Professional Documents
Culture Documents
Improving Your Business Through Applications That You Can Trust - HP Protect 2014
Improving Your Business Through Applications That You Can Trust - HP Protect 2014
through applications
that you can trust
Eduardo Vianna de Camargo Neves, CISSP
Sales Manager, Enterprise Accounts Brazil
HP Protect 2014 Washington, DC
Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
1996
1998
2001
2013
2014
IT Network
Security
Consultant
CISO
Fortify
Specialist
Sales
Manager
Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
But to work,
we need to
rethink what
we learned
about trust.
Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
10
Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Something
must
change if we
want to
succeed.
Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Understanding the
current attack surface.
Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Find
a software security defect.
1
Inject
a malware on the system.
2
2
5
Extract
all credit card data you want.
4
15
Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
84%
16
5X
Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Build
Architecture
Definition
Software Build
2.25
1.75
Test
Deploy
Test Scoping
0.40
Source: Jones, Casper. Software Defect Origins and Removal Methods. December,
2012
17
System
Integration
Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Local IT
Local + Cloud
+?
More complexity
Less visibility and
control
New threats may be
unknown
18
Big Data
Megabytes
Zetabytes
More analysis
requirements
Structured x Nonstructured
Decision taking
Risks
Localized
Contextualized
Compliance
requirements
Distributed attack
surface
Holistic Risk
Management
Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Application
Assessment
Find
19
Software Security
Assurance
Application
Protection
Fix
Fortif
y
Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
20
Build
Test
Deploy
Training
Sessions
HP Fortify SSC
HP Fortify SCA
HP Fortify RTA
Professional
Services
HP Fortify
IDE Plug-Ins
HP
WebInspect
HP Application
Defender
HP Fortify
on Demand
HP ApplicationView
Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Rational money
allocation
21
Strategic and
measurable
results
Pro active
compliance
measures
Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Integrated
approach to
control the attack
surface
22
Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Kennedy
Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Thank you.
Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.