Today I’m at the Phoenix, Arizona leg of Interface 2011. Once again, the event is billed as being in Phoenix, but it’s really somewhere rather far away from “Phoenix” proper. Technically it’s at Ft. Mcdowell at a Radisson Hotel that is adjacent to the Ft. Mcdowell Casino. For more information on the conference, check out the Event Details page.
There are three theaters each with their own track. So far, I’m liking the following selections:
- 9:30AM Enabling Mobile Unified Communications. I’m facing the prospect of helping a friend out with his telephony business and would like to absorb some more information in this arena.
- 10:20AM PCI Myths and Mistakes. I’m currently helping a client become PCI compliant and am in need of every shred of PCI DSS information that I can find.
- 11:10AM SIEM 2.0 – See What Youre Missing. I have hopes of implement a small network monitor for a client at some point soon. I’d like to use a Fit-PC running CentOS and a few choice security tools. Any information that I can gain in the field of SIEM will be handy.
- 12:15PM Food. Mayhaps I’ll stick around to see what the Arizona chapter of InfraGuard has to say.
- 1:00PM Meh. Nothing seems to capture my attention. Maybe I’ll go to “Cloud Computing: Is Your Network Prepared?” just to see how little of substance is said. Perhaps I’ll sit in on “Desktop Transformation: Agility, Security & Improved Management” if the thought of a cloud talk makes me want to start cutting on myself.
- 1:50PM See What You’ve Been Missing. Similarly named session to the SIEM 2.0 one earlier in the day. This one is on applications that are supposedly not detectable by traditional firewalls. Of course, SSL tunnels is a topic.
- 2:45PM Keynote: Thinking Outside of the Box. The presenter, Chris Roberts, is someone whom I’ve never heard of before, but apparently has some kind of profile in the InfoSec realm. Anyone out there know about him?
After the keynote, I believe there will be the obligatory swag giveaways. I hope to score something this time to make up for bitter defeat at the AZVMUG event two weeks ago.
This post is auto-posting at 7:25AM Arizona time. Registration for the event starts at 9PM, but I’m arriving fashionably early at around 8:30 or so. Perhaps I can stake out the wifi and plan my attack on the vendors. More news as events warrant.
9:32PM – Yes, that’s PM. The conference was an absolute whirlwind. Sessions were jammed end to end with only ten minutes in between. Often speakers went over time and I had barely enough time to visit the restroom or get a quick chat in with a vendor of interest. There was a ton of vendors, and they were actually pertinent and interesting. At least the ones that I saw. I’ll attempt to recap what I learned. Vagueness is to be expected.
Enabling Mobile Unified Communications: Don’t go away! It’s not as crumby what it sounds. The first half was a marketing spiel about blah, some blah and even a bit of blah. However, the second half was given by a systems engineer that specifically spoke about Meru Networks’ wireless technology. I was not expecting a wireless network talk, but I was impressed with what I saw.
Apparently Meru Networks deploys WAPs all on the same channel, however they circumvent noise by some kind of timing mechanism. With a single channel and I believe cloned MAC addresses, among possibly other things, a deployment appears to clients as one access point and only one access point no matter where they go. This takes the burden of client migration among WAPs off of the client and onto the wireless infrastructure. It allows clients to be handed off to new WAPs when signal starts to merely degrade, rather than when the signal drops. All in all, it looked like a technology worthy of looking deeper into.
Of interest is this bragging video of their showing 500 wireless clients streaming 100Mbps and then reassociating with the network after a total WAP reboot in 3 minutes. The engineer was quick to point out that the latest product can do it in 90 seconds.
PCI Myths and Mistakes. The talk was well done by a PCI QSA from Accuvant. I was impressed by his continual insistence and proving that PCI DSS is not an IT issue. It is a processes issue that uses technology at certain points. If the IT department is who has been handed the PCI compliance project at your company, then something is terribly wrong. We were introduced to the IT Unified Compliance Framework which is a conglomerate compliance framework that hits many of the different standards, PCI being one of them. ISACA was also given a nod for having different “feature matrices” that compare the different standards to each other so that you know that if you’ve got PCI covered, what few things will remain to gain compliance in a different standard.
