SlideShare a Scribd company logo

Pactera - Cloud, Application, Cyber Security Trend 2016

Kyle Lai
Kyle Lai

This document summarizes cybersecurity trends from surveys conducted in 2016. It finds that 38% of organizations have a maturing application security program, while 41% cited public-facing web applications as the leading cause of breaches. Regarding cloud security, 79% of respondents are implementing or using cloud environments actively, with infrastructure as a service being the most popular service. The document also introduces Pactera's cybersecurity services capabilities, which include application security testing, secure development training, and third-party risk management.

1 of 24
Download to read offline
1© Pactera. Confidential. All Rights Reserved. Cybersecurity & Application Security Trend Pactera Cybersecurity Services August, 2016
©Pactera.Confidential.AllRightsReserved. 2 Agenda  Application Security Trend  Cloud Security Trend  DevOps Security (SecDevOps) Trend  Introduce Pactera Cybersecurity Services
©Pactera.Confidential.AllRightsReserved. 3 Application Security Survey 38% have a "maturing" Application Security program 40% have documented approaches and policies to which third-party software vendors must adhere 41% named public-facing web applications as the leading cause of breaches Source: SANS 2016 Application Security Survey - 475 respondents
©Pactera.Confidential.AllRightsReserved. 4 Critical Vulnerabilities Caused by Coding Issues 38% Source: SANS 2016 Application Security Survey
©Pactera.Confidential.AllRightsReserved. 5 Time to Patch Critical Application Vulnerabilities Source: SANS 2016 Application Security Survey
©Pactera.Confidential.AllRightsReserved. 6 Maturity of Application Security Programs from Survey 62.8% Source: SANS 2016 Application Security Survey
©Pactera.Confidential.AllRightsReserved. 7 Top Application Security Concerns Source: SANS 2016 Application Security Survey 1. Lack of application security skills, tools, and methods 2. Lack of funding and management buy-in 3. Silos between security, development and business units 4. Identifying all applications in the portfolio 5. Fear of modifying production code (might “break the app”)
©Pactera.Confidential.AllRightsReserved. 8 Top Application Security Processes and Controls in Place Source: SANS 2016 Application Security Survey Most bang for the buck! 1. Train developers on application security 2. Perform periodic vulnerability scanning 3. Inventory and assess all applications 4. Commission penetration testing by a third-party 5. Use Internal Penetration Testing 6. Incorporate continuous vulnerability scanning (dynamic scanning)
©Pactera.Confidential.AllRightsReserved. 9 Application Security: Distribution of Malicious Attacks Attack Types: DT, HTTP, RFI, Spam, SQLi, and XSS attacks Source: 2016 Imperva Web Application Attack Report Ed. 6 2.5 times more Cross-Site Scripting attacks 3 times more SQL Injection attacks 3 out of 4 applications were targeted
©Pactera.Confidential.AllRightsReserved. 10 Cloud Adoption Source: CloudPassage 2016 Security Survey Report 79% of respondents are either in planning or trial stages, currently implementing or in active production cloud environments
©Pactera.Confidential.AllRightsReserved. 11 Top Cloud Service Delivery and Providers Source: CloudPassage 2016 Security Survey Report
©Pactera.Confidential.AllRightsReserved. 12 BARRIERS TO CLOUD ADOPTION Source: CloudPassage 2016 Security Survey Report
©Pactera.Confidential.AllRightsReserved. 13 Cloud Security Concerns Source: CloudPassage 2016 Security Survey Report
©Pactera.Confidential.AllRightsReserved. 14 Biggest Security Threats in Public Cloud Source: CloudPassage 2016 Security Survey Report
©Pactera.Confidential.AllRightsReserved. 15 Top Cloud Security Concerns Source: CloudPassage 2016 Security Survey Report
©Pactera.Confidential.AllRightsReserved. 16 DevOps Security (SecDevOps) - Pay Attention to Security Conducting a security review process for all major features but not slow down development Integrating security testing & controls into SDLC - Dev, QA & Ops (include design review, demo review, demo feedback) Security is an integral part of continuous delivery High performers spend 50% less time remediating security issues Automate security testing process to include testing the security requirements App Security group made pre-approved, easy to use libraries, packages, toolchains, processes for developers and IT Ops to use 2016 State of DevOps Report – by Puppet + DORA Results:
