 19, 6:00pm 8:00pm
orchard terrace at the Gaylord National resort Start Protect 10 off right! Join the ArcSight community and ArcSight executives while taking in the views of the Potomac River. Get to know your fellow attendees while enjoying an array of hors doeuvres and refreshments.

ArcSight Protect 724 JazzFest


September 20, 8:00pm 11:00pm
Pose lounge Take in the cool sounds of jazz with colleagues at the Protect 724 community party. Getting in is easy the password is your Protect 724 handle so make sure you enroll. This is your chance to meet the people behind the postings.

Mealtime Mixers
September 20-22, daily breakfast and lunch
CyberSecurity Hall Connect with people who share your interests while you fuel up for the day. Mealtime mixers offer a time to meet, greetand eat!

Birds-of-a-Feather
September 21, Noon 2:00pm
CyberSecurity Hall (lunch area) Grab your lunch and grab a chair. ArcSight engineers will be on hand to lead group discussions on product and related topics that concern you the most.

Partner Booth Crawl & Reception


September 20, 6:00pm 8:00pm
CyberSecurity Hall Get to know our extended cybersecurity family while enjoying fine food and drink. See the latest offerings from ArcSight partners and learn how to extend your investments in ArcSight solutions. Be sure to make your way to each exhibitors booth to both expand your solution tool kit and increase your odds of winning some awesome prizes!

Protect 10 Gala Dinner


September 21, 6:30pm 11:00pm
Sunset room at National Harbor Be transported to the shores of Hawaii for an evening of fun and frivolity! Hula the night away while enjoying great food, placing a few friendly wagers and singing a song or two. Lots of surprises are in store, including a Hawaiian vacation!

Dont leAve Without


attending a networking session birds-of-a-feather lunch, evening receptions visiting the cybersecurity hall and get your picture taken with arcie Joining a regional user group

20

ArcSight cyberSecurity hAll


The ArcSight CyberSecurity Hall is the heartbeat of the conference. This is where it all happens. Save time to experience this 35,000 square feet of pure adrenaline.
Partner Showcase
Visit the Partner Showcase and see how you can extend your ArcSight solutions. The showcase highlights the many ways in which ArcSight partners can help you protect your business. This is your opportunity to interact with key ArcSight partners, view the latest demos and offerings and see what their solutions can do for you.

Customer Rewards
The ArcSight Customer Rewards Program is a great way to showcase your organizations accomplishments and extend your reputation, while also stretching your training budget. With so many ways to get involved, you cant miss join our growing list of participants and start reaping the rewards!

Product Showcase
The product showcase is the launching pad for the hottest new products making their debut at Protect 10. This is a great opportunity to be the first to see whats new and give feedback to the ArcSight product and technical teams.

Genius Bar
Youve got questions and weve got answers. Bring your toughest questions and hardest challenges to the genius bar and get the answers you need. This is your opportunity to tap into the brightest minds at ArcSight. After thousands of successful deployments, upgrades and customizations, weve seen it all and are ready to share!

Turbo Talk Theater


Dont miss these fast, 20-minute talks in the Turbo Talk Theater. These engineering-led turbo talks distill complex topics into just the highlights. This is the perfect solution for the on-the-go attendee. Check out the schedule and show up early for a seat.

Video CyberShots
Tell your story. Cloaked in your favorite spy costume, record your heroism in an undisclosed video case study on how you battle cyberthreats and secured your network with ArcSight solutions. Or just stop by to tell us how you like the conference and give a shout out to ArcSight!

SOC Talk Theater


Stop by and meet the Security Operations Consulting team at our SOC Talk Theater. We will be holding informal talks on a variety of security operations topics, like building security operation centers, measuring operational maturity, developing the right processes and procedures, and much more.

CyberBookstore
A full selection of publications will be available for purchase throughout the conference. You will find takehome solutions to your network and cybersecurity questions and reference materials to keep you up-todate on todays most pressing issues, trends and whats happening now.

Customer Success Theater


Visit the Customer Success Theater for rich learning snippets covering a wide range of topics like customer success roadmap, solution building by example, building a successful ArcSight team and executive threat reporting. Youll experience the latest eLearning offerings, see the new professional certification program and be able to discuss your learning and implementation needs with our experts.

21

Meet Arcie, the ArcSight MAScot


CyberRange Contest
Sharpen your skills while you uncover the bad guys plan to take over CyberVille. Its you against them, but you have ArcSight solutions on your side. The contest runs Monday and Tuesday and takes less than 15 minutes. Everyone who successfully collars the bad guy wins, and the fastest time wins the grand prize!

Meet Arcie
Come meet the newest member of the ArcSight family, Arcie! The ArcSight mascot is ready to pose with you for your very own photo.

ArcSight Documentation
See a demo of our new integrated multi-book ArcSight ESM online help and get an update on DocView 360, the interactive documentation portal slated for integration with Protect 724. While youre here, take our survey and receive a special gift.

Technical Support
Come meet the folks of Technical Support and put a face to the name! Drop by to follow up on tickets and complete our annual ArcSight company survey. Also, get registered for Protect 724 the ArcSight Community.

ArcSight-Sponsored NASCAR Truck


Just as security professionals need to stay one step ahead of the advanced persistent threats associated with cybercrime, Nelson Piquet Jr. stays ahead of dynamic, persistent racing competitors. When you enter the CyberSecurity Hall youll see the ArcSight-sponsored NASCAR truck front and center say hello and get your picture taken with Nelson Piquet Jr.!

Global Services
Stop by to discuss our proven methodologies and the in-depth experience gained from over 1,000 successful implementations. Hear how to optimize your ArcSight investments, mitigate project risks, accelerate business objectives, and increate IT productivity. Learn about our customer success roadmap. Representatives will be onhand from our consulting, federal and solutions groups.

get your picture taken with nascar driver, nelson Piquet Jr.!

22

CYBERSECURITY HALL

Turbo Talks
Dont miss these fast, 20-minute talks in the Turbo Talk Theater. These engineering-led turbo talks distill complex topics into just the highlights. This is the perfect solution for the on-the-go attendee.

SOC Talks
Meet the Security Operations Consulting team at our SOC Talk Theater. These expert-led talks will cover a variety of security operations topics to help you build and manage your security operations center.

Customer Success
Visit the Customer Success Theater for rich learning snippets covering a wide range of topics. Youll experience the latest eLearning offerings and see the new professional certification program.

Located in the ArcSight CyberSecurity Hall. See the complete schedule in this guide.

Ask Anything. Use everywhere.


Arcsight Logger
The Universal Log Management Platform for Enterprises.
SESSIONS

ArcSight Logger meets the needs of diverse teams and use cases for security, compliance, IT operations and application development.

Its easier than a Magic 8 Ball, plus it holds up in court.

ArcSight Protect 724


September 20, 8 11pm; Pose Lounge

SESSIONS

Take in the cool sounds of jazz with colleagues at the Protect 724 community party.

SeSSionS
ArcSight leD-SeSSionS
over 80 educational technical sessions are packed with insights and information you cant afford to miss.

bASic SeSSionS
SN01

Primer: Auditing Oracle Database Activity

SN06

Tom DAquino, Senior Curriculum Developer Monday, September 20; 2:30pm 3:20pm; Baltimore 5
Databases can generate a fair amount of data. This primer session focuses on using the different types of logs to effectively audit Oracle database activity. Strategies to accomplish your goals will be explained, as well as a demonstration of useful content for monitoring collected data.

Primer: Got FIPS?

Normand Bourgeois, Senior Instructor Tuesday, September 21; 2:00pm 3:50pm; Baltimore 5
Many organizations are required to be Federal Information Processing Standards (FIPS) complaint. This primer session explains how to implement and manage FIPS across ArcSight ESM, ArcSight Logger and applicable connectors.

SN02

SN07

Primer: Auditing Microsoft SQL Database Activity


Tom DAquino, Senior Curriculum Developer Tuesday, September 21; 11:00am 11:50am; Baltimore 5

Primer: Using Variable$

Javier Inclan, Senior Instructor Tuesday, September 21; 4:00pm 5:50pm; Baltimore 5
One size does not fit all. This primer session explains what variables are (including global variables). It demonstrates how to use them appropriately, including how to extract information from lists.

Databases can generate a fair amount of data. This primer session focuses on using the different types of logs to effectively audit Microsoft SQL database activity. Strategies to accomplish your goals will be explained, as well as a demonstration of useful content for monitoring collected data.

SN08

Primer: Writing Rules Not Meant to be Broken

SN03

Primer: Got Reports? The ABCs

Javier Inclan, Senior Instructor Wednesday, September 22; 10:00am 11:50am; Baltimore 5
Rules can help you determine what to investigate. This primer demonstrates how to construct rules. It will focus on what to consider when building rules and how to use rules to identify events that require further investigation.

Mauricio Julian, Senior Instructor Monday, September 20; 3:30pm 4:20pm; Baltimore 5
There is a difference between data and useful information. This primer session explains the basic elements of reporting and how to use reporting to turn large amounts of data into usable information.

SN13

SN05

Best Practices for Scaling Log Management

Primer: Auditing Network and Firewall Activity

Tom DAquino, Senior Curriculum Developer Wednesday, September 22; 2:30pm 4:20pm; Baltimore 5
Network routers, switches and firewalls can generate a bewildering amount of data. This primer session explains how to separate the important data from the noise. It also demonstrates how to create a good use case so that you can collect the data you need and safely ignore the data you dont need.

