Scribd Logo
Upload

Welcome to Scribd!

  • Improving Your Business Through Applications That You Can Trust - HP Protect 2014

    Uploaded by

    sagrav
    13 views24 pages
    technical report

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    technical report

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    13 views24 pages

    Improving Your Business Through Applications That You Can Trust - HP Protect 2014

    Uploaded by

    sagrav
    technical report

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 24

    Improving your business

    through applications
    that you can trust
    Eduardo Vianna de Camargo Neves, CISSP
    Sales Manager, Enterprise Accounts Brazil
    HP Protect 2014 Washington, DC
    Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

    1996

    1998

    2001

    2013

    2014

    IT Network

    Security
    Consultant

    CISO

    Fortify
    Specialist

    Sales
    Manager

    Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

    Lets talk about trust.

    Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

    Track history is only one


    component of a complex
    equation.

    Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

    Threats can emerge from


    unlikely places.

    Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

    But if you can


    figure out when
    a threat is
    coming
    Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

    You can plan an apply an


    effective defense system.
    Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

    But to work,
    we need to
    rethink what
    we learned
    about trust.

    Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

    U$ 7,22 millions per year


    is the average investment per
    company to solve issues generated
    by cybercrime
    Source: 2013 Cost of Cyber Crime Study: Global Report, Sponsored by HP Enterprise Security

    Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

    10

    Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

    Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

    Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

    Something
    must
    change if we
    want to
    succeed.

    Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

    Understanding the
    current attack surface.

    Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

    Making U$ 92 millions in five simple


    steps

    Find
    a software security defect.
    1
    Inject
    a malware on the system.
    2

    2
    5

    Sell the data for a large


    and hungry customer
    base.

    3 your presence from current defenses.


    Hide

    Extract
    all credit card data you want.
    4
    15

    Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

    84%
    16

    5X

    Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

    The root-cause analysis for software


    security
    Design

    Build

    Architecture
    Definition

    Software Build

    2.25

    1.75

    Test

    Deploy

    Test Scoping

    0.40

    Source: Jones, Casper. Software Defect Origins and Removal Methods. December,
    2012
    17

    System
    Integration

    Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

    What we can expect for a near future


    Hybrid Models

    Local IT

    Local + Cloud
    +?

    More complexity
    Less visibility and
    control
    New threats may be
    unknown

    18

    Big Data

    Megabytes

    Zetabytes

    More analysis
    requirements
    Structured x Nonstructured
    Decision taking

    Risks

    Localized
    Contextualized
    Compliance
    requirements
    Distributed attack
    surface
    Holistic Risk
    Management

    Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

    HP Fortify as a enabler for trustful


    software

    Application
    Assessment

    Find
    19

    Software Security
    Assurance

    Application
    Protection

    Fix

    Fortif
    y

    Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

    HP Fortify on the Software


    Development Lifecycle
    Design

    20

    Build

    Test

    Deploy

    Training
    Sessions

    HP Fortify SSC

    HP Fortify SCA

    HP Fortify RTA

    Professional
    Services

    HP Fortify
    IDE Plug-Ins

    HP
    WebInspect

    HP Application
    Defender

    HP Fortify
    on Demand

    HP ApplicationView

    Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

    Working with trusted software


    Secure software can generate measurable benefits for the entire
    organization

    Rational money
    allocation

    21

    Strategic and
    measurable
    results

    Pro active
    compliance
    measures

    Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

    Integrated
    approach to
    control the attack
    surface

    22

    Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

    Change is the law of


    life.
    And those who look
    only to the past or
    present are certain to
    miss the future.
    John F.

    Kennedy

    Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

    Thank you.

    Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

    You might also like