©Pactera.Confidential.AllRightsReserved. 17 DevOps Security (SecDevOps) – continues. 2016 State of DevOps Report – by Puppet + DORA • Security is an integral part of continuous delivery • High performers spend 50% less time remediating security issues
Pactera Cybersecurity Services Introduction
©Pactera.Confidential.AllRightsReserved. 19Who’s Pactera - Serving Top Global Brands Across Key Industries BFSI Technology Telecom Manufacturing & Retail Others North America & EU 42% Greater China 47% Asia Pacific 11% 35% 43% 8% 12% 2% Source: Pactera, 2015 estimated revenue data
©Pactera.Confidential.AllRightsReserved. 20Pactera: Exceptional Record of Security, Privacy and Quality Security is a top priority for Pactera and our clients. We are proud of our consistent track record of meeting and exceeding customer expectations for security and quality among our facilities, people and processes. Security &Quality ISO 9001 (1st China-based IT services firm to be ISO certified) 1st China-based IT services firm to pass SEI-CMM company-wide Level 5 in 2003 Personal Information Protection Assessment (PIPA) certified in 2009 IAOP (Intl Association of Outsourcing Professionals) Exclusive COP Partner in China Strict leverage of this methodology in daily operations ISO 27001 Certified Since 2006 Pass CMMI Level 5 in 2008 #1 in security infrastructure among Microsoft Offshore Facilities (OFs) worldwide, 2011-12. “Grade A” Microsoft Procurement 2012 ranking in Service Quality & Satisfaction.
Pactera Cybersecurity Services Centers of Excellence (COE) ©Pactera.SECCOEConfidential.AllRightsReserved. 21 Cybersecurity COE is an experienced global team with security expertise to deliver customer centric security services.
Pactera Cybersecurity Services Capabilities ©Pactera.SECCOEConfidential.AllRightsReserved. 22 Why Pactera Cybersecurity Services? Industry Top Security Pros Security Software Partner Asia and U.S. Elite Teams BFSI, Gov, Healthcare, Regulatory Experience Privacy Experience App Sec Training Provider •Improve Threat Prevention, Detection, & Response Capability •Privacy Program Development & Consulting Cybersecurity & Privacy Program Consulting •Reduce Risk by Remediate Threats •SecDevOps (Improve Security in DevOps) Application Vulnerability / Penetration Testing •Reduce Vulnerabilities via Secure Coding Practice Application Secure Coding Practice Training •Manage Security Risks Posed by Suppliers Third-party Supplier Security Risk Management
Client References ©Pactera.SECCOEConfidential.AllRightsReserved. 23 • For major financial institutions - – Performed third-party security assessments, helped suppliers to enhance security and reduce client third-party risk exposure – Performed application security assessments, provided recommendations for remediation to enhance protection – Conducted security vulnerability assessments – Participated in Cybersecurity Incident Response and root cause analysis • For a Fortune 50 software firm - – Perform information security consulting – Application vulnerability assessment and management, regulatory compliance – Ensuring Security Compliance for over 2000 applications through threat modeling, secure code review, vulnerability assessment, privacy compliance processes in agile and DevOps environments • For a major international airline and a leading mobile phone provider - – Perform application vulnerability assessments in agile and DevOps environment – Conduct web and mobile application penetration testing • Ensure security weaknesses are identified and remediated • Prevent leak of sensitive information • For a major member loyalty program management firm – – Perform Data Privacy Governance and ISO 27001 Certification program development – Conduct security assessment, penetration testing / vulnerability assessment – Help the client to attain ISO 27001 certification • For a leading Australian Telco - – Performed IT security maturity assessments and penetration testing service to its newly acquired entity in China – Assist the client to construct a 2 years roadmap to increase the security maturity to the expected level
Q&A Thank You SecurityInfo@Pactera.com www.Pactera.com Kyle Lai CISSP, CSSLP, CISA, CIPP/US/G CISO, Head of Security Services http://Linkedin.com/in/kylelai @KyleOnCyber

Recommended

Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere Cisco Canada
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...Kaspersky
 
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesInfosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesSkybox Security
 
