Black Hat DC 2011 //sponsors
Hyatt Regency Crystal City • Jan 16 - 19
Microsoft is proud to be a continuing sponsor of the Black Hat Security conference. We appreciate Black Hat providing a unique forum in which security researchers from all over the world, IT Pros and industry luminaries can gather to share insights, knowledge and information to advance security research.
Microsoft remains dedicated to software security and privacy and continues to collaborate with the community of people and technology organizations helping to protect customers and the broader ecosystem, Microsoft is also dedicated to software security and privacy.
Since the onset of Trustworthy Computing we have fostered a culture of security within Microsoft that includes developing secure code, building strong relationships with industry researchers and partners, and providing guidance to help protect customers. We would like to thank all of the customers, partners and security researchers who have worked with us to advance the state of the art in security science. Only by working together with partners, researchers and the community can we all ensure the advancement and success of the technology industry.
IBM Security Solutions include an extensive portfolio of hardware, software solutions, professional and managed services offerings covering the spectrum of IT and business security risks: people and identity, data and information, application and process, network, server and endpoint and physical infrastructure, empowering clients to innovate and operate their businesses on the most secure infrastructure platforms. Through world-class solutions that address risk across the enterprise, IBM helps organizations build a strong security posture that helps reduce costs, improve service, and manage risk. IBM X-Force(R) Research and Development is one of the most renowned commercial security research and development groups in the world. The combined power of IBM security research and monitoring includes more than 7 billion security related events daily, more than 48 thousand vulnerabilities tracked in the X-Force database, 15 thousand security experts, and more than 3 thousand security and risk management patents. According to a recent IBM X-Force report, 49% of vulnerabilities are Web application vulnerabilities. For more information on how to address today’s biggest risks and to see a demonstration of IBM Rational AppScan, AppScan Source Edition and IBM Security Network Intrusion Prevention System (IPS) please visit us at ibm.com/security.
Tenable Network Security is a privately held company founded in 2002 by security product innovators Ron Gula, Renaud Deraison and Jack Huffard and joined by Tenable CSO Marcus Ranum. Tenable's technical leaders have all created market leading and award winning products individually (Nessus, Dragon IDS, Gauntlet Firewall, TIS firewall tool kit) prior to joining forces at Tenable to develop a Unified Security Monitoring™ approach based on the award-winning Nessus® scanner engine. Tenable’s strong portfolio of premium point products are tightly integrated in to the Unified Security Monitoring suite. Tenable’s SecurityCenter provides continuous, asset-based security and compliance monitoring that unifies the process of asset discovery, vulnerability detection, data leakage detection, event management and configuration auditing for small and large enterprises. Tenable’s Nessus vulnerability scanner is the world-leader in active scanners, featuring high-speed discovery, asset profiling and vulnerability analysis of the organization’s security posture. Tenable’s Log Correlation Engine (LCE) aggregates, normalizes, correlates and analyzes event log data from the myriad of devices within the infrastructure. The Log Correlation Engine is closely integrated with the Security Center to centralize log analysis and vulnerability management and can integrate and correlate data from third party IDS sources. Tenable’s Passive Vulnerability Scanner (PVS) is a network discovery and vulnerability analysis software solution, that delivers real-time network profiling and monitoring for continuous assessment of an organization’s security posture in a non-intrusive manner. Where an active scanner takes a snapshot of the network in time, the PVS behaves like a security motion detector on the network.
An important strength of Tenable is the depth of security talent under one roof. Tenable's technical leaders have all created market leading and award winning products individually (Nessus, Dragon IDS, Gauntlet Firewall, TIS firewall tool kit) prior to joining forces at Tenable. Tenable's Unified Security Monitoring approach is their combined vision on how to monitor and secure enterprise networks. For more information, please visit: www.tenablesecurity.com
Trustwave is the leading provider of on-demand and subscription-based information security and compliance management solutions to businesses and government entities throughout the world. Trustwave has helped thousands of organizations ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers manage compliance and secure their network infrastructure, data communications and critical information assets.
SpiderLabs is Trustwave's advanced security team responsible for incident response & forensics, penetration testing and application security for Trustwave's clients. In addition, the team provides intelligence and research to enhance Trustwave's product and service offerings through real-world experience. SpiderLabs has responded to hundreds of security incidents, performed thousands of penetration tests, and security tested hundreds of business applications for the organizations ranging from the largest companies in the world to nimble startups. Members of SpiderLabs are frequently asked to speak at security conferences around the world including Black Hat, DEFCON, OWASP, SANS, SecTor, ShmooCon, SOURCE, ToorCon, and YSTS.
Trustwave is headquartered in Chicago with offices throughout North America, South America, Europe, Africa, Asia and Australia.