John Bradshaw, Principal Federal Sales Engineer Wednesday, September 22; 2:30pm 3:20pm; Baltimore 3
This session will discuss the differences between agent and agentless log collection, and how each provides capabilities and benefits to be considered before deploying a SIEM or log aggregation solution. The focus of this discussion will cover centralized vs. decentralized deployments, considerations for guaranteeing log/event delivery, and network performance issues administrators should consider when making deployment decisions.

24

bASic SeSSionS
SN21

How it Works: Assets, Zones, Networks and Customers

SN48

Let ArcSight Logger Leverage your Logs

Fabian Libeau, Principal Sales Engineer Wednesday, September 22; 11:00am 11:50am; Baltimore 3
ArcSight ESM excels in its ability to assign information to the monitored environment. This presentation will show how this works, covering both challenges and solutions. Included in this session are connector map files and variables in filters.

Aaron Kramer, Senior Systems Engineer Wednesday, September 22; 11:00am 11:50am; Magnolia 3
Learn how to sift logs like the pros do! In this session, you will learn different approaches to adjust to new systems that get added to your responsibilities. Get on top of that heap of systems, network and security stuff.

SN52

SN39

The Last 1000 Engagements Lessons from the Field

All About Actors

Ricky Allen, Global Services Regional Manager Monday, September 20; 2:30pm 3:20pm; Annapolis 1
Compiled from the past 1000 engagements, the ArcSight global services team wants to share best practices with you from around the world. Details such as identifying the engagement scope, potential deployment risks, detailed project planning, environment sizing, hardware selection, device prioritization, tuning expectations and growth estimates will be covered.

Anurag Singla, Software Development Manager Tuesday, September 21; 3:00pm 3:50pm; Baltimore 1 Wednesday, September 22; 4:30pm 5:20pm; Annapolis 3
Actors are representations of humans or agents in ArcSight ESM, and the actors feature links users and their activity to events from applications and network assets. This session will show how user information can be imported into ArcSight ESM from external identity management systems, and then correlated with security information in events. Also covered is how actors can be organized into various hierarchical models for use in identifying policy violations.

SN41

SN59

Moving Enterprise Security Monitoring to the Next Stage

Optimizing ArcSight Express

Paul Brettle, Sales Engineer Tuesday, September 21; 2:00pm 2:50pm; Baltimore 1
A common issue with security monitoring projects is that they are often justified, budgeted and implemented to resolve a limited number of key issues. A real advantage for security monitoring with ArcSight ESM is that it can be easily expanded. Learn how to expand your investment to take security monitoring to the next stage.

Jim Rutherford, Sales Engineering Manager Monday, September 20; 3:30pm 4:20pm; Baltimore 1
ArcSight Express allows you to harness the power of ArcSight ESM in an easy-to-use, pre-configured package. A key element for ease of use was the creation of a wide variety of out of the box content and pre-defined use cases specific to ArcSight Express. In this session, you will learn what makes the default ArcSight Express content such as pre-packaged use-case-driven filters, rules, dashboards and reports tick, as well as how to start down the path of custom content creation.

SN42

Investigating Financial Application Modeling Techniques in ArcSight ESM

SN73

Preparing for Your ArcSight ESM Upgrade

Damian Skeeles, Pre-Sales Consultant Monday, September 20; 4:30pm 5:20pm; Baltimore 1
ArcSight ESM provides a range of features that can be brought together to create sophisticated content that supports stateful tracking, risk scoring, closed feedback loops, and real-time and statistics-based correlation.

Morris Hicks, Senior Director of Services Engineering, Global Services Maritza Perez, Product Manager Tuesday, September 21; 11:00am 11:50am; Baltimore 1 Wednesday, September 22; 4:30pm 5:20pm; Baltimore 1
This talk will walk you step-by-step through the ArcSight ESM 5.0 upgrade process. Attendees will learn how to successfully plan, coordinate and execute an upgrade to ArcSight ESM 5.0, as well as understand what resources are available from ArcSight to assist them. The upgrade process will be covered holistically including prerequisites, technical dependencies, step-by-step instructions for executing the upgrade wizard, common pitfalls and best practices for reducing risk. This session is relevant for both technical and project management staff, as it covers many aspects of the upgrade: estimated level of effort, tasks and timeline, technical expertise required, along with a step-by-step sample upgrade leveraging the upgrade wizard.

tweet about your favorite presentation!


log on to your twitter account and follow @arcsightProtect. well re-tweet your great comments and suggestions.

25

interMeDiAte SeSSionS
SN04

Primer: Got Reports? Beyond the Basics

SN17

Mauricio Julian, Senior Instructor Monday, September 20; 4:30pm 5:20pm; Baltimore 5
There is a difference between data and useful information. This primer expands on Got Reports? The ABCs and explains how to use resources to create reports in your own environment.

ArcSight Architectures

Brook Watson, Solutions Architect Wednesday, September 22; 10:00am 10:50am; Annapolis 3
This session will focus on ArcSight implementation architectures. It will be geared towards administrators and authors in charge of maintaining the health and content of each of the ArcSight components. Several architectures will be discussed, including multiple tiered ArcSight ESM instances, multiple ArcSight Logger instances with a single ArcSight ESM instance, and the traditional single ArcSight Logger with a single ArcSight ESM instance. The pros and cons surrounding each architecture and best practices will be discussed.

SN09

From Water to Wine (or Use Cases to Content)

Lisa Huff, Director, ArcSight Enterprise Specialist Terry Bishop, Senior Sales Engineer Wednesday, September 22; 10:00am 11:50am; Annapolis 1
Learn the best-practice approach to building use cases, starting from requirements gathering through use case build-out. We will take you through all the steps to develop a real use case right before your eyes, including deliverables such as reports and dashboards.

SN18

Mastering ArcSight Platform Security

Yanlin Wang, Software Architect Wednesday, September 22; 11:00am 11:50am; Annapolis 3
Wondering how to secure your ArcSight deployment? ArcSight products support multiple levels of security configurations: Basic, FIPS 140-2 and Suite B, along with different access control options to satisfy the needs from business user to government user.

SN11

Correlating Efficiently: Tips, Techniques and Troubleshooting for Writing Content

Monica Jain, Senior Software Engineer Wednesday, September 22; 1:30pm 2:20pm; Annapolis 1
This session will focus on how to troubleshoot and write content to maximize performance and efficiency. Various correlation-related areas of ArcSight ESM, including rules, reports, trend reports, filters and data monitors will be examined. This session will also compare different approaches to help understand which will have better performance with fewer resource requirements.

SN24

Jump Start with Use Cases

Philip Qian, Senior Solutions Engineer Wednesday, September 22; 4:30pm 5:20pm; Baltimore 3
In this session we will explore the concept of an ArcSight use case. Attend and see a number of actual use cases and how to use the Use Case Wizard.

SN12

SN25

Monitoring Applications without Application Development

Best Practices for Using and Understanding Trends


David Wiser, Software Architect Wednesday, September 22; 3:30pm 4:20pm; Annapolis 1

Brian Wolff, Principal Sales Engineer Tuesday, September 21; 4:00pm 4:50pm; Baltimore 1 Wednesday, September 22; 4:30pm 5:20pm; Magnolia 3
Demand for the logging of applications has grown; however, many applications today do not log transactions. This session will discuss how to enable application logging through the database, without changing the application code. Examples using the Oracle database will be utilized.

This session will be an in-depth look at trend reporting. We will see how trends manage your data. Tips on debugging trends will be provided, including using some undocumented information. This session will also provide tips for using trends to improve overall reporting and ArcSight ESM performance.

SN28

SN14

ArcSight FlexConnector Development Methodology


Mark Johnston, Principal Security Consultant Wednesday, September 22; 3:30pm 4:20pm; Magnolia 3

Network Modeling Best Practices

Al Veach, Principal Security Strategist Wednesday, September 22; 3:30pm 4:20pm; Baltimore 3
Learn network modeling best practices and how the new network modeling tool in ArcSight ESM makes the process easier. Customer success stories will be included in this session.

Are you faced with the prospect of having to implement non-standard log formats into ArcSight ESM, but unsure how to approach the problem? This session will aim to help you achieve the goal of understanding the process, and therefore, delivering a better-value ArcSight FlexConnector.

26

interMeDiAte SeSSionS
SN31

Inside an ArcSight Connector The Journey of a Security Event

SN50

APT Episode 1: Rise of the Bots

Girish Mantry, Principal Software Engineer Wednesday, September 22; 2:30pm 3:20pm; Annapolis 1
This session covers how security events acquire information critical for your asset and network modeling, how they are categorized and corrected for the device-reported times for accurate correlation, and how the ArcSight Connector protects itself against denial of service attacks and preserves the integrity of the raw event.

Duc Ha, Senior Security Solutions Engineer Rishi Divate, Senior Security Solutions Engineer Wednesday, September 22; 3:30pm 4:20pm; Baltimore 1
Learn to develop creative ArcSight ESM content to detect and track bot activities. Specifically, we will look at constructing ArcSight ESM resources based on different bot communication methods, using real-life examples such as Kraken, Conficker and Zotob. Finally, we will examine how to leverage advanced tools such as pattern discovery to detect bot patterns and ArcSight TRM to provide automated response action in case of an incident.

SN36

Cybercrime Investigator: Forensic Use of ArcSight ESM Integration Commands

SN51

Gary Freeman, Senior Sales Engineer Paul Bowen, Principal Sales Engineer Wednesday, September 22; 2:30pm 3:20pm; Baltimore 1
Many security analysts are tasked with assisting HR, corporate governance or law enforcement agencies with intercepting network information to establish evidence that may be used in employee termination or a court of law. This session explores the concept of network forensic investigations and how ArcSight ESM is used to establish a chain of custody through integration commands and case management.