SIEM 2.0 – See What Youre Missing. Jim Schaeffer, president of JCS and Associates (which is basically a system integrator), spoke. The talk was nebulous, and I wasn’t sure what was being sold or what was being talked about. This wasn’t a talk about SIEM as a concept. This was what appeared to be a product rundown of several, seemingly unrelated products, that were offered as an integrated bundle on an appliance. The appliance then collected, stored and indexed all of the logs that those products used. The SIEM part of the talk was about how all of the logs that each of the major tools created were cross referenced in a superior way so that you could have better insight into your network. Basically, they take software products that they prefer and have proven and then make sure that the various security products have common threads that allow them to be tied together with the infamous “single pane of glass.”
Their hardware appliance was advertised to take all logs and correlate the data, rather than simple only store the small percentage of events that seem to be security related. They take different products and integrate them onto the appliance and add their own high-level view.
The first product that is used in the usage of their appliance is SafeEnd. Safeend is a suite of software that works on Macs, Windows that allows you to monitor physical ports and data ingress and egress as well as encrypt information on media. It also can show who is on the network with which device an on which wireless network. It’s quite an array of monitoring and controlling features. It’s one agent that is installed and the various flavors and features are licensed with a key.
Ctera is next on their list of integrated products on their appliance. It’s a cloud storage system that is based on heavy, end to end encryption. You have a local store and then a cloud store. You may have heard of the Ctera CloudPlug. They also make larger devices for SMBs.
Next, the appliance tackles the issue of desktop management. It uses Panologic devices as a nextgen thin client. The Buzzword is that it’s a “no client”. There’s no moving parts, no storage, no CPU, no OS. It’s not a traditional PC in that a thin client is just a PC that’s stripped down. There little cubes that are simply a place to plug in a video cable and four USB devices. It’s best use in networks that are sub 10ms. For offsite use of datecenter VDIs, there’s a serialized USB thumbdrive that you can plug into any PC, no matter how hosed it is with virii, and it will connect to the VDI instance as a secure session. It relies on a hypervisor like VMWare, Citrix and/or HyperV. Panologic uses it’s own connection broker, of VMWare View / Citrix XenDesktop. The DVM provisioning and hypervisor are the same as any other VDI implementation.
The last product is called MailScape that is a monitoring solution for Exchange, Active Directory, ActiveSync, BES. Purportedly better than SCOM.
Basically, this session wasn’t about SIEM as much as it was a pitch for JCS and Associates’ own hand-rolled appliance mash-up. It looks decent. It really does. It takes these products, ties them together and allows for some seemingly in-depth reporting in a single place to facilitate SIEM so that you can make sure everything has been working to your specifications. However, this wasn’t anything that was precisely groundbreaking. It’s a mash-up. A good looking mashup, but still… it wasn’t about SIEM as much as it was about an appliance that provided a ton of features and then had a SIEM component in it.
12:15 to 2:45 FOOOOD! Gabbing. Vendor surfing. I ate a hearty meal, robbed the goodie bar and then sat around and talked with some other participants. I spoke to two in particular that had different companies with symbiotic relationships between them. They were local IT, security and etc. providers. We shared stories (some really, really wild ones that shall not be reprinted) and business tips. I learned a lot from them. I then vendor surfed, dropped business cards, asked for info and again learned a ton about the local business climate.
Keynote: Chris Roberts of One World Labs gave a security / hacker themed keynote. He was witty and a good presenter. The presentation was ho-hum with plenty of the same “Oooo” and “Ahhhh” stories of “hacking” exploits that could have crippled businesses, enterprises, prisons, power plants, military installations and the like. I’m not taking anything away from Chris, however, these kinds of talks are a dime a dozen among security conferences. Then again, nothing original was promised, so that’s fine. It causes one to stop and think about their own security practices. It was a good refresher talk.
You can see a few minutes of the same talk given at an earlier conference here:
You can see him in a drama filled video complete with crying women and violins here:
Afterwards there was a raffle for tons of vendor prizes. I won a Nintendo Wii that included an extra wand, an extra “Nunchuk” and a copy of AMF Bowling. I was going to sell it on eBay for a few dollars, but decided to give it to my mom to play with. She’s been eyeing one for a while now.
All in all it was a fine vendor driven conference. Nothing groundbreaking, nothing terribly disappointing. I learned about new vendors, was re-acquainted with some old ones and got a Wii. What more can one ask for?