ArcSight, an HP company, is a leading global provider of cybersecurity and compliance solutions that protect organizations from enterprise threats and risks. Based on the market-leading SIEM offering, the ArcSight Enterprise Threat and Risk Management (ETRM) platform enables businesses and government agencies to proactively safeguard digital assets, comply with corporate and regulatory policy and control the internal and external risks associated with cybertheft, cyberfraud, cyberwarfare and cyberespionage. For more information, visit www.arcsight.com.
Core Security Technologies is the leader in commercial-grade penetration testing software solutions that IT executives rely on to expose vulnerabilities, measure operational risk, and assure security effectiveness. The company’s CORE IMPACT product family offers a comprehensive approach to assessing the security of network systems, endpoint systems, email users, web applications and wireless networks against complex threats.
Since 2002, Fidelis Security Systems has been providing organizations with the power to protect their sensitive information from cyber attacks and resulting data breaches. Built on a patented Deep Session Inspection™ platform, the Fidelis Extrusion Prevention System® is the industry's only next-generation network security solution with the real-time visibility and control necessary to identify custom attacks and stop data breaches at the session level, where today’s threats occur. Fidelis enables government, military, and commercial enterprise customers around the globe to see, study, and stop advanced threats with a single engine for real-time proactive situational awareness.
Foreground Security is a premiere cyber security service provider who understands the critical importance of partnering with our clients in managing the risks to today’s business enterprise. We focus solely on cyber security and have a rich history of proven success in assisting our clients in strengthening their organization’s security posture while preparing their business for the unknown, future threat landscape. Foreground Security was founded by security architects and engineers who today are highly sought after for their deep knowledge, experience, and expertise across the full spectrum of cyber security.
General Dynamics Advanced Information Systems provides end-to-end mission solutions in systems integration, development and operations support to Homeland Security, the Intelligence Community, Law Enforcement, and the Defense Department. Based on our experience supporting many cyber security programs including: US-CERT and Department of Defense Cyber Crime Center, we deliver proven cyber defense-in-depth solutions to actively defend large enterprise and national networks. For additional information, visit www.gd-ais.com/cyber.
HBGary, Inc. was founded in 2003 by renowned security expert and successful entrepreneur Greg Hoglund, who cofounded several other network security companies including Cenzic and Bugscan. HBGary offers a complete, continuous protection product suite with an unparalleled capability for countering advanced cyber-threats such as APT while also increasing scalability and reducing cost for security operations. Current customers include Fortune 500 financial, pharmaceutical and entertainment companies as well as Department of Defense, Intelligence Community and U.S. government agencies. HBGary is headquartered in Sacramento with offices in Washington D.C. For more information, please visit http://www.hbgary.com.
Established in 1998, IOActive is an industry leader that offers comprehensive computer security services with specializations in smart grid technologies, application security and compliance. Boasting a well-rounded and diverse clientele, IOActive works with a majority of Global 500 companies including power and utility, game, hardware, retail, financial, media, travel, aerospace, healthcare, high-tech, social networking and software development organizations.
IOActive offers a level of customer commitment and quality that has prompted its selection as one of the three firms in the world trusted to perform the mission-critical code reviews and penetration-tests of all of Microsoft's flagship operating system products. Headquartered in Seattle, Washington and London, England, with satellite offices around the world, we are ready to help you with your global enterprise security needs.
As a home for highly skilled and experienced professionals, IOActive attracts the likes of Barnaby Jack, Ilja van Sprundel, Mike Davis and Michael Milvich—talented consultants who contribute to the growing body of security knowledge by speaking at such elite conferences as Black Hat and Ruxcon.
Lookingglass Cyber Solutions is a cyber security software company, delivering vision, awareness, and intelligence beyond the traditional boundaries to protect enterprise networks and critical infrastructure. Lookingglass’ core product, ScoutVision™, monitors impacts to critical communications networks and infrastructure during cyber attacks, network outages, physical terror attacks, natural disasters, and other destructive activity. Clients are enabled to understand and put into perspective the threats imposed upon the enterprise by those occurring throughout the global Internet.
ScoutVision™ delivers a dynamic view of the world’s enterprise and Internet activity fusing global and internal threat feeds with proprietary sources. Lookingglass offers IP Threat Sharing, BGP Monitoring, DNS Wellness, and Phishing Awareness through an intuitive situational awareness platform. Features include:
- Analytics and Visualization
- Malicious and IP Threat Intelligence
- Physical and Logical Threat Mapping
- Collaboration and Alerting
MITRE's "Making Security Measurable" cybersecurity effort provides standards-based building blocks for transforming security in the enterprise. Through development and adoption of standard enumerations, establishment of languages and interface standards for conveying information amongst tools and organizations, and by sharing security guidance and measurement goals with others by encoding them in these standard languages and concepts, organizations across the world can dramatically change their security posture, vendor independence and flexibility. Come visit us to learn more about MITRE's community efforts: CVE®, CCE™, CPE™, CAPEC™, CWE™, CEE™, MAEC™, and OVAL™ initiatives.
NetWitness® Corporation provides the world’s most powerful real-time network security analysis platform. NetWitness helps government and commercial organizations detect, prioritize and remediate complex IT risks that are invisible to other technologies. NetWitness solutions solve a wide variety of information security problems including: advanced threat management; sensitive data discovery and sophisticated data leakage detection; zero-day malware activity discovery; insider threat management; and the continuous monitoring of security policies and controls. NetWitness customers include government agencies around the world as well as private sector organizations in banking, energy, telecommunications, retail, healthcare, education, technology, and many other sectors within Global 1000 organizations.
NitroSecurity is the leader in high-performance, content-aware SIEM solutions. Our integrated NitroView solutions provide real time visibility into events, flows and logs and monitor networks, databases and application data. Utilizing the industry’s fastest analytical tools, NitroSecurity enables compliance and detects and identifies cyberthreats in minutes instead of hours.
Pico Computing offers scalable, FPGA-based platforms for HPCapplications including cryptography, signal and video processing, and bioinformatics. We specialize in highly integrated computing platforms based on FPGAs. Offer standard and custom products; and engineering services. We are experts in FPGA-accelerated computing for the security market. Our M-Series boards offer high performance for the most demanding security applications. Deploy multiple M-Series boards in a SC cluster for truly amazing levels of password cracking performance - up to 96 FPGAs in a standard 4U chassis. For more information or to request a free Security White Paper, visit www.picocomputing.com
Qualys, Inc. is the leading provider of on demand IT security risk and compliance management solutions – delivered as a service. Qualys’ Software-as-a-Service solutions are deployed in a matter of hours anywhere in the world, providing customers an immediate and continuous view of their security and compliance postures.
The QualysGuard® service is used today by more than 4,000 organizations in 85 countries, including 42 of the Fortune Global 100 and performs more than 500 million IP audits per year. Qualys has the largest vulnerability management deployment in the world at a Fortune Global 50 company.
Qualys has established strategic agreements with leading managed service providers and consulting organizations including BT, Etisalat, Fujitsu, IBM, I(TS)2, LAC, NTT, SecureWorks, Symantec, Tata Communications and TELUS.
For more information, please visit: www.qualys.com
Rapid7 is the leading provider of unified vulnerability management and penetration testing solutions, delivering actionable intelligence about an organization’s entire IT environment. Rapid7 offers the only integrated threat management solution that enables organizations to implement and maintain best practices and optimize their network security, Web application security and database security strategies. Rapid7 also manages the Metasploit Project, the leading open-source penetration testing platform with the world’s largest database of public, tested exploits.
Recognized as the fastest growing vulnerability management company in the U.S. by Inc. Magazine, Rapid7 helps leading organizations such as Liz Claiborne, Southern Company, the United States Postal Service, the New York Times, Carnegie Mellon University and the National Nuclear Security Administration (NNSA) to mitigate risk and maintain compliance for regulations such as PCI, HIPAA, FISMA, SOX and NERC . Rapid7 also manages the Metasploit Project, the leading open-source penetration testing platform with the world’s largest database of public, tested exploits.
For more information, visit: www.rapid7.com
RedSeal Systems is a leading provider of Security Posture Management software that enables enterprises to automatically, continuously and comprehensively assess and strengthen their cyber-defenses. Unlike systems that detect attacks once they occur, RedSeal identifies holes in the security infrastructure that could be exploited—before hackers discover them. RedSeal software analyzes the security capabilities of the infrastructure as a whole rather than simply the behavior of individual devices. By understanding the mitigating effects of network controls on vulnerabilities, impact and threats, RedSeal is able to deliver continuous monitoring and near real-time cyber-security situational awareness in compliance with FISMA and other regulations.
Research In Motion
The company behind the BlackBerry Smartphone.
Research In Motion (RIM) develops integrated hardware, software and services that support multiple wireless networks. RIM is best known for creating the BlackBerry® smartphone and providing solutions that allow seamless, mobile access to time-sensitive information through email, phone, text messages, the Internet and applications.
The RIM portfolio of award-winning products is used by thousands of organizations around the world.
Like a surveillance camera for your network, Solera Networks™ enables real-time network forensics and threat prevention by recording all network traffic on both physical and virtual networks. Every network packet is stored, indexed, and can be searched and replayed at anytime to determine the full source and scope of any event. Solera Networks integrates with security innovators like ArcSight, FireEye, Palo Alto Networks, Sourcefire and SonicWALL and others to provide full-fidelity replay and greater context to security notifications and events.
For more information, visit www.soleranetworks.com.
Intel participates in the BlackHat conference because we are interested in improving and strengthening our relationships with the information security community.
Making computing safer for everyone worldwide is a priority at Intel. We see trustworthy computing as more than just building the best security features in our chips and other products. Security isn’t a product, it’s a mindset.
In the event that vulnerabilities are identified post-release, Intel has a Product Security Incident Response Team (PSIRT) and a product security portal at www.intel.com/security. If you discover a potential security vulnerability in an Intel product, please contact iPSIRT at secure (at) intel.com.