Got Patterns? Creative Uses of Pattern Discovery


Suranjan Pramanik, Senior Software Engineer Rishi Divate, Senior Security Solutions Engineer Wednesday, September 22; 1:30pm 2:20pm; Baltimore 1

Pattern discovery is a powerful ArcSight ESM feature intended to detect subtle, specialized or long-term patterns. This session will show how to create basic pattern discovery profiles and identify patterns through snapshots, and how pattern discovery can be used across various use cases in the fraud, identity, operations and network areas.

SN53

SN47

Using ArcSight Express to Analyze Flow Events


Steve Maxwell, Senior Sales Engineer Gary Freeman, Senior Sales Engineer Monday, September 20; 2:30pm 3:20pm; Baltimore 1

Windows Unified Connector Planning, Implementation and Troubleshooting

Brook Watson, Solutions Architect Lisa Huff, Director, ArcSight Enterprise Specialist Tuesday, September 21; 4:00pm 4:50pm; Annapolis 1
As ArcSight customers expand their security focus from perimeter defense to insider threats, the first device they typically look at is Windows servers. This session will focus on the planning, implementation and troubleshooting best practices surrounding the Windows Unified Connector in large enterprise environments.

Flow support is available in just about every router and switch in your network its free to turn on, and there is valuable information that you can gather through analysis with ArcSight Express. In this session, well cover ArcSight Express resources such as dashboards, data monitors, active channels and reports to address common use cases around flow events.

27

interMeDiAte SeSSionS
SN54

ArcSight ESM 5.0 Image Dashboards

SN67

Gary Freeman, Senior Sales Engineer Wednesday, September 22; 1:30pm 2:20pm; Baltimore 5
This session focuses on creating image dashboards, an exciting new feature of ArcSight ESM 5.0. We will explore the concept of visualization and how you can leverage ArcSight ESM 5.0 image dashboards to create custom dashboards for use cases such as SOC, compliance metrics, global threats and MSSPs. This session is intended for ArcSight ESM administrators responsible for developing content on a daily basis.

ArcSight Logger All You Can Feed!

Wei Huang, Senior Architect Alan Bavosa, Senior Director Product Management Wednesday, September 22; 1:30pm 2:20pm; Baltimore 3
This session will showcase the new search and reporting features in ArcSight Logger. Included are the new pipeline search language, charting, sorting, aggregating and reporting against all data types, including raw and CEF data. You will also learn about the new software version of ArcSight Logger! This session is a must-see for any ArcSight Logger customers.

SN64

Dynamic Multidimensional Schemas with ArcSight ESM 5.0

SN72

ArcSight FraudView The Next Generation

Dhiraj Sharan, Software Development Manager Tuesday, September 21; 3:00pm 3:50pm; Annapolis 1
Have you ever needed a particular event schema field, but didnt have it available? Or have you wanted to monitor applications that generate events very different from traditional network security events? Attend this session and find out how ArcSight ESM 5.0, with the new domain field sets feature, not only answers these requirements, but also allows you to monitor events from different industry verticals.

Colby DeRodeff, Enterprise Solutions Strategist Monday, September 20; 3:30pm 4:20pm; Annapolis 1
This presentation will take users through the ArcSight FraudView product offering with customizable schemas and enhanced risk modeling capabilities. We will explore fundamental fraud concepts across multiple business verticals, and will look in-depth at the most prevalent threats for the coming years as well as advanced prevention, detection and response mechanisms. Several real-life use cases where ArcSight FraudView was instrumental in detection will be shown.

SN65

ArcSight ESM Tools and Integration with ArcSight Logger and ArcSight TRM

Ken Mermoud, Senior Security Engineer Dhaval Shah, Software Development Manager Tuesday, September 21; 11:00am 11:50am; Annapolis 1
The ArcSight ESM console is used as the centralized management console for security information and event management. Wouldnt it be great if it could be extended to show snap-in views or to launch contextual actions with any other external application being used in the SOC or NOC? In this session, you will see how to integrate in the console contextual views and actions from ArcSight TRM, ArcSight NCM and ArcSight Logger.

28

ADvAnceD SeSSionS
SN10

Tips and Tricks in ArcSight ESM

SN62

Raju Gottumukkala, ArcSight Expert Tuesday, September 21; 2:00pm 2:50pm; Annapolis 1 Wednesday, September 22; 4:30pm 5:20pm; Annapolis 1
In this very advanced session, you will learn super user tricks that address displaying the same field in a correlation event from multiple base events; using negative events; checking and populating a field in an active list from another field in a different active list; manipulating date type field in an active list; and understanding the quirks in every threshold and time unit triggers.

Gain Rock Star Status as an ArcSight ESM Manager Administrator

Dhiraj Sharan, Software Development Manager Gagan Taneja, Senior Software Engineer Wednesday, September 22; 1:30pm 3:20pm; Annapolis 3
This session will equip users with knowledge and tools to add to their arsenal for becoming a successful ArcSight ESM manager administrator. The session will start with describing flow of events inside the ArcSight manager. Then we will look at the wealth of information the ArcSight manager provides via its run-time status, logs and audit events. Making use of the history of support tickets, we will take a close look at how to investigate performance, stability and memory management issues.

SN23

Advanced ArcSight Logger Techniques

Marylou Orayani, Senior Software Development Manager Wednesday, September 22; 2:30pm 3:20pm; Magnolia 3
See troubleshooting techniques by analyzing logs retrieved from ArcSight Logger. Attendees will learn how to use Logfu to correlate logs from various components within ArcSight Logger. Discover what to look for when perusing ArcSight Logger logs and how to use other tools for analysis.

SN66

APIs, SDK and Service-Oriented Architecture in ArcSight ESM

Yanlin Wang, Software Architect Tuesday, September 21; 5:00pm 5:50pm; Baltimore 1
ArcSight ESM 5.0 exposes a service layer that supports protocols such as SOAP, REST and other industry standards. Programmers and integrators can now access ArcSight ESM data through exposed APIs that will allow them to perform resource searches, run reports and access other ArcSight ESM services via Web services or clients that make use of the ArcSight ESM SDK.

SN30

Use Cases for Automating Integration with ArcSight ESM and Remedy

Scott Parkinson, ArcSight Enterprise Specialist Wednesday, September 22; 1:30pm 2:20pm; Magnolia 3
This session discusses complex use cases involving the ArcSight ESM and Remedy solution, allowing you to keep track of events already sent to Remedy and preventing duplicate events; to know if a Remedy ticket goes beyond your SLA; and to produce a report of current open Remedy tickets triggered by ArcSight ESM. Use cases will be displayed side-byside in ArcSight ESM versions 4.5 and 5.0 to show the simplification and positive impact of the new global variables feature.

SN68

Maximize Connector Deployment with the ArcSight Connector Appliance


Dilraba Ibrahim, Software Development Manager Monday, September 20; 4:30pm 5:20pm; Annapolis 1

SN58

ArcSight, Monitor Thyself

Ken Mermoud, Senior Security Engineer Rashaad Steward, ArcSight Enterprise Specialist, Public Sector Tuesday, September 21; 5:00pm 5:50pm; Annapolis 1
ArcSight components provide a wealth of internal audit events on the status of various ArcSight resources. In this session, we examine what those internal audit events contain and what information an ArcSight administrator can leverage to automatically monitor and restore the health of their ArcSight infrastructure. This session will cover advance techniques that can be applied to many other use cases to enhance automation. Attendees should have an in-depth understanding of active lists and how variables work within rules.

With the latest innovations, the ArcSight Connector appliance is becoming a truly turnkey solution to deploy and manage connectors in large-scale environments. Come to learn revolutionary new capabilities like ArcSight Connector Exchange, remote management for large-scale distributed deployment and troubleshooting ArcSight Connectors with diagnostic tools.

SN71

ArcSight ESM Database Performance from the Bottom-Up

Kerry Adkins, Senior Customer Support Engineer Wednesday, September 22; 3:30pm 4:20pm; Annapolis 3
If you want to achieve optimal performance with your ArcSight ESM database, this session is for you! We will cover all of the layers that affect database performance, starting with storage hardware, RAID levels and how to layout data files. Moving up, we will cover how to tune your Oracle instance, benefit from indexing and optimize for performance. We will also discuss the tools customer support DBAs and developers use to troubleshoot database-related performance and stability issues.

29

cuStoMer-leD SeSSionS
ArcSight customers on the frontlines who are protecting their organizations present their real-world experiences and use cases.

bASic SeSSionS
CSN02

Threat Response Triage System

CSN17

Mark Runals, Network/System Analyst, Battelle Tuesday, September 21; 11:00am 11:50am; Baltimore 3
One of the challenges faced by companies that dont have a 24x7 SOC is prioritizing investigative time. Attend this session and see the Battelle solution that triages systems exhibiting anomalous behavior, without extensive or rigid, pre-defined, chronological order of events use cases. Highlights include how to scale with available hours, how to quickly add or remove use case triggers, and how to modify individual use case triggers independently of others.

The Evolution of Malware Detection

Dereck Haye, Global Lead Analyst, Unisys Tuesday, September 21; 3:00pm 3:50pm; Baltimore 3
Use the correlation power of ArcSight solutions specifically for malware detection. Learn about the core behavior of malware and how to break it down into components for base detection. Specific examples will be illustrated on how analysts can use devices to detect previously unseen malware hiding in the departments of your organizations log files. A general knowledge of the ArcSight ESM console and familiarity with rule filters and data monitors will be helpful in getting the most out of this session.

CSN06

Using Reporting to Optimize IT Security

CSN20

Amir Alsbih, IT Security Engineer, Kabel Baden-Wrttemberg Wednesday, September 22; 11:00am 11:50am; Baltimore 1
This session discusses how to represent and layout data for maximum report usability and goal achievement. Learn why it is essential to have different reporting and abstraction levels for each level within an organization. IT security key performance indicators that have worked well for Kabel Baden-Wrttemberg are revealed, as well as lessons learned along the way.

Death by Acronym How to Survive HIPAA, HITECH, and FTC Red Flag Rules with ArcSight

Paul Melson, Manager of Information Security, Priority Health Chris Botelho, Security Analyst, Parkland Health and Hospital System Monday, September 20; 2:30pm 3:20pm; Annapolis 3
The past decade has seen a steep increase in federal, state and international regulation of personal data with no signs of slowing in the immediate future. Finding ways to automate monitoring and auditing, as well as streamlining investigations, is necessary just to keep up. This session covers how Parkland Health and Priority Health have moved from a reactive to a proactive stance in monitoring and protecting personal information, and how they conduct incident responses in the event of a breach. Specific examples will be shown for how to monitor and report on the security controls in place to effectively protect personal information.

CSN08

Realizing End-to-End Encryption in the Payments Industry

Steve Elefant, CIO, Heartland Payment Systems Monday, September 20; 2:30pm 3:20pm; Baltimore 3
Discover how Heartland Payment Systems has successfully tackled PCI issues. This session reviews the challenges and opportunities facing the payments industry to secure sensitive card data through end-toend encryption. Also covered is the prospect of applying end-to-end technologies to reduce/limit the scope and cost of PCI.

Protect 724 ArcSight coMMunity


Post content, share ideas and find answers fast go to: Protect724.ArcSight.coM

30

bASic SeSSionS
CSN24

Driving Content Creation with Use Case Forms

CSN31

Cindy Jones, Senior Security Analyst, United Services Automobile Association (USAA) Wednesday, September 22; 10:00am 10:50am; Magnolia 3
How many times have you heard something like this: Compliance says to bring this new feed into ArcSight ESM and monitor it for bad stuff? However, if you dont have a plan for what to look for, how do you even know that your new feed can provide it whatever data that is? A generic look for bad stuff statement can be very dangerous for analysts. It transfers all responsibility to you and absolves the feed provider. This presentation provides a general use case form and covers how to extract this information from your customers to help secure your network environments.

Ensuring Inactive IDs Stay Inactive

Azzam Zahir, Manager, Enterprise IT Risk Management, Turner Broadcasting System, Inc. Monday, September 20; 4:30pm 5:20pm; Baltimore 3
With todays complex infrastructures, problems around managing employee terminations and inactive IDs can run rampant. Attend this session and find out how Turner Broadcasting successfully meets this challenge, taking into consideration its highly diversified business units, decentralized network and international aspects. When employees are termed, you can set up the ability to ingest a report into ArcSight ESM and look for that user ID to appear on the network and ensure it doesnt.

CSN29

CSN32

Implementing ArcSight Logger for Sustainable PCI DSS 1.2 Compliance

Achieving Continuous Compliance of Privileged Identities in Challenging Environments

Michael Hoehl, CISO, Godiva Chocolatier Tuesday, September 21; 4:00pm 4:50pm; Magnolia 3
This session will cover PCI project implementation details, as well as operational experiences with ArcSight Logger. Specific topics include building a business case for ArcSight Logger, implementation technical details, GRC use cases, and lessons learned. These insights will be useful for IT staff and management of merchants intending to implement a sustainable approach for PCI compliance and safeguard customer credit card data.

Philip Lieberman, President, Lieberman Software Corporation Wednesday, September 22; 10:00am 10:50am; Baltimore 1
Learn how to quickly gain continuous control over privileged identities in large, complex, highly regulated and extremely secure environments by implementing a solution that provides continuous proof of compliance, as well as near instantaneous alerting of out-of-compliance scenarios. In this session, we will show you how to combine ArcSight technology with Lieberman Software technology to move you into a realm of continuous compliance, with a security SLA, in less than a week. Gain the upper hand on privileged identities and put auditors on your side! Attendees should understand the high objectives of IT security, the audit process and its findings, business cases for/against security remediation, and basic identity management and account usage tracking.

CSN30

Security Operations that Cross International Boundaries

Patty Long, Director of Information Security, ING Americas Monday, September 20; 2:30pm 3:20pm; Magnolia 3
Building a Security Operations capable for a large company is always a major challenge. From business case creation to implementation, the path requires a good deal of commitment and understanding from the organization. When operations include centers in other countries, the linguistic, cultural and monetary challenges increase exponentially the complexity of the project. Hear from ING on how they addressed the challenges and lessons learned from their endeavor.

new this year! visit the genius Bar and get answers from the top minds at arcsight.

31

interMeDiAte SeSSionS
CSN01

The Who User Activity Monitoring in SIEM

CSN12

Chuck Moran, IT Security Analyst, Southern Company Ryan Kalember, Director of Product Marketing, ArcSight Tuesday, September 21; 3:00pm 3:50pm; Annapolis 3
IT security departments are constantly searching for new ways to monitor their infrastructure and provide greater value to the business. Attend this session and learn how user activity monitoring delivers business value in the form of powerful metrics, streamlined investigations, and auditable access rights. Southern Company will discuss how they use ArcSight IdentityView, logs and directory data to produce executive dashboards that organize security metrics by department so that security executives can better target their risk mitigation programs. The presentation will also cover two other ArcSight IdentityView use cases in production: monitoring risky users like offshore developers and employees using shared accounts.

Achieving PCI Compliance Without Modifying Your Applications

Florian Leibenzeder, Senior IT Security Engineer, Lufthansa Systems Tuesday, September 21; 4:00pm 4:50pm; Baltimore 3
Learn how Lufthansa Systems achieved PCI provider compliance by utilizing its self-developed PCI Compliance Engine and the power of ArcSight ESM, ArcSight Logger and the ArcSight ESM Compliance Insight Package for PCI. See how relevant audit data needs to be collected, how it is provided to ArcSight ESM and how the workflow around the Lufthansa solution was created by making heavy use of ArcSight ESM internal workflow tools. Basic PCI DSS knowledge is helpful to get the most out of this talk.

CSN04

Bots/Malware Detection by Leveraging Open Source Resources

CSN13

Mozillas Use of CEF in their Web Applications

Chuck Moran, IT Security Analyst, Southern Company Monday, September 20; 3:30pm 4:20pm; Annapolis 3
This session reviews methods for leveraging open-source community resources, such as Snort and BotHunter, within ArcSight implementations to help detect and pinpoint previously undetected threats. Come learn about malware threat feeds, and how to create simple scripts and ArcSight ESM rules to automate them. Join us if you are working within the confines of a budget or would like to leverage open-source detection capabilities within your current ArcSight implementations to reduce risk and eliminate previously undetected cyberthreats.

Christopher Lyon, Director of Infrastructure Security, Mozilla Tuesday, September 21; 2:00pm 2:50pm; Baltimore 3
Mozilla is leveraging CEF in their Web applications for general logging and to identify potential security issues. The use of CEF creates a foundation for applying security correlation to narrow down potential security issues, and ArcSight Logger provides the ability to search upon this data. This session covers why, where and how Mozilla is using CEF, the types of alerts and various use cases. Reasons and technical limitations that drove these changes with Mozilla Web applications will also be discussed. Attendees should have a basic understanding of CEF, ArcSight ESM and ArcSight Logger.

CSN05

How to Write Anything to CEF (Easy Integration with ArcSight)

Eric Parker, Principal Network Security Analyst and ArcSight Senior Engineer, BAE Systems Tuesday, September 21; 3:00pm 3:50pm; Magnolia 3
Attend this session and learn how to write your own FlexConnectors easily from scratch using CEF. This session discusses techniques for reading simple and complex log files, and explores how to send any script, program output, errors or alerts to CEF. Attendees should have a basic understanding of Perl scripting or other scripting/programming languages.

CSN15

Using ArcSight ESM for Malicious Domain Detection


Chris Watley, Information Assurance Engineer, U.S. Government Agency Monday, September 20; 3:30pm 4:20pm; Magnolia 3

The traditional way for detecting traffic to malicious domains involves writing Snort-based signatures to monitor DNS and HTTP traffic. This style of detection can have a high false-positive rate and deteriorate the performance of the sensors. By migrating detections into ArcSight ESM, false-positives no longer exist, and the sensors can be used for more proactive signatures. This session discusses how to utilize ArcSight ESM for domain detections: the interaction between active lists, filters and rules, with a heavy focus on the variables used. Attendees of this session should have an understanding of ArcSight rules, active lists and filters.

check out the ArcSight blog At WWW.ArcSight.coM/blog

32

interMeDiAte SeSSionS
CSN18

Measuring Security Using ArcSight Solutions

CSN25

Dori Fisher, Security Department CTO, We! Consulting Wednesday, September 22; 10:00am 10:50am; Baltimore 3
In order to demonstrate ROI or improve your security posture, quantifying and comparative measures need to be put in place that cover timeframes across the whole organization. This session discusses the challenges and pitfalls, and illustrates the role of ArcSight solutions in implementing security metrics.

Realizing the Value-Add: Operationalize Your ArcSight ESM Deployment

Fernando Patzan, Information Assurance Manager, General Dynamics Tuesday, September 21; 2:00pm 2:50pm; Magnolia 3
Deployment of ArcSight ESM and integration of disparate data sources streams a flood of event data and triggers the default content all day long. Training analysts for role-based responsibilities, creating a supporting workflow for watch operations, developing content tailored to the target infrastructure, and implementing streamlined processes to manage content is key to unlocking the value of ArcSight ESM. From developing repeatable processes to managing I&Ws, this session shares best practices and lessons learned for collaborative SOC environments to take the ArcSight ESM deployment to a future state that focuses on mitigating risk to the infrastructure.

CSN19

Building Your Baseline Rule Development

Nathan Shanks, Chief Security Architect, Strategic Enterprise Solutions Tuesday, September 21; 5:00pm 5:50pm; Annapolis 3
After you have completed the task of designing and deploying your SIEM, its time to get to work building logic thats right for your enterprise. One of the advantages of centralizing data is the ability to normalize and categorize all the information. Leave your single signature-based rules behind and learn how to develop category-based rules that will give you the framework needed to stay general or specific as needed.

CSN26

Achieving Situational Awareness by Integrating NetWitness and ArcSight ESM

Rocky DeStefano, Director of Professional Services, NetWitness Tuesday, September 21; 5:00pm 5:50pm; Baltimore 1
According to recent reports, most enterprises believe that advanced cyberthreats are evading all existing prevention and detection approaches, and situational awareness is critical to fighting them. Using a U.S. government customer implementation of ArcSight ESM and NetWitness, this session details how to improve cybersituational awareness for detection of these threats. Learn new incident management paradigms for innovative and agile approaches to enterprise-wide situational awareness using the ArcSight ESM and NetWitness solution. A technical case study will be explored describing the scope of the implementation, the people and process requirements, and actual, compelling results.

CSN22

Vulnerability Management with ArcSight ESM


Larry Wichman, Senior Security Analyst, Unitrin Tuesday, September 21; 5:00pm 5:50pm; Magnolia 3

Vulnerability scanners can provide deep insight into the network, but the amount of data can be overwhelming. This session details how the use of trend queries, query viewers, active lists, asset modeling and drill down menus can help you to quickly sort through the data to pinpoint and prioritize problems. The ability to assess threats and attacks is critical, but only half the battle. We will also discuss how to use ArcSight user groups, cases and reports to assign tasks and verify remediation. Attend this session for a great tool to help thwart hackers, malware and insider threats.

CSN28

CSN23

Research to Detection: Developing Content to Counter APT-Class Threats

Context is King!

Pete Babcock, Lead Security Analyst, United Services Automobile Association (USAA) Tuesday, September 21; 11:00am 11:50am; Magnolia 3
A single successful login is logged on one of your UNIX servers do you care? Most SOCs consider that to be normal activity and would not be alarmed. But, what if the user ID is for an employee that was terminated last week? Now do you care? Context is everything when evaluating security events. This presentation will walk through several scenarios, from terminated users to advanced persistent threats, and show how to use context to make better decisions for protecting your organization.

Michael Cloppert, Intel Fusion Team Lead, LM-CIRT, Lockheed Martin Corporation Tuesday, September 21; 2:00pm 2:50pm; Annapolis 3
This session discusses the lifecycle of new detection methods, from initial analysis through functional custom data feeds and content in ArcSight ESM. Understanding and executing this lifecycle is critical for combating the most sophisticated adversaries who use custom tools to steal sensitive data. Skills and approaches to be covered include analysis of a particular sophisticated backdoor; development of custom tools to augment existing logs; enhancement of existing connectors to accommodate new attributes added to logs by custom tools; and ArcSight ESM content to support alerting and analysis within the ArcSight infrastructure. Those familiar with command-line analysis methods, Perl, connector configuration and ArcSight ESM content development are encouraged to attend.

33

interMeDiAte SeSSionS
CSN33

Bridging the Gap between Security Monitoring and Security Management


Ryan Walters, Dir. Security Solutions ATG, Information Systems Sector, Northrop Grumman Dr. Phyllis Schneck, VP Threat Intelligence, Office of the CTO, McAfee Monday, September 20; 3:30pm 4:20pm; Baltimore 3

CSN35

ArcSight IdentityView 2.0 Make Identity Context a Part of Everyday Monitoring

Jon Deats, Senior Tech Manager, Information Security Engineer, Forbes Top 5 Financial Organization Ryan Thomas, Solution Development Manager, ArcSight Colby DeRodeff, Enterprise Solutions Strategist, ArcSight Tuesday, September 21; 4:00pm 4:50pm; Annapolis 3
ArcSight IdentityView integrates the information about your user population with events monitored in ArcSight ESM to gain critical identity context to what is happening on your network. Learn how to leverage this identity context to satisfy a myriad of use cases, such as identifying and monitoring high risk users, tracking administrative user activity, detecting access privilege violations and monitoring role violations. This session will cover how ArcSight ESM enables you to integrate identity into your everyday monitoring, and includes case studies drawn from real-world customer deployments.

In large organizations, IT/security operations staff must perform at least three major tasks: monitor systems, network devices and enduser activity; rapidly detect and respond to security incidents; and maintain regulatory compliance. Attend this session and learn about the bidirectional integration between ArcSight ESM and McAfee ePolicy Orchestrator security management platform, and how Northrop Grumman is using the solution to effectively manage risk, reduce operational costs and streamline compliance lifecycle in several high security environments. Specific tips on implementation and better security workflows are included.

CSN34

Integrating ArcSight ESM with Network Access Control to Help Manage 100,000+ Endpoints

tweet-up for a meet-up!


got a topic you want to discuss tweet your meeting place. follow @arcsightProtect on twitter and find people in your location, industry or with similar interests.

Daniel Conroy, VP Information Security and Managing Director, Bank of New York Mellon Tuesday, September 21; 11:00am 11:50am; Annapolis 3
Securing a global financial enterprise with 180,000+ endpoints is an ongoing challenge, especially at a bank where the risk exposure is extremely high. This interactive session discusses how the Bank of New York Mellon (BNYM) leverages the power of ArcSight ESM and the ForeScout global network access control system. With this solution, BNYM is able to manage and enforce policy dynamically across the enterprise thereby improving its security posture, operational efficiency, speed and agility. Attend this session and learn how BNYM is combating todays threats and preparing for the threats of tomorrow, while maximizing compliance reporting and visibility.

34

ADvAnceD SeSSionS
CSN03

Synergizing New Threats with ArcSight ESM

CSN27

Joseph Peruzzi, Oracle Database Administrator, Northrop Grumman Monday, September 20; 4:30pm 5:20pm; Magnolia 3
Using external open source data that is available through the Internet, it is possible to find new threats on your network. In this session you will be shown how to exfiltrate data from various sources and import it into ArcSight ESM. You will also discover how to use that information to locate unknown threats, prioritize incidents and cut malware response time to mere seconds. Those attending this session should have a good working knowledge of ArcSight Connectors, active lists and filters.

Automated ArcSight ESM Content Replication


Aaron Wilson, Assistant Vice President and CTO, SAIC Monday, September 20; 4:30pm 5:20pm; Annapolis 3

Learn step-by-step how to successfully automate the replication of content to one or more ArcSight ESM instances and avoid the pitfalls of ad hoc content replication. Automated content replication is useful in numerous scenarios, such as business continuity, disaster recovery, test instances, dedicated reporting and other multi-instance architectures. This deep dive details tips and tricks around example project requirements and assumptions; best practices for package design and content administration; built-in archive and package tools; scripting and scheduling; and XML hacking. ArcSight ESM administrators with advanced- or expert-level experience with all content will want to attend. Experience with the *nix command line is recommended, but tips could also be extended to Windows environments.

35

SPEAKERS

SPEAKERS

SPeAkerS
ArcSight Protect 10 conference speakers present on the most compelling topics relevant to our industry today. Listen to their experiences and gain new insights for how to keep your organization on the leading edge.
Aaron Kramer Amir Alsbih

Senior Systems Engineer, ArcSight


Aaron has nearly 20 years of network security experience as a staff engineer and solutions engineer. Aaron works for the ArcSight global field support team, which supports ArcSight systems engineers around the world. He is a CISSP and received degrees in electrical engineering from Lehigh University and Binghamton University.

IT-Security Engineer, Kabel Baden-Wrttemberg GmbH & Co. KG


Amir has over seven years of IT security and forensics experience. At Kabel BW, Amir is responsible for maintaining and increasing IT security, creating technical and organizational guidelines, performing audits, and performing incident response and forensic analysis for different types of security incidents. He manages IT security-related projects, as well as the design and implementation of security systems. Amir is GCFA and ACSA certified and received his graduate degree at the Albert Ludwig University of Freiburg.

Aaron Wilson

Assistant Vice President and CTO, SAIC


For over a decade, Aaron has helped customers solve complex security problems across several sectors, including federal, energy, finance and software. He specializes in event correlation and log management, security metrics, and integration and automation. Aaron holds several relevant industry certifications. He received his masters degree in computer information systems with a specialization in security from Boston University and his bachelors degree in physics from Drury University.

Anurag Singla

Software Development Manager, ArcSight


Anurag has over 10 years of application and security software experience, and has been with ArcSight for more than 5 years. At ArcSight, Anurag is responsible for managing the design and implementation of correlation components in ArcSight products.

Al Veach

Principal Security Strategist, ArcSight


During the past 18 years, Al has worked on government projects dealing with information security systems product evaluation, information warfare, intelligence collection, computer emergency response teams, computer crime investigations, forensic media analysis, fraud investigations, criminal investigations and protective service operations. While working for CSC at the Air Force Information Warfare Center, Al managed the team that prototyped the ArcSight implementation for the U.S. Air Force deployment.

Azzam Zahir

Manager Enterprise IT Risk Management, Turner Broadcasting System, Inc.


