Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Keynote: Making Security a Competitive Advantage

202 views

Published on

Keynote: Making Security a Competitive Advantage

For more information on Security, please visit: http://cainc.to/CAW17-­Security
For more information on DevSecOps, please visit: http://cainc.to/CAW17-­DevSecOps For more information on Veracode, please visit: http://community.veracode.com

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Keynote: Making Security a Competitive Advantage

  1. 1. Make  Security  a  Competitive  Advantage Mordecai  (Mo)  Rosen   SECURITY SECURITY General  Manager,  Security CA  Technologies General  Manager CA  Veracode Sam  King
  2. 2. 2 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS Eliminate  Barriers   Between  Ideas  and  Outcomes CREATE  AN  AGILE   BUSINESS BUILD  BETTER       APPS  FASTER MAKE  SECURITY  A   COMPETITIVE  ADVANTAGE MAXIMIZE  APPLICATION   PERFORMANCE
  3. 3. 3 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS HOME  AUTOMATION PHYSICAL  SECURITY EHEALTH  DEVICES WEARABLES SMART  METERS SHIPPING  LOGISTICS PROPERTY  MANAGEMENT   ECOLOGY FACTORY  AUTOMATION SMART  PHONES TABLETS CAMERAS PHONES TELEVISIONS AUTOMOBILES THERMOSTATS WWW CHAT  &  IM API SERVICES CLOUD SERVICES First  a  Brief  History  of THE  EXPANDING   DIGITAL   EXPERIENCE  
  4. 4. 4 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS THE  DIGITAL   EXPERIENCE   Is  Between  Users   and  Applications HOME  AUTOMATION PHYSICAL  SECURITY EHEALTH  DEVICES WEARABLES SMART  METERS SHIPPING  LOGISTICS PROPERTY  MANAGEMENT   ECOLOGY FACTORY  AUTOMATION SMART  PHONES TABLETS CAMERAS PHONES TELEVISIONS AUTOMOBILES THERMOSTATS WWW CHAT  &  IM API SERVICES CLOUD SERVICES
  5. 5. 5 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS MAKES  EVERY  COMPANY  A  SOFTWARE  COMPANY APPLICATION EXPLOSION CONSUMERIZED IT CONNECTED ENTERPRISES DIGITAL MARKETPLACES DIGITAL WORKPLACES CONNECTED IOT The  Application  Economy
  6. 6. 6 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS The  Application  Economy REQUIRES  NEW  THINKING  ON  SECURITY FIREWALL IDS/IPS WEB  PROXY ANTI-­VIRUS ANTI-­MALWARE 100% INEFFECTIVE USERS  &  APPS UNDER  ATTACK SHADOW  IT 30% Of  all  attacks  will  be  in   shadow  IT  resources APP  DEFECTS 90% Of  breaches caused   by  application  defects 3RD  PARTY  RISK 70% Of  attacks  targeted a   secondary  source   IDENTITY  FRAUD 80% Of  breaches  used  lost   stolen  &  weak  credentials CREDIT  FRAUD 42% Of  all  data  stolen  is credit  card  data   FireEye  Study  of  6  Months  of  Penetration  Testing  
  7. 7. 7 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS A QUESTION OF TRUST USERS INTERACTIONS APPLICATIONS Security  Becomes
  8. 8. 8 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS CA  Security  Strategy  To   SECURING  THE  APPLICATION  ECONOMY TRUSTED USERS  & APPLICATIONS   PREVENTATIVE   DETECTION  & RESPONSIVE INSIGHT   ANALYTICS  & INTELLIGENCE FRICTIONLESS   SECURITY  & EXPERIENCE CORE  PRINCIPLES  
  9. 9. 9 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS IDENTITY  & ACCESS   APPLICATION SECURITY API SECRUITY PAYMENT SECURITY PRODUCT  PORTFOLIO CA  Security  Strategy  To   SECURING  THE  APPLICATION  ECONOMY
  10. 10. 10 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS LINES  OF  CODE   SCANNED6  TRILLION 1400  CUSTOMERS 400K APPLICATION   SECURITY   ADVISORY   HOURS 35.5M SECURITY  FLAWS  FIXED 4X GARTNER MQ  LEADER 24 LANGUAGES 77 FRAMEWORKS APPLICATION SECURITY CA  VERACODE
  11. 11. 11 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS Ensuring GREAT  SOFTWARE  IS  SECURE  SOFTWARE EMPOWER DEVELOPERS  TO   SECURE  CODE INTEGRATED  INTO CONTINUOUS   DELIVERY EARLY  DETECT TO  REDUCE  COST AUTOMATED  TO   REDUCE  MTTR
  12. 12. 12 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS CODECOMMIT BUILD TEST RELEASE OPERATE SECURITY  INTO  CONTINUOUS  DELIVERY   TEST TEST DevSecOps SECURE  SOFTWARE   DEVELOPENT SECURITY   ASSURANCE OPERATIONAL   APPLICATION  SECURITY Merging
  13. 13. 13 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS CODECOMMIT BUILD TEST RELEASE OPERATE SECURE  SOFTWARE   DEVELOPENT SECURITY   ASSURANCE OPERATIONAL   APPLICATION  SECURITY DevSecOps TEST TEST CA  Veracode  Greenlight CA  Veracode  Static  Analysis CA  Veracode  Web  Application  Scanning CA  Veracode  Runtime  Protection CA  Veracode  Software  Composition  Analysis CA  Veracode  Integrations,  APIs CA  Veracode  eLearning
  14. 14. 14 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS Securing  Applications  With   NEXT  GENERATION  IDENTITY  MANAGEMENT 80%of  all  data  breaches  exploit   lost,  stolen  &  weak  credentials HYBRID CLOUD DEVELOPER APIs BEHAVIOR ANALYTICS
  15. 15. 15 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS API   ENABLED HIGH  SCALE   APPLIANCE HYBRID CLOUD SECURE   CONTINUOUS DELIVERY     PRIVILEGED GOVERNANCE Central  Authentication Credential  Vault Policy  Enforcement Role  -­ Based  Access Federated  Identity Session  Recording CA  Privileged  Access  Manager PROTECTING PRIVILEGED IDENTITY
  16. 16. 16 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS ENABLING APP TO APP TRUST User  &  App   Authentication  API Mobile   Authentication  API Secure  Server   Communications Context  Based Risk  Analysis CA  Rapid  App  Security Risk  Based  Analytics
  17. 17. 17 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS RISK ANALYTICS WORKS EMPIRICALLY
  18. 18. 18 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD        #NOBARRIERS Digital  Payments   Fraud Directory Identity   Management Privileged   Access   Management Single   Sign-­‐on Identity   Governance Risk  Based   Authentication Orchestrating   Identity  &   Access Employees  &   Administrators Customers  &   Partners Internet  of  Things Developers Cloud   Services On   Premise   Apps Mobile Web API CA  Security  &  Identity  Management  Portfolio
  19. 19. 19 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD        #NOBARRIERS CONTROLLING  PRIVILEGED  ACCESS IN  A  WORLD  ON  TIME
  20. 20. 20 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD        #NOBARRIERS CONTROLLING  PRIVILEGED  ACCESS IN  A  WORLD  ON  TIME
  21. 21. 21 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD        #NOBARRIERS CONTROLLING  PRIVILEGED  ACCESS IN  A  WORLD  ON  TIME
  22. 22. 22 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD        #NOBARRIERS CONTROLLING  PRIVILEGED  ACCESS IN  A  WORLD  ON  TIME
  23. 23. 23 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD        #NOBARRIERS CONTROLLING  PRIVILEGED  ACCESS IN  A  WORLD  ON  TIME
  24. 24. 24 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS APPLICATION SECURITY TESTING FRICTIONLESS  
  25. 25. 25 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS APPLICATION SECURITY TESTING FRICTIONLESS  
  26. 26. 26 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS APPLICATION SECURITY TESTING FRICTIONLESS  
  27. 27. 27 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS ARTHUR WONG Interview  With SVP  &  GM DXC  Security  
  28. 28. 28 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS ARTHUR WONG Interview  With SVP  &  GM DXC  Security  
  29. 29. 29 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS ARTHUR WONG Interview  With SVP  &  GM DXC  Security  
  30. 30. 30 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS ARTHUR WONG Interview  With SVP  &  GM DXC  Security  
  31. 31. 31 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS BREAKING BARRIERS AWARD Mo  Ahddoud First  UK  critical  infrastructure   company  running  100%  in   the  cloud   Todd  Oxford Enabled  disaster  recovery   access  to  comply  with  FEMA   first  &  second  line  response   regulations Mark  Merkow Integrating  app  security   testing  into  SDLC  for  500+   developer  organization
  32. 32. 32 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS BREAKING BARRIERS AWARD Mo  Ahddoud First  UK  critical  infrastructure   company  running  100%  in   the  cloud   Todd  Oxford Enabled  disaster  recovery   access  to  comply  with  FEMA   first  &  second  line  response   regulations Mark  Merkow Integrating  app  security   testing  into  SDLC  for  500+   developer  organization
  33. 33. 33 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS BREAKING BARRIERS AWARD Mo  Ahddoud First  UK  critical  infrastructure   company  running  100%  in   the  cloud   Todd  Oxford Enabled  disaster  recovery   access  to  comply  with  FEMA   first  &  second  line  response   regulations Mark  Merkow Integrating  app  security   testing  into  SDLC  for  500+   developer  organization
  34. 34. 34 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS BREAKING BARRIERS AWARD Mo  Ahddoud First  UK  critical  infrastructure   company  running  100%  in   the  cloud   Todd  Oxford Enabled  disaster  recovery   access  to  comply  with  FEMA   first  &  second  line  response   regulations Mark  Merkow Integrating  app  security   testing  into  SDLC  for  500+   developer  organization
  35. 35. 35 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS CA  World ’17 See  the  latest   innovation  in   the  demo  area   Immerse  in  all   of  the  customer   case  studies   on  stage Meet  with  our   product  teams   at  the  executive   center
  36. 36. 36 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS Thank  you. Stay  connected  at  communities.ca.com &  community.veracode.com
  37. 37. 37 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS Security  and  DevSecOps For  more  information  on  Security, please  visit:  http://cainc.to/CAW17-­Security For  more  information  on  DevSecOps, please  visit:  http://cainc.to/CAW17-­DevSecOps For  more  information  on  Veracode, please  visit:  http://community.veracode.com

×