Upload
sagrav
View
217
Download
0
Tags:
Embed Size (px)
DESCRIPTION
technical report
Citation preview
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Improving your business through applications that you can trustEduardo Vianna de Camargo Neves, CISSPSales Manager, Enterprise Accounts Brazil
HP Protect 2014 – Washington, DC
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.2
1996 1998 2001 2013 2014
IT Network Security Consultant
CISO Fortify Specialist
Sales Manager
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Let´s talk about trust.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Track history is only one component of a complex equation.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Threats can emerge from unlikely places.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
But if you can figure out when a threat is coming…
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
You can plan an apply an effective defense system.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
But to work, we need to rethink what we learned about trust.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.9
U$ 7,22 millions per yearis the average investment per company to solve issues generated by cybercrime
Source: 2013 Cost of Cyber Crime Study: Global Report, Sponsored by HP Enterprise Security
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.10
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Something must change if we want to succeed.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Understanding the current attack surface.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.15
Making U$ 92 millions in five simple steps
1
1Find a software security defect.
2
2Inject a malware on the system.
3
3Hide your presence from current defenses.
4
4Extract all credit card data you want.
5 Sell the data for a large and hungry customer base.
5
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.165X
84%
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.17
The root-cause analysis for software security
0.40
Design Build Test Deploy
1.752.25
Architecture Definition Software Build Test Scoping
System Integration
Source: Jones, Casper. “Software Defect Origins and Removal Methods”. December, 2012
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.18
What we can expect for a near future
Hybrid Models RisksBig Data
Local ITLocal + Cloud
+ ?Megabytes Zetabytes Localized Contextualized
• More complexity• Less visibility and
control• New threats may be
unknown
• More analysis requirements
• Structured x Non-structured
• Decision taking
• Compliance requirements
• Distributed attack surface
• Holistic Risk Management
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.19
HP Fortify as a enabler for trustful software
ApplicationProtection
Software Security Assurance
Application Assessment
Find FixFortif
y
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.20
HP Fortify on the Software Development Lifecycle
HP Fortify SCA
HP WebInspect
Design Build Test Deploy
HP Fortify RTA
HP ApplicationView
HP Fortify SSC
HP Fortify on Demand
HP FortifyIDE Plug-Ins
Training Sessions
ProfessionalServices
HP Application Defender
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.21
Secure software can generate measurable benefits for the entire organization
Working with trusted software
Rational money allocation
Strategic and measurable
results
Pro active compliance measures
Integrated approach to
control the attack surface
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.22
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
”
“Change is the law of life. And those who look only to the past or present are certain to miss the future.John F.
Kennedy
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Thank you.