Azzam has worked in network security and information technology for over ten years, spanning several different industries. His experience includes information assurance, corporate governance and compliance, as well as security consulting. At Turner Broadcasting, Azzam is responsible for global IT risk management and serves as co-chairperson for the Time Warner IT Security Committee.

Brian Wolff

Alan Bavosa

Principal Sales Engineer, ArcSight


Brian has been with ArcSight for over five years and held positions as manager of federal systems engineering and principal sales engineer. Brian was a U.S. Army officer commanding a CERT team, and also had an extended assignment at the highly recognized U.S. Air Force AFCERT organization. Brian was a principal systems engineer with Oracle for over 10 years. He holds multiple degrees and an MBA from the University of Dallas Graduate School of Management, where he was also an adjunct professor teaching advanced systems analysis.

Senior Director Product Management, ArcSight


Alan is responsible for product management and product strategy for the ArcSight family of appliance products. He has over 15 years experience in managing security and network products at small and large companies in the high-tech industry. Prior to joining ArcSight, Alan has held senior product management positions at Vernier Networks, Juniper Networks, NetScreen, XO Communications and AT&T. He holds an MBA from NYU Stern School of Business and a B.S. in economics and marketing from St. Peters College.

36

Brook Watson

Solutions Architect, ArcSight


Brook currently serves as a solutions architect on the professional services team at ArcSight, and has been with the company for five years. Prior to joining ArcSight, Brook was an ArcSight customer at a federal agency. He has over seven years of ArcSight experience dating back to ArcSight ESM 2.5. Brook currently assists the largest ArcSight enterprise customers in developing architectures that satisfy customer business requirements and seamlessly integrate into their environment.

Chuck Moran

IT Security Analyst, Southern Company


Chuck has over nine years IT experience, ranging from desktop support to intrusion detection. During the past two years, Chuck has been working in SIEM implementation and management with ArcSight products. Chuck has a Bachelor of Wireless Engineering (BWE) from Auburn University, where his capstone project focused on wireless network security. He currently holds Security+, ACIA, and ACSA certifications.

Chris Botelho

Cindy Jones

Security Analyst, Parkland Health and Hospital System


Chris has engineered solutions with ArcSight ESM and ArcSight Logger at healthcare organizations for the past two years. In his current role, he is responsible for developing and enhancing the ArcSight ESM implementation, as well as a number of other complementary security technologies. Chris is a CISSP and received his BSBA from Appalachian State University.

Senior Security Analyst, United Services Automobile Association (USAA)


Cindy is a CISSP with five years information security experience and over a decade of Oracle DBA experience. She has a bachelors degree in computer science and holds a SANS GCIA certification. Cindy has run ArcSight implementations at two companies and has been working with ArcSight ESM for five years.

Damian Skeeles

Chris Watley

Pre-Sales Consultant, ArcSight


Damian has been an ArcSight pre-sales engineer in EMEA for over three years and focuses specifically on the ArcSight EnterpriseView suite of products, including ArcSight FraudView and ArcSight IdentityView. Damian has built POC solutions encompassing a range of IP, security, identity, and financial data sources at customer sites.

Information Assurance Engineer, U.S. Government Agency


Chris received his masters degree in computer science from the University of Tulsa in 2009. His graduate research involved developing an IDS for SCADA networks. Chris has been working with ArcSight products since June 2009. His responsibilities include developing and maintaining IDS signatures and creating custom content in ArcSight.

Daniel Conroy

VP Information Security and Managing Director, Bank of New York Mellon


Daniel oversees information security architecture and testing. In this role, Daniel sets the direction and implementation of information security tool sets, policy and practices for the global banking environment. His tenure in information technology spans over a decade with a focus on threat mitigation and management.

Christopher Lyon

Director of Infrastructure Security, Mozilla


Chris came to Mozilla with over 13 years experience in security with a background in financial and retail environments. He also has had experience with various compliance and regulatory environments, as well as risk management. At Mozilla, Chris oversees and manages all security aspects related to the Mozilla global infrastructure. He also provides security direction and architecture for new and existing Web applications, systems and everything else in between.

David Wiser

Software Architect, ArcSight


Dave is a member of the ArcSight correlation team with responsibilities that include data monitors, trends and query viewers. Dave has been at ArcSight for over five years and has over 20 years of software development experience, including working with rules technology at Neuron Data/Blaze, server technology at BEA Systems, and mobile technology at Motorola. He has a Ph.D. in physics from the University of Wisconsin.

37

Dereck L. Haye

Senior Security Analyst, Unisys


Dereck has been working in the IT industry for 12 years and has over five years security experience. Dereck has worked for Unisys for the past four years and initiated the Global ArcSight Rules Committee, for which he is the Chairperson. Dereck is often sent to client sites with the task of an initial log analysis and compiles evidence in reports to the generic security health of their environments.

Duc Ha

Senior Security Solutions Engineer, ArcSight


Duc has been with ArcSight for a year and is responsible for the design and implementation of ArcSight Compliance Insight Packages and security solution products. Duc has done extensive research and published several scientific papers on security and network topics, such as malicious propagating codes, insider threats and traffic classification. He received his Ph.D in computer science from the University at Buffalo, State University of New York.

Dhaval Shah

Software Development Manager, ArcSight


Dhaval has been at ArcSight for four years and has played an active role in ArcSight Threat Response Manager (TRM) development and is currently the ArcSight TRM development team manager. Dhaval has a masters degree in computer science from the University of Wollongong in Australia and a B.S in electronics from Osmania University in Hyderabad, India.

Eric Parker

Principal Network Security Analyst and ArcSight Senior Engineer, BAE Systems Inc.
Eric has been in IT security for the majority of his 15-year IT career and has worked with ArcSight products since 2005. Eric currently oversees developing and maintaining the company internal ArcSight infrastructure, supporting multiple instances of ArcSight ESM and ArcSight Logger. Eric has been developing in Perl for 10 years.

Dhiraj Sharan

Software Development Manager, ArcSight


Dhiraj is the manager of ArcSight ESM server and database development teams. He has been at the company for more than nine years and has widely contributed in ArcSight ESM development. Dhiraj also spent two years on the ArcSight professional services team, gaining valuable field experience. He holds CISSP and GIAC-GSEC security certifications, a certificate in management from Harvard University, and a B.S. in computer science from Institute of Technology in Varanasi, India. His prior software development experience was at Novell and Ericsson HP Telecom.

Fabian Libeau

Principal Sales Engineer, ArcSight


Fabian has more than 13 years of IT security experience and has worked in the SIEM space for ten years. Fabian has worked at ArcSight in the EMEA region for six years in different technical roles. Before joining ArcSight, Fabian worked at CA as a principal architect and VP for SIM solutions in EMEA. Recognized as an expert in the field of IT security, Fabian is a frequent speaker at security conferences and has worked with global IT companies on major security solution roll-outs. Fabian is CISSP and ITIL certified and holds a masters degree in physics.

Dilraba Ibrahim

Software Development Manager, ArcSight


Dilraba has been with ArcSight for seven years. She manages ArcSight Connector appliance development and enterprise adapter integration efforts. She holds bachelors and masters degrees in computer science.

Fernando Patzan

Information Assurance Manager, General Dynamics


Fernando has experience in SOC environments within the Department of Defense (DoD), Department of Homeland Security (DHS) and Cleared Defense Contractor (CDC) settings. He has leveraged ArcSight implementations in diverse customer environments to support analysts need to investigate security event data from disparate network devices, and managements need to effectively mitigate risk to their infrastructure. He holds a B.S. in information systems from the University of Maryland and an M.S. in information systems with a concentration in information security from Johns Hopkins University.

Dori Fisher

Security Department CTO, We! Consulting


Dori has over 13 years in the computer industry, and has conducted security and computer forensics for over six years. Dori is a CISSP and an ENCE, and holds a B.A. excellence degree in criminology from Bar Ilan University.

38

Florian Leibenzeder

Senior IT Security Engineer, Lufthansa Systems


Florian has been in the information security industry for more than eight years. He is responsible for the IDS/IPS infrastructure and ArcSight technologybased SIEM services, and leads security technology implementations within large enterprise IT projects. Florian graduated from the University of Applied Science Furtwangen (Germany) with a masters degree in computer science and holds various vendor certifications.

Jim Rutherford

Sales Engineering Manager, ArcSight


Jim has been with ArcSight for five years with over 21 years of experience in technical field engineering. His eclectic background includes such diverse industries as radar engineering, software development from low-level firmware up through database SQL, performance analysis, Web reporting, and network security. Jim has an electrical engineering degree from Manhattan College in Bronx, New York.

John Bradshaw

Gagan Taneja

Principal Federal Sales Engineer, ArcSight


John is responsible for articulating and demonstrating capabilities of the ArcSight portfolio and assisting customers in the design and configuration of their solutions. John has over 15 years in various network security roles and has been with ArcSight for five years. John holds a Master of Science in network security from Capitol College and a bachelors degree in business administration from Averett University.

Senior Software Engineer, ArcSight


Gagan has ten years of Java development experience and has been with ArcSight for over three years. Gagan is leading the ArcSight ESM Fasttrack team and is responsible for ArcSight ESM development and customer escalations. Gagans area of expertise includes resolving Java performance and memory-related issues.

Gary Freeman

Jon Deats

Senior Sales Engineer, ArcSight


Gary has over 15 years of network operations, planning and security experience with emphasis on network architecture, analysis and security investigations. Gary has been with ArcSight for three years, assisting customers during the pre-sales and post-sales process. Gary has many years of prior experience and training from authorities such as Cisco, CheckPoint and SANS, and has written numerous articles that have been published online.