Upgrading Your Firewall? Its Time for an Inline Security Fabric
Upgrading Your Firewall? Its Time for an Inline Security FabricUpgrading Your Firewall? Its Time for an Inline Security Fabric
Upgrading Your Firewall? Its Time for an Inline Security FabricRahul Neel Mani
 
Solar winds supply chain breach - Insights from the trenches
Solar winds supply chain breach - Insights from the trenchesSolar winds supply chain breach - Insights from the trenches
Solar winds supply chain breach - Insights from the trenchesInfosec
 
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...Skycure
 
Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurAnticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurSkybox Security
 

Recommended

Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere Cisco Canada
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...Kaspersky
 
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesInfosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesSkybox Security
 
Upgrading Your Firewall? Its Time for an Inline Security Fabric
Upgrading Your Firewall? Its Time for an Inline Security FabricUpgrading Your Firewall? Its Time for an Inline Security Fabric
Upgrading Your Firewall? Its Time for an Inline Security FabricRahul Neel Mani
 
Solar winds supply chain breach - Insights from the trenches
Solar winds supply chain breach - Insights from the trenchesSolar winds supply chain breach - Insights from the trenches
Solar winds supply chain breach - Insights from the trenchesInfosec
 
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...Skycure
 
Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurAnticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurSkybox Security
 
Application security
Application securityApplication security
Application securityHagar Alaa el-din
 
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky
 
DTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioDTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioShah Sheikh
 
Tools for Evaluating Mobile Threat Defense Solutions
Tools for Evaluating Mobile Threat Defense SolutionsTools for Evaluating Mobile Threat Defense Solutions
Tools for Evaluating Mobile Threat Defense SolutionsSkycure
 
Cisco ThreatGrid: Malware Analysis and Threat Intelligence
Cisco ThreatGrid: Malware Analysis and Threat IntelligenceCisco ThreatGrid: Malware Analysis and Threat Intelligence
Cisco ThreatGrid: Malware Analysis and Threat IntelligenceCisco Canada
 
Three Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security SuperheroThree Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security SuperheroSkycure
 
Threat Exposure Management - Reduce your Risk of a Breach
Threat Exposure Management - Reduce your Risk of a BreachThreat Exposure Management - Reduce your Risk of a Breach
Threat Exposure Management - Reduce your Risk of a BreachRahul Neel Mani
 
Evidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsEvidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsPriyanka Aash
 
Advanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real WorldAdvanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real WorldCisco Canada
 
Supply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy SectorSupply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy SectorKaspersky
 
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?NetEnrich, Inc.
 
Application Security Testing(AST)
Application Security Testing(AST)Application Security Testing(AST)
Application Security Testing(AST)Arvind Bhardwaj [AB]
 
2018 06 Presentation Cloudguard SaaS de Checkpoint
2018 06 Presentation Cloudguard SaaS de Checkpoint 2018 06 Presentation Cloudguard SaaS de Checkpoint
2018 06 Presentation Cloudguard SaaS de Checkpoint e-Xpert Solutions SA
 
The Four Horsemen of Mobile Security
The Four Horsemen of Mobile SecurityThe Four Horsemen of Mobile Security
The Four Horsemen of Mobile SecuritySkycure
 
Kaspersky Lab's Corporate Presentation - our Values, Business, Solutions
Kaspersky Lab's Corporate Presentation - our Values, Business, SolutionsKaspersky Lab's Corporate Presentation - our Values, Business, Solutions
Kaspersky Lab's Corporate Presentation - our Values, Business, SolutionsKaspersky
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Scalar Decisions
 
RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.
RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.
RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.Cristian Garcia G.
 
