the most trusted source for computer security training, certification and research
select a course
Washington, DC - August 7 - 8, 2008
Global Information Assurance Certification

Best IT Security return on Investment.
-Mario Chiock, Schlumberger

SANS WhatWorks in Virtualization Security Summit

Dates:
Summit: August 7-8
Summit Venue:
Hilton Washington
1919 Connecticut Avenue NW
Washington, District of Columbia 20009
Tel: 1-202-483-3000
Fax: 1-202-232-0438
Room rate: $189/night
Website: http://www1.hilton.com/en_US/hi/hotel/DCAWHHH-Hilton-Washington-District-of-Columbia/index.do

Table of Contents

Summit Overview

Over the past several years, virtualization has become one of the most widely deployed IT tools across the enterprise spectrum — from small businesses to Fortune 500 companies. Ranging from sandboxing technologies that address the security issues of a single application to fully virtual infrastructures that treat processing and storage as commodities, virtualization's benefits includes everything from saving space and lowering power consumption to providing redundancy and provisioning capabilities that were unheard of only a few years ago.

But, like any tool, with all of its unquestionable benefits, virtualization brings with it both old and new security issues. The ability to deploy a new machine with the click of a mouse affects asset and license management. The ability to "warehouse" whole machines and store snapshots of past images affects our patch management strategies. As processing power and storage space becomes a commodity, machines now "migrate" throughout the available infrastructure, and our security posture must adapt to the fluidity that virtualization creates.

The SANS Virtualization Security Summit brings together industry leaders to help enterprises realize the enormous benefits of virtualization while addressing the new security challenges that it creates. You'll discuss the latest processes and tools for securing your virtualized systems in open forums designed to bring you together with both industry experts and your peers facing the same day-to-day challenges. Since securing an enterprise doesn't have a "one size fits all" solution, you'll be able to get answers to your organization's individual requirements in detailed Q&A sessions. If you're considering deploying virtualization, or increasing your current deployment, vendor "shoot-outs" provide you with a unique opportunity to ask the hard questions to determine what tools will best fit your organization's requirements. Whether your company is just beginning to use virtualization technologies or if you've had it deployed for years, this SANS Summit is designed to increase your knowledge and awareness of virtualization's security issues and how best to address them in your organization.

What Will You Learn at the SANS Virtualization Security Summit?

  1. The security risks specific to the types and uses of virtualization deployed within your organization.
  2. Real-world solutions for securing your virtual infrastructure recommended by experts and deployed by your peers.
  3. A better understanding of the various types of virtualization available and the kinds of problems that they're meant to solve.
  4. Details about products (both old and new) that you can use to gain better control, better visibility, and increased security over your virtual infrastructure.
  5. An overview of industry "best practice" to securing your virtual infrastructure.

Questions to Be Answered at the Summit

General Virtualization Topics
  1. What's all the fuss about? Are there real vulnerabilities in virtual systems?
  2. What are the economic and flexibility payoffs from going virtual? How can they be validated and quantified?
  3. Which of the four leading virtual platforms provides the most security today? Which has the best roadmap for continued security improvement?
  4. How can enterprises architect their network and systems to minimize the threat of attack exploiting flaws in virtual systems?
  5. What are the implications for application design of flaws in virtual systems?
  6. What security-oriented procurement language should enterprises use when buying virtual system or when buying applications to run on virtual systems?
  7. Can virtualization be used to improve security defenses — especially in dislodging enemies that have gained a persistent presence?
  8. Many application vendors are specifically excluding virtual environments from support. What are their reasons for doing this, and as a customer, what recourse do I have if a vendor declines support of their application in a virtual environment?
Application Virtualization (Sandboxing)
  1. How can application virtualization be used to harden my desktops?
  2. How do I understand exactly what a sandbox environment is and is not protecting? How do I cut through "vendor speak" to understand what application virtualization is providing?
  3. What tools and techniques exist to test the isolation provided by application virtualization?
  4. What are the failure modes of application virtualization and how can I monitor for them?
  5. Application virtualization vs. Desktop virtualization: Costs and benefits?
  6. What are the forensic implications of unauthorized employee use of sandboxing environments? Can a malicious insider use virtualization against me?
Desktop Virtualization
  1. What place does desktop virtualization have in the enterprise? Where and for what purpose does desktop virtualization make sense?
  2. Desktop virtualization vs. Thin Client Computing: Costs and benefits?
  3. What tools and techniques exist to test the isolation provided by desktop virtualization?
  4. What should I look for when evaluating the security of a desktop virtualization environment? Is ease-of-use and integration with the host operating system always inversely proportional to security?
  5. What ease-of-use features should be disabled to provide higher security?
  6. Why might software vendors be interested in virtual machine detection?
  7. DRM and virtualization: What are the issues?
  8. Can your software reliably detect that it is running in a virtual machine?
  9. What are some of the malware analysis "gotchas" in virtualized environments?
  10. How does virtualization affect my license management process?
  11. What types of attacks are targeting virtual machines in the wild?
  12. How do stored virtual machines affect the patching process?v
  13. How does virtualization affect the provisioning and change management process within the enterprise?
  14. What tools are available to allow me to manage an ever-increasing number of on- and offline virtual machines?
  15. Is it possible to detect unauthorized virtual machine deployment?
Enterprise Infrastructure Virtualization
  1. What is the future of virtual appliances, and what affect will a virtualized network infrastructure have on my ability to detect and respond to attacks?
  2. Layer 0 attacks: What are they?
  3. Are there special considerations when conducting virtual machine forensics?
  4. What are some virtual-to-physical and physical-to-virtual migration issues and what is their impact on security?
  5. Intellectual property, copyright, and licensing issues surrounding physical-to-virtual migration.
  6. When processors, RAM, and storage are only commodities, what happens to my control over enterprise architecture?
  7. What are the security implications of tools like VMware's VMotion?
  8. What tools or techniques exist to allow for the control of the mixture of machines on a single host or multiple hosts? How are those affected by "motion-able" virtual machines?
  9. How does having "motion-able" virtual machines affect the ability to deploy monitoring equipment such as IDS and IPS?
  10. What types of infrastructure attacks may be masked by virtualizing my environment? Are there tools or techniques that can be used to allow me to see the traffic that virtualization "hides?"

Who Should Attend?

  • Security managers whose responsibility includes virtualized environments.
  • Managers responsible for leading the roll-out of virtualization within an enterprise.
  • Consultants whose clients are considering virtualizing portions of their infrastructure.
  • Desktop application management who are looking for innovative ways to protect end users from attack.
  • Virtualization resellers or consultants looking to broaden their understanding of how to best help their clients secure their infrastructure.

How Good Are SANS Summits?

Here's more from people who attended the last Summit:

  • Great Summit! It gave the Who, the What, the Hows and the Nots from real-life experiences. - Rolo Guzman, Hess
  • This Summit provides an excellent means to stay informed on what is available today; and what the current and emerging issues are. - Yong Choe, SAIC
  • Excellent presentations of practical experiences. - Rich Lansing, Bloomberg