SANS Technology Institute: Security Laboratory
Welcome to the Security Laboratory. I'm Stephen Northcutt and like many of you I am a manager and leader with an information technology job. At the SANS Technology Institute, we are always striving to become more skilled and knowledgeable in computer security as well as the people side of the job. The "Security Labratory", for you creative spellers, is an informal set of articles and whitepapers, almost a blog, about security, information technology, and the computer security industry. As we learn more, ponder issues and research content for SANS Security 401 Security Essentials and the GIAC Security Essentials Certification, we will continue to add to this site. Our hope is for this to be a resource for the community and we would love to hear from you. Feel free to drop us a note at stephen@sans.edu.
Click here to subscribe to the Security Laboratory Article Feed
- Security Laboratory: Thought Leaders
Stephen Northcutt from the security laboratory conducts in depth interviews with the thought leaders in information security. For every novel security product, there is a thought leader, a man or woman of vision that sees the need and guides the creation of the security product. If there is someone missing whose voice you feel should be heard, drop me a note, stephen@sans.edu
What is a Security Thought Leader - March 22nd, 2008
By Stephen Northcutt
With the Security Thought Leader project Stephen hopes to introduce you to some really great men and women. A security thought leader can be defined by certain criteria: a person who is recognized by their peers as a thought leader, who passes their information on to help others, who has innovative ideas, and who shares ideas as actionable distilled insights.
Amrit Williams, Chief Technology Officer, BigFix - June 30th, 2008
By Stephen Northcutt
Amrit Williams, Chief Technology Officer at BigFix, was formerly a research director in the Information Security and Risk Research Practice at Gartner, Inc. He is certainly a security thought leader and if you have not been introduced to him before, we are sure you will find he has some interesting out of the box opinions.
Andrew Hay, Q1 Labs - May 13th, 2008
By Stephen Northcutt
Andrew Hay, one of the authors of the popular OSSEC Host-Based Intrusion Detection Guide and upcoming Nagios 3 Enterprise Network Monitoring book has agreed to be interviewed for the SANS Security Thought Leader series.
Gene Schultz, CTO of High Tower - April 4th, 2008
By Stephen Northcutt
The Security Laboratory is pleased to interview Dr. Gene Schultz, one of the most experienced security practitioners in the field.
Tomasz Kojm, original author of ClamAV - April 3rd, 2008
By Stephen Northcutt
Tomasz Kojm is the original author of ClamAV, an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways.
Bill Johnson, CEO TDI - April 2nd, 2008
By Stephen Nortcutt
Bill Johnson, CEO TDI, was the first person in the industry, that I am aware of, to sound the clarion call that we might be vulnerable to attacks via the Baseboard Management Controller (BMC). That certainly qualifies him as a security thought leader, and we thank him for his time.
Gene Kim, Tripwire - March 14th, 2008
By Stephen Northcutt
Gene Kim is one of the original authors of Tripwire, a software product used to manage configurations and change. Gene is willing to share his thoughts on virtualization with the Security Laboratory thought leadership series, and we certainly thank him for his time!
Kevin Kenan, Managing Director, K2 Digital Defense - March 14th, 2008
By Stephen Northcutt
Imperva and a few other vendors are starting to understand the importance of database security and release product, but Kevin Kenan, Managing Director, K2 Digital Defense picked up on this long ago.
Leigh Purdie, InterSect Alliance, co-founder of Snare - March 7th, 2008
By Stephen Northcutt
Perhaps, one of the hottest topics in 2008 is log file analysis (who would have guessed). And while the commercial tools are getting a lot of the press, an open source and also commercial tool is ending up on a lot of systems. It is called Snare and Leigh Purdie is the thought leader behind the project. He has been willing to invest the time for a thought leadership interview with the Security Laboratory
Marty Roesch, Sourcefire CEO and Snort creator - February 26th, 2008
By Stephen Northcutt
I keep thinking about the news reports that Chinese hackers managed to exfiltrate six terabytes of sensitive data from a large number of systems belonging to the Department of Homeland Security in November 2007. It seems like that would be impossible to do without being detected. But, I have to wonder, since the famous Richard Stiennon paper, Intrusion Detection is Dead, organizations have been replacing IDS with IPS, and maybe, just maybe, they think the devices do their job in some kind of "fire and forget" mode. Sourcefire was kind enough to allow me to interview Snort creator and Sourcefire CEO Marty Roesch on this topic.