Application Security Guide for Beginners
Application Security Guide for Beginners Application Security Guide for Beginners
Application Security Guide for Beginners Checkmarx
 
Ivan dragas get ahead of cybercrime
Ivan dragas get ahead of cybercrimeIvan dragas get ahead of cybercrime
Ivan dragas get ahead of cybercrimeDejan Jeremic
 
Outlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityOutlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityMastel Indonesia
 
My presentation to iCERT in Orlando Florida 10/26/14
My presentation to iCERT in Orlando Florida 10/26/14My presentation to iCERT in Orlando Florida 10/26/14
My presentation to iCERT in Orlando Florida 10/26/14Mark Fletcher, ENP
 
Whois - Addressing the Asia Pacifc
Whois - Addressing the Asia PacifcWhois - Addressing the Asia Pacifc
Whois - Addressing the Asia PacifcAPNIC
 

More Related Content

What's hot

Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky
 
DTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioDTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioShah Sheikh
 
Tools for Evaluating Mobile Threat Defense Solutions
Tools for Evaluating Mobile Threat Defense SolutionsTools for Evaluating Mobile Threat Defense Solutions
Tools for Evaluating Mobile Threat Defense SolutionsSkycure
 
Cisco ThreatGrid: Malware Analysis and Threat Intelligence
Cisco ThreatGrid: Malware Analysis and Threat IntelligenceCisco ThreatGrid: Malware Analysis and Threat Intelligence
Cisco ThreatGrid: Malware Analysis and Threat IntelligenceCisco Canada
 
Three Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security SuperheroThree Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security SuperheroSkycure
 
Threat Exposure Management - Reduce your Risk of a Breach
Threat Exposure Management - Reduce your Risk of a BreachThreat Exposure Management - Reduce your Risk of a Breach
Threat Exposure Management - Reduce your Risk of a BreachRahul Neel Mani
 
Evidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsEvidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsPriyanka Aash
 
Advanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real WorldAdvanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real WorldCisco Canada
 
Supply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy SectorSupply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy SectorKaspersky
 
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?NetEnrich, Inc.
 
2018 06 Presentation Cloudguard SaaS de Checkpoint
2018 06 Presentation Cloudguard SaaS de Checkpoint 2018 06 Presentation Cloudguard SaaS de Checkpoint
2018 06 Presentation Cloudguard SaaS de Checkpoint e-Xpert Solutions SA
 
The Four Horsemen of Mobile Security
The Four Horsemen of Mobile SecurityThe Four Horsemen of Mobile Security
The Four Horsemen of Mobile SecuritySkycure
 
Kaspersky Lab's Corporate Presentation - our Values, Business, Solutions
Kaspersky Lab's Corporate Presentation - our Values, Business, SolutionsKaspersky Lab's Corporate Presentation - our Values, Business, Solutions
Kaspersky Lab's Corporate Presentation - our Values, Business, SolutionsKaspersky
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Scalar Decisions
 
RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.
RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.
RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.Cristian Garcia G.
 
Application Security Guide for Beginners
Application Security Guide for Beginners Application Security Guide for Beginners
Application Security Guide for Beginners Checkmarx
 
Ivan dragas get ahead of cybercrime
Ivan dragas get ahead of cybercrimeIvan dragas get ahead of cybercrime
Ivan dragas get ahead of cybercrimeDejan Jeremic
 

What's hot (19)

Application security
Application securityApplication security
Application security
 
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
 
DTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioDTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services Portfolio
 
Tools for Evaluating Mobile Threat Defense Solutions
Tools for Evaluating Mobile Threat Defense SolutionsTools for Evaluating Mobile Threat Defense Solutions
Tools for Evaluating Mobile Threat Defense Solutions
 
Cisco ThreatGrid: Malware Analysis and Threat Intelligence
Cisco ThreatGrid: Malware Analysis and Threat IntelligenceCisco ThreatGrid: Malware Analysis and Threat Intelligence
Cisco ThreatGrid: Malware Analysis and Threat Intelligence
 
Three Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security SuperheroThree Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security Superhero
 
Threat Exposure Management - Reduce your Risk of a Breach
Threat Exposure Management - Reduce your Risk of a BreachThreat Exposure Management - Reduce your Risk of a Breach
Threat Exposure Management - Reduce your Risk of a Breach
 
Evidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsEvidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five Controls
 
Advanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real WorldAdvanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real World
 
Supply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy SectorSupply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy Sector
 
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
 
Application Security Testing(AST)
Application Security Testing(AST)Application Security Testing(AST)
Application Security Testing(AST)
 
2018 06 Presentation Cloudguard SaaS de Checkpoint
2018 06 Presentation Cloudguard SaaS de Checkpoint 2018 06 Presentation Cloudguard SaaS de Checkpoint
2018 06 Presentation Cloudguard SaaS de Checkpoint
 
The Four Horsemen of Mobile Security
The Four Horsemen of Mobile SecurityThe Four Horsemen of Mobile Security
The Four Horsemen of Mobile Security
 
Kaspersky Lab's Corporate Presentation - our Values, Business, Solutions
Kaspersky Lab's Corporate Presentation - our Values, Business, SolutionsKaspersky Lab's Corporate Presentation - our Values, Business, Solutions
Kaspersky Lab's Corporate Presentation - our Values, Business, Solutions
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
 
RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.
RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.
RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.
 