Senior Tech Manager, Information Security Engineer, Forbes Top 5 Financial Organization
Jon has seven years of information security experience with a focus currently on insider security. He has been with his organization for a total of five years and in his current role for two years. Jon has been working with ArcSight for three years, and this is his second presentation at the ArcSight Protect Conference. He earned a double BBA in information systems and marketing from Texas A&M University in 2003, a CISSP in 2006, and a CEH in 2007.

Girish Mantry

Principal Software Engineer, ArcSight


Girish has over 15 years of experience in the areas of networking and security and has been with ArcSight for over seven years. He is currently a principal software engineer on the ArcSight Connector team, developing features for ArcSight Connectors and the ArcSight Connector appliance.

Joseph Peruzzi

Oracle Database Administrator (OCP), Northrop Grumman


Joe has over 12 years of experience in network security and has been working with ArcSight for over six years. He has been developing Microsoft Windows enterprise security applications for many years.

Javier Inclan

Senior Instructor, ArcSight


Javier has over 12 years of network security experience and has been with ArcSight for over 4 years. Javier is responsible for delivering customer and partner trainings, boot camps and development of education infrastructure. Javier is a MCSE, HP-UX Sys Admin certified, VCP Data Protection, VCP High Availability and received his masters degree from ITAM Mexico.

Ken Mermoud

Senior Security Engineer, ArcSight


Ken has been at ArcSight for five years and is currently leading the ArcSight content development team. Ken is responsible for designing and building content for ArcSight products. He holds a Master of Science in communication systems with a specialization in network security from the Federal Institute of Technology (EPFL) in Lausanne, Switzerland.

39

Kerry Adkins

Senior Customer Support Engineer, ArcSight


Kerry has over 10 years of Oracle database experience and has been with ArcSight for over two years. Kerry is part of the U.S.-based database team within the customer success organization. She received her bachelors degree from California State University, San Bernardino.

Marylou Orayani

Senior Software Development Manager, ArcSight


Marylou joined ArcSight in 2005 as a developer and is currently the manager of the ArcSight Logger development team.

Mauricio Julian

Larry Wichman

Senior Instructor, ArcSight


Mauricio has over eight years of network security experience and has been with ArcSight for over two years. Mauricio is responsible for delivering training to customers, partners and ArcSight employees.

Senior Security Analyst, Unitrin


Larry is a senior security analyst with Unitrin. With over 12 years of experience in IT security, Larry is responsible for intrusion monitoring, security assessments and penetration testing.

Michael Cloppert

Lisa Huff

Director, ArcSight Enterprise Specialist, ArcSight


Lisa has been with ArcSight for over seven years. She currently manages a team of ArcSight enterprise specialists that provide post-sales technical implementation support for nearly 100 strategic accounts. Lisa has over 16 years of experience working in the networking and IT security field as a consultant, has owned her own business, and worked for several consulting firms prior to joining ArcSight. She holds bachelors degrees in computer science and business management, and several networking and security certifications.

Intel Fusion Team Lead, LM-CIRT, Lockheed Martin Corporation


Michael is the Intelligence Fusion team lead and ArcSight subject matter expert for the Lockheed Martin CIRT. He and his team are responsible for identifying sophisticated threats facing the entire companys unclassified network and computers, including collecting and managing intelligence on specific groups of adversaries, as well as the development of new methods to detect and mitigate those threats.

Michael Hoehl

Chief Information Security Officer, Godiva Chocolatier


Michael has extensive IT security experience in industries ranging from insurance to financial services, healthcare, government, manufacturing and retail. Michael is a business-focused IT leader with expertise in security operations, audit, compliance and governance. He holds numerous credentials CISSP, ISSAP and ISSMP as well as certifications from GAIC and ISACA.

Maritza Perez

Product Manager, ArcSight


Maritza Perez is the product manager for ArcSight ESM and ArcSight Express. She has been part of the ArcSight product management team for the past four years and has 10 years of experience in system and network security.

Mark Johnston

Principal Security Consultant, ArcSight


Mark has over 10 years of security experience and has been using ArcSight for over four years. Marks key areas within ArcSight are helping clients set up and use their ArcSight systems productively, as well as developing architecture design.

Monica Jain

Senior Software Engineer, ArcSight


Monica has been working at ArcSight for more than six years and is a developer on the correlation team. Prior to ArcSight, Monica worked at Stanford University doing research in clustering algorithms and computational analysis with Stanford research teams. She has four publications from her research work at Stanford University. Monica holds a masters degree in computer science.

Mark Runals

Network/System Analyst, Battelle


Mark has over 10 years of experience working with computers and networking in a wide range of operational environments, and in roles ranging from ad hoc desktop support to ISSM. Currently, he is the primary ArcSight content innovator, developer and administrator at Battelle. He holds a B.S. in information technology from the University of Phoenix, Online.

Morris Hicks

Senior Director of Services Engineering, Global Services, ArcSight


Morris is responsible for training and certification of new hires and partners, developing new service offerings, delivery tools, and reducing consultant time to productivity. Morris has over 12 years of experience in the Information Security field, the last seven years at ArcSight.

40

Nathan Shanks

Chief Security Architect, Strategic Enterprise Solutions


Nathan has been in the IT field for 16 years, with the last 10 years focused on security. Nathan has had the opportunity to deploy and configure more than a dozen enterprise SIEM solutions. He brings a wealth of expertise, having supported security operation center build-outs in the United States and Europe. His client experience ranges from federal government agencies to Fortune 10 financial institutions.

Paul Brettle

Sales Engineer, ArcSight


Paul has over 15 years of network security experience across many different sectors and has been with ArcSight for over two years. Paul has seen both sides, working for both ArcSight customers and now ArcSight itself.

Paul Melson

Manager of Information Security, Priority Health


Having found his dream career, Paul has spent the last nine of his 14 years in IT focused exclusively on information security. He has been working with ArcSight ESM for over five years, and holds ACSA, SANS GCIH and CISSP certifications. In his current role as manager of information security for Priority Health, Paul oversees the creation and expansion of the security monitoring and incident response program.

Nelson Piquet Jr.


NASCAR Driver
Nelson Piquet Jr. currently drives in the NASCAR Camping World Truck Series and this year has posted three top 10 finishes in four starts. He continues a family tradition of racing, having begun his career in South American karting and moving into car racing in 2001. Since then, Piquet has steadily grown in the ranks of motorsports, including top honors in the British F3 Championship in 2004, a win in GP2 Series in 2005, and second place in the GP2 Series in 2006. During the 2007 season, he was the official test and reserve driver for the ING Renault Formula One team, and graduated to a race seat for the 2008 and 2009 seasons.

Pete Babcock

Lead Security Analyst, United Services Automobile Association (USAA)


Pete learned how to hunt for needles in haystacks while in the U.S. Navy performing anti-submarine warfare. A CISSP, a SANS certificate in incident handling, and a bachelors degree in business information systems helps to reassure his HR department that he might know what he is doing. Pete has overseen ArcSight implementations at three companies and is entering his fourth year as an ArcSight Protect Conference speaker.

Normand Bourgeois

Senior Instructor, ArcSight


Normand has been with ArcSight for nearly four years and is the senior instructor on the ArcSight education team. He has also contributed to the course content and development efforts. Normand holds a SNIA certification, a Bachelor of Arts in mathematics from St Anselms College and a Master of Science for Teachers in mathematics and computer science from the University of New Hampshire.

Philip Lieberman

President, Lieberman Software Corporation


Philip has more than 30 years of experience in the software industry. In addition to his proficiency as a software engineer, Philip is an astute entrepreneur, able to perceive technology shortcomings and to fill those gaps with innovative solutions. He developed the first products for the privileged identity management space, and continues to introduce new solutions to resolve the security threat of privileged account credentials. Philip has published numerous books and articles on computer science, has taught at UCLA, and has authored computer science courses for Learning Tree International.

Paul Bowen

Principal Sales Engineer, ArcSight


Paul has over 15 years of infrastructure support and planning, with an emphasis on global deployments of security platforms for companies with minimal support staff. Paul has been with ArcSight for four years, assisting customers during the pre-sales and post-sales process. Paul has had many years of prior training from authorities such as CheckPoint and RSA.

Philip Qian

Senior Solutions Engineer, ArcSight


Philip has more than 10 years of experience in software development and joined ArcSight in 2008. Prior to ArcSight, he worked at eBay, McAfee and Nortel Networks. Philip holds a masters degree in computer science from the University of North Carolina, and a bachelors degree in electronic engineering from Tsinghua University in Beijing China.

41

Raju Gottumukkala

ArcSight Expert, ArcSight


Raju has over 20 years of security information management, software development, financial and manufacturing applications implementation, data warehouse management and IT experience. Raju has been with ArcSight since its inception and was in charge of initial database design, reporting and notification.

Rocky DeStefano

Director of Professional Services, NetWitness


Rocky has over 17 years of information security leadership experience, including creating and managing security operations and incident management capabilities for Fortune 500, MSSP and U.S. government entities. Since 2002, Rocky has supported ArcSight products in critical environments across the world as a customer, employee and industry partner. He is a frequent speaker, blogger and faculty member with IANS, and holds several industry certifications.

Rashaad Steward

ArcSight Enterprise Specialist, Public Sector, ArcSight


Rashaad has over eight years of security experience and has been with ArcSight for almost two years. Rashaad is responsible for helping ArcSight customers succeed by moving their instances forward ensuring maximum ROI. Rashaad provides long-term consultation delivering FlexConnectors based on additional use cases and developing advance content for complex customer business and security issues. Rashaad is a CISSP and has a bachelors and Master of Science degrees in computer science.

Ryan Kalember

Director of Product Marketing, ArcSight


Ryan has an extensive background in the information security industry, with 12 years of experience in the U.S. and EMEA. Prior to ArcSight, Ryan held various management roles in the VeriSign security services division and was one of the founding members of the Guardent consulting practice. Ryan holds a CISSP certification.

Ricky Allen

Ryan Thomas

Global Services Regional Manager, ArcSight


Ricky specializes in advising Global 500 companies on security monitoring strategies to meet regulatory, compliance and threat detection requirements. He joined ArcSight from PricewaterhouseCoopers, where he performed more than a decade of security audit, vulnerability and penetration testing projects within the energy, retail, financial and technology industries. Ricky holds CISSP and CISA certifications and a degree in information systems from Texas A&M University.

Solution Development Manager, ArcSight


Ryan has over 13 years of experience in data networking, information security and electronic fraud prevention at major financial institutions. Ryan is responsible managing the ArcSight Solution Team, which produces ArcSight Compliance Insight Packages, as well as focused solutions such as ArcSight IdentityView and ArcSight FraudView.

Ryan Walters

Director, Security Solutions ATG, Information Systems Sector, Northrop Grumman


Mr. Walters has 15 years of experience in security and network technologies, and supports the critical security needs of the Northrop Grumman advanced technology groups customers nationwide. He also directs the groups solutions security team, which is responsible for setting and enforcing logical security policies, procedures, emergency response, architecture standards and best practices. Mr. Walters was named as one of the Top 20 security professionals in 2008 and 2009 by the American Association of Engineers and serves as the Co-Chairman of the Protection Programs Committee for the IT-Security Coordinating Council.

Rishi Divate

Senior Security Solutions Engineer, ArcSight


Rishi has over 10 years of systems and security software experience, and has been with ArcSight for a year. At ArcSight, he is responsible for the design and implementation of ArcSight Compliance Insight Packages and solution products such as ArcSight IdentityView. Prior to ArcSight, Rishi worked as a consultant with the Oracle Security and Identity Management consulting practice. He holds a CISSP certification, a masters degree in computer science and a bachelors degree in computer engineering.

Dont forget to check out the cyberSecurity hAll

42

Scott Parkinson

ArcSight Enterprise Specialist, ArcSight


Scott has over 12 years experience in the information security space. He has spent almost 10 of those years protecting critical company and customer data for a medical device manufacturing company, a large financial institution, and a global travel/hospitality company. Scott has an expansive background in automating compliance and regulatory demands, as well as developing creative solutions for todays business and security challenges.

Terry Bishop

Senior Sales Engineer, ArcSight


Terry has been with ArcSight for over six years, establishing the EMEA technical support team prior to transitioning to his current role in the customer success organization in early 2007. He works with a number of major accounts across the EMEA region. Terry has over 14 years of experience working in the IT security industry and previously designed and managed local and wide area networks. He has a bachelors degree in electrical and electronic engineering and a masters degree in information engineering.

Steve Maxwell

Senior Sales Engineer, ArcSight


As part of the sales engineering team, Steve provides technical sales support for ArcSight solutions, working with strategic customers and partners. He has over 20 years of experience in the security and information technology field. His broad range of expertise includes architecture, design, implementation and integration. Steve graduated from Babson College with two bachelors degrees, one in management information systems and one in accounting.

Tom DAquino

Senior Curriculum Developer, ArcSight


Tom has over 10 years of network security experience and has been with ArcSight for over five years. Tom is responsible for designing the ArcSight ESM training curriculum for ArcSight University, producing training content and providing subject matter expertise to training partners and other team members.

Suranjan Pramanik

Wei Huang

Senior Software Engineer, ArcSight


Suranjan has been working on the ArcSight ESM development team for four years. At ArcSight, he is responsible for the design and implementation of correlation techniques. He has been involved in the area of systems and software security for more than eight years.

Senior Architect, ArcSight


Wei is the senior architect on the ArcSight Logger team and has led the architecture of this product from its inception. He specializes in large scale application design and development. Prior to ArcSight, Wei held positions at Oracle, VMware, Selectica, Certive and NetDao.

Yanlin Wang

Software Architect, ArcSight


Yanlin has been with ArcSight since 2007. As an ArcSight ESM server team architect, he is responsible for product research and development. Prior to ArcSight, Yanlin worked for Borland, Synnex and Motorola as a software professional specializing in distributed computing and server-side technologies.

stop by the product showcase and be the first to see whats new at arcsight.

43

Get UseD to FeelinG ProtecteD AGAin


like knowing your brother was watching your back...
When it comes to the security of your network, there is only one way to guarantee that you keep pace with your adversaries you need a solution that provides the agility to respond to any incident, the awareness required to identify and combat any threat, and the capability to identify the cause and extent of any harmful events. NetWitness is the single security solution that addresses a wide range of needs as diverse as continuous network monitoring, data leakage protection, malware discovery and analysis, real-time network forensics, network e-discovery, insider threat management and much more.

SPONSORS

Protection is just a step away. to learn more or to schedule an evaluation, contact us at 703.889.8950 or info@netwitness.com.

www.netwitness.com

Discover the unknown Whos cracking your defenses?


Without a doubt, data security is an uppermost consideration for companies today. Business leaders have discovered that data of every kind customer, employee, vendor, financial is the most important asset of the enterprise and perhaps the most risk-intensive of all. Finding the value, determining the risk, and meeting regulatory and compliance requirements are the challenges of the Information Age as well as the new economy. Deloitte can help you define and realize the value of your data, by taking a risk-intelligent approach to protecting your critical information assets and enabling you to operate effectively in this constantly shifting marketplace. Deloitte, a trusted name in professional services, leads the way in security consulting and advisory services.

SPONSORS

www.deloitte.com/securityservices

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. Copyright 2010 Deloitte Touche Tohmatsu Limited. All rights reserved.

SPonSorS
Partners play a vital role in the ArcSight community. Head to the CyberSecurity Hall Partner Showcase and see first hand the latest demos and offerings that can extend your investment in ArcSight solutions.

DiAMonD SPonSor
Lieberman Software
Lieberman Software provides privileged identity management solutions to secure the worlds largest cross-platform enterprises, having pioneered the first product to address this need in 1999. By automating time-intensive administration tasks, Lieberman Software increases control over the IT infrastructure, reduces security vulnerabilities, improves productivity and ensures regulatory compliance. A managed Microsoft Gold Certified Partner, Lieberman Software has developed significant technology integrations with ArcSight, Cisco, BMC, HP, IBM, Intel, Novell, and Oracle with additional integrations ongoing. The company is headquartered in Los Angeles, CA and maintains an office in Austin, TX. Product development, testing, and support are performed in the United States.

PlAtinuM SPonSorS
Cyber-Ark Software
Cyber-Ark Software is a global information security company specializing in protecting and managing privileged users, applications and highly-sensitive information to improve compliance, productivity and protect organizations against insider threats. With its award-winning Privileged Identity Management and Highly-Sensitive Information Management software, organizations can effectively manage and govern application access while demonstrating returns on security investments.

McAfee

McAfee is the worlds largest dedicated security technology company. We relentlessly tackle the worlds toughest security challenges. McAfees comprehensive solutions enable businesses and the public sector to achieve security optimization and prove compliance, and we help consumers secure their digital lives with solutions that auto-update and are easy to install and use.

NetWitness

NetWitness Corporation is the world leader in real-time network forensics and automated threat intelligence solutions, helping government and commercial organizations detect, prioritize and remediate complex IT risks. NetWitness solutions solve a wide variety of information security problems including: real-time situational awareness; advanced threat management; sensitive data discovery and data leakage detection; malware activity discovery; insider threat management; policy and controls verification and e-discovery.

Deloitte

Deloitte Touche Tohmatsu Limited member firms provide a full range of audit, consulting, financial advisory, risk management, and tax services worldwide. Dedicated member firm professionals work with a wide spectrum of organizations to address business risk and threat containment requirements by leveraging and expanding the ArcSight platform. Many organizations have adapted Deloitte member firms business focused methodology (eREM) in the development and maintenance of their ISMS and security operations.

44

golD SPonSorS

The Leader in NetFlow Collection & Analysis

45

Silver SPonSorS

46

Silver SPonSorS

Simply. Collaborate. Protect.

47

W To iN a Ha TR Wa ip ii!

Protect 10 Gala Dinner


Tuesday, September 21, 6:30pm 11pm Sunset Room at National Harbor
Put on your favorite Hawaiian shirt, flip-flops and hula on over to the Sunset Room and be transported to the shores of Hawaii. Well be raffling lots of prizes with one lucky grand prize winner taking home a Hawaiian vacation for two!
NOTES

CELEBRATE YOUR SUCCESS


Join Now and Start Earning Points. The ArcSight Customer Rewards Program provides a platform to showcase your organizations accomplishments and reputable reputation, and enables you to stretch your services and education budget.
NOTES

CUSTOMER

Go to www.arcsight.com/customerrewards or visit the ArcSight CyberSecurity Hall.

Attend the general session on Wednesday at 9 am for your chance to win a VIP trip to the Daytona 500. Must be present to win.

Save the date for Protect 11


09.11.2011 - 09.14.2011 Washington, D.C.

ArcSight, Inc. | 5 Results Way, Cupertino, CA 95014, USA | www.arcsight.com | info@arcsight.com Corporate Headquarters: 1-888-415-ARST | EMEA Headquarters: +44 (0)844 745 2068 | Asia Pac Headquarters: +65 6248 4795 2010 ArcSight, Inc. All rights reserved. ArcSight and the ArcSight logo are trademarks of ArcSight, Inc. All other product and company names may be trademarks or registered trademarks of their respective owners.

You might also like