Dr. Anton Chuvakin, Chief Logging Evangelist with LogLogic - January 28th, 2008
By Stephen Northcutt
Dr. Anton Chuvakin from LogLogic is probably the number one authority on system logging in the world, and his employer is probably the leading vendor for logging, so we appreciate this opportunity to share in his insights.Kishore Kumar, CEO of Pari Networks - January 23rd, 2008
By Stephen Northcutt
One of the ongoing research projects in the Security Laboratory is to work with the thought leaders in information security to get an understanding of their vision for our industry. We have recently had the honor of working with Kishore Kumar, CEO of Pari Networks, and we certainly thank him for his time.
Ivan Arce, CTO of Core Security Technologies - October 26th, 2007
By Stephen Northcutt
Ivan Arce, Chief Technology Officer of Core Security Technologies, sets the technical direction for the company and is responsible for overseeing the development, testing and deployment of all Core products. He talks with us here about the recent update to their product to include web application testing, the latest web attack techniques, and his security philosophy.Mike Weider, CTO for Watchfire - Updated July 23rd, 2007
By Stephen Northcutt
Stephen Northcutt interviews Mike Weider, CTO of Watchfire, regarding recent trends in web app vulnerabilities as well as his company's solutions for web application security.
Jeremiah Grossman, Founder and CTO of WhiteHat Security - July 12th, 2007
By Stephen Northcutt
Jeremiah Grossman, founder and CTO of WhiteHat Security, talks with Stephen Northcutt about the state of web application security as well as WhiteHat's approach to website vulnerability assessment and management.
Interview with authors of The Art of Software Security Assessment - Updated July 9th, 2007
By Stephen Northcutt
The Leadership Laboratory recently posted a book review of The Art of Software Security Assessment. The book raises a number of issues that we would love to explore further and the authors, Mark Dowd, John McDonald and Justin Schuh have graciously agreed to an interview. One section was titled Code Auditing and the Development Life Cycle and we used that as the basis of the interview.
Ryan Barnett, Director of Application Security Training at Breach Security, Inc. - June 29th, 2007
By Stephen Northcutt
Ryan Barnett, Director of Application Security Training at Breach Security, Inc. talks with Stephen Northcutt about the current state of web application security.
Dinis Cruz, Director of Advanced Technology, Ounce Labs - June 11th, 2007
By Stephen Northcutt
Dinis Cruz, Director of Advanced Technology for Ounce Labs, talks with Stephen Northcutt about the many facets of OWASP, as well as the important questions that need real answers in order to develop secure web applications.
Brian Chess, Chief Scientist for Fortify Software - June 9th, 2007
By Stephen Northcutt
Brian Chess, Chief Scientist for Fortify Software, talks with Stephen Northcutt about static analysis and other web application security solutions.
Caleb Sima, CTO for SPI Dynamics - Updated May 29th, 2007
By Stephen Northcutt
Stephen Northcutt interviews Caleb Sima about the development of Caleb's company, SPI Dynamics, and the increasing need for solutions for web application security.
An Interview with David Hoelzer, author of DAD, a log aggregator - May 1st, 2007
By Stephen Northcutt
An interview with David Hoelzer describing DAD, an open source Windows event log and syslog management tool that allows you to aggregate logs from hundreds to thousands of systems in real time.
An Interview with Ron Gula from Tenable about the role of a vulnerability scanner in protecting sensitive information - March 22nd, 2007
By Stephen Northcutt
In a new twist for vulnerability scanners, Nessus can now search for sensitive information like Social Security Numbers and Credit card numbers.