Application Security Guide for Beginners
Application Security Guide for Beginners Application Security Guide for Beginners
Application Security Guide for Beginners
 
Ivan dragas get ahead of cybercrime
Ivan dragas get ahead of cybercrimeIvan dragas get ahead of cybercrime
Ivan dragas get ahead of cybercrime
 

Viewers also liked

Outlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityOutlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityMastel Indonesia
 
My presentation to iCERT in Orlando Florida 10/26/14
My presentation to iCERT in Orlando Florida 10/26/14My presentation to iCERT in Orlando Florida 10/26/14
My presentation to iCERT in Orlando Florida 10/26/14Mark Fletcher, ENP
 
Whois - Addressing the Asia Pacifc
Whois - Addressing the Asia PacifcWhois - Addressing the Asia Pacifc
Whois - Addressing the Asia PacifcAPNIC
 
Analytics That Drive The Value Of Content
Analytics That Drive The Value Of Content Analytics That Drive The Value Of Content
Analytics That Drive The Value Of Content Pajama Program
 
2016 Cybersecurity Predictions for Asia Pacific from Palo Alto Networks VP, C...
2016 Cybersecurity Predictions for Asia Pacific from Palo Alto Networks VP, C...2016 Cybersecurity Predictions for Asia Pacific from Palo Alto Networks VP, C...
2016 Cybersecurity Predictions for Asia Pacific from Palo Alto Networks VP, C...PaloAltoNetworks
 
Enhancing security incident response capabilities in the AP
Enhancing security incident response capabilities in the AP Enhancing security incident response capabilities in the AP
Enhancing security incident response capabilities in the AP APNIC
 
Dell SecureWorks Sale Meeting Presentation
Dell SecureWorks Sale Meeting PresentationDell SecureWorks Sale Meeting Presentation
Dell SecureWorks Sale Meeting PresentationErwin Carrow
 
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...Albert Hui
 
NoSQL, no security?
NoSQL, no security?NoSQL, no security?
NoSQL, no security?wurbanski
 
Network Security Trends for 2016: Taking Security to the Next Level
Network Security Trends for 2016: Taking Security to the Next LevelNetwork Security Trends for 2016: Taking Security to the Next Level
Network Security Trends for 2016: Taking Security to the Next LevelSkybox Security
 
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...Knowledge Group
 
MT 70 The New Era of Incident Response Planning
MT 70 The New Era of Incident Response PlanningMT 70 The New Era of Incident Response Planning
MT 70 The New Era of Incident Response PlanningDell EMC World
 
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached Dell EMC World
 
Ht seminar uniten-cyber security threat landscape
Ht seminar uniten-cyber security threat landscapeHt seminar uniten-cyber security threat landscape
Ht seminar uniten-cyber security threat landscapeHaris Tahir
 
CSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew RosenquistCSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew RosenquistMatthew Rosenquist
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Imperva
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Cyberthreat Defense Report 2017 by Impreva
Cyberthreat Defense Report 2017 by ImprevaCyberthreat Defense Report 2017 by Impreva
Cyberthreat Defense Report 2017 by ImprevaGhader Ahmadi
 

Viewers also liked (19)

Outlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityOutlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber Security
 
My presentation to iCERT in Orlando Florida 10/26/14
My presentation to iCERT in Orlando Florida 10/26/14My presentation to iCERT in Orlando Florida 10/26/14
My presentation to iCERT in Orlando Florida 10/26/14
 
Whois - Addressing the Asia Pacifc
Whois - Addressing the Asia PacifcWhois - Addressing the Asia Pacifc
Whois - Addressing the Asia Pacifc
 
Analytics That Drive The Value Of Content
Analytics That Drive The Value Of Content Analytics That Drive The Value Of Content
Analytics That Drive The Value Of Content
 
2016 Cybersecurity Predictions for Asia Pacific from Palo Alto Networks VP, C...
2016 Cybersecurity Predictions for Asia Pacific from Palo Alto Networks VP, C...2016 Cybersecurity Predictions for Asia Pacific from Palo Alto Networks VP, C...
2016 Cybersecurity Predictions for Asia Pacific from Palo Alto Networks VP, C...
 
Enhancing security incident response capabilities in the AP
Enhancing security incident response capabilities in the AP Enhancing security incident response capabilities in the AP
Enhancing security incident response capabilities in the AP
 
Dell SecureWorks Sale Meeting Presentation
Dell SecureWorks Sale Meeting PresentationDell SecureWorks Sale Meeting Presentation
Dell SecureWorks Sale Meeting Presentation
 
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
 
NoSQL, no security?
NoSQL, no security?NoSQL, no security?
NoSQL, no security?
 
Network Security Trends for 2016: Taking Security to the Next Level
Network Security Trends for 2016: Taking Security to the Next LevelNetwork Security Trends for 2016: Taking Security to the Next Level
Network Security Trends for 2016: Taking Security to the Next Level
 
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
 
MT 70 The New Era of Incident Response Planning
MT 70 The New Era of Incident Response PlanningMT 70 The New Era of Incident Response Planning
MT 70 The New Era of Incident Response Planning
 
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
 
2016 Trends in Security
2016 Trends in Security 2016 Trends in Security
2016 Trends in Security
 
Ht seminar uniten-cyber security threat landscape
Ht seminar uniten-cyber security threat landscapeHt seminar uniten-cyber security threat landscape
Ht seminar uniten-cyber security threat landscape
 
CSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew RosenquistCSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew Rosenquist
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
Cyberthreat Defense Report 2017 by Impreva
Cyberthreat Defense Report 2017 by ImprevaCyberthreat Defense Report 2017 by Impreva
Cyberthreat Defense Report 2017 by Impreva
 

Similar to Pactera - Cloud, Application, Cyber Security Trend 2016

Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptxEmphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptxlior mazor
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Decisions
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Decisions
 
Driving Risks Out of Embedded Automotive Software
Driving Risks Out of Embedded Automotive SoftwareDriving Risks Out of Embedded Automotive Software
Driving Risks Out of Embedded Automotive SoftwareParasoft
 
Transform Your Cloud Validation Strategy from Cloudy to Clear
Transform Your Cloud Validation Strategy from Cloudy to ClearTransform Your Cloud Validation Strategy from Cloudy to Clear
Transform Your Cloud Validation Strategy from Cloudy to ClearTechWell
 
CompTIA PenTest+: Everything you need to know about the exam
CompTIA PenTest+: Everything you need to know about the examCompTIA PenTest+: Everything you need to know about the exam
CompTIA PenTest+: Everything you need to know about the examInfosec
 
10 Reasons Why Smart Organizations are Moving to Cloud BI
10 Reasons Why Smart Organizations are Moving to Cloud BI10 Reasons Why Smart Organizations are Moving to Cloud BI
10 Reasons Why Smart Organizations are Moving to Cloud BIGoodData
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec
 
Achieving Hi-Fidelity Security by Combining Packet and Endpoint Data
Achieving Hi-Fidelity Security by Combining Packet and Endpoint DataAchieving Hi-Fidelity Security by Combining Packet and Endpoint Data
Achieving Hi-Fidelity Security by Combining Packet and Endpoint DataEnterprise Management Associates
 
Application Security - Dont leave your AppSec for the last moment Meetup 2104...
Application Security - Dont leave your AppSec for the last moment Meetup 2104...Application Security - Dont leave your AppSec for the last moment Meetup 2104...
Application Security - Dont leave your AppSec for the last moment Meetup 2104...lior mazor
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxYoisRoberthTapiadeLa
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxVictoriaChavesta
 
Protect Against Security Breaches by Securing Endpoints with Multi-Factor Aut...
Protect Against Security Breaches by Securing Endpoints with Multi-Factor Aut...Protect Against Security Breaches by Securing Endpoints with Multi-Factor Aut...
Protect Against Security Breaches by Securing Endpoints with Multi-Factor Aut...CA Technologies
 
Scalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Decisions
 
2023 State of the API Report: Key Findings and Trends
2023 State of the API Report: Key Findings and Trends2023 State of the API Report: Key Findings and Trends
2023 State of the API Report: Key Findings and TrendsPostman
 
apidays Australia 2023 - 2023 State of the API Report, Jordan Walsh, Postman
apidays Australia 2023 - 2023 State of the API Report, Jordan Walsh, Postmanapidays Australia 2023 - 2023 State of the API Report, Jordan Walsh, Postman
apidays Australia 2023 - 2023 State of the API Report, Jordan Walsh, Postmanapidays
 
Enterprise under attack dealing with security threats and compliance
Enterprise under attack dealing with security threats and complianceEnterprise under attack dealing with security threats and compliance
Enterprise under attack dealing with security threats and complianceSPAN Infotech (India) Pvt Ltd
 
Best Practices for Building Scalable Visibility Architectures
Best Practices for Building Scalable Visibility ArchitecturesBest Practices for Building Scalable Visibility Architectures
Best Practices for Building Scalable Visibility ArchitecturesEnterprise Management Associates
 
Veracode Corporate Overview - Print
Veracode Corporate Overview - PrintVeracode Corporate Overview - Print
Veracode Corporate Overview - PrintAndrew Kanikuru
 
Scalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto PresentationScalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto PresentationScalar Decisions
 

Similar to Pactera - Cloud, Application, Cyber Security Trend 2016 (20)

Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptxEmphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver Presentation
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary Presentation
 
Driving Risks Out of Embedded Automotive Software
Driving Risks Out of Embedded Automotive SoftwareDriving Risks Out of Embedded Automotive Software
Driving Risks Out of Embedded Automotive Software
 
Transform Your Cloud Validation Strategy from Cloudy to Clear
Transform Your Cloud Validation Strategy from Cloudy to ClearTransform Your Cloud Validation Strategy from Cloudy to Clear
Transform Your Cloud Validation Strategy from Cloudy to Clear
 
CompTIA PenTest+: Everything you need to know about the exam
CompTIA PenTest+: Everything you need to know about the examCompTIA PenTest+: Everything you need to know about the exam
CompTIA PenTest+: Everything you need to know about the exam
 
10 Reasons Why Smart Organizations are Moving to Cloud BI
10 Reasons Why Smart Organizations are Moving to Cloud BI10 Reasons Why Smart Organizations are Moving to Cloud BI
10 Reasons Why Smart Organizations are Moving to Cloud BI
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
 
Achieving Hi-Fidelity Security by Combining Packet and Endpoint Data
Achieving Hi-Fidelity Security by Combining Packet and Endpoint DataAchieving Hi-Fidelity Security by Combining Packet and Endpoint Data
Achieving Hi-Fidelity Security by Combining Packet and Endpoint Data
 
Application Security - Dont leave your AppSec for the last moment Meetup 2104...
Application Security - Dont leave your AppSec for the last moment Meetup 2104...Application Security - Dont leave your AppSec for the last moment Meetup 2104...
Application Security - Dont leave your AppSec for the last moment Meetup 2104...
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
 
Protect Against Security Breaches by Securing Endpoints with Multi-Factor Aut...
Protect Against Security Breaches by Securing Endpoints with Multi-Factor Aut...Protect Against Security Breaches by Securing Endpoints with Multi-Factor Aut...
Protect Against Security Breaches by Securing Endpoints with Multi-Factor Aut...
 
Scalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa Presentation
 
2023 State of the API Report: Key Findings and Trends
2023 State of the API Report: Key Findings and Trends2023 State of the API Report: Key Findings and Trends
2023 State of the API Report: Key Findings and Trends
 
apidays Australia 2023 - 2023 State of the API Report, Jordan Walsh, Postman
apidays Australia 2023 - 2023 State of the API Report, Jordan Walsh, Postmanapidays Australia 2023 - 2023 State of the API Report, Jordan Walsh, Postman
apidays Australia 2023 - 2023 State of the API Report, Jordan Walsh, Postman
 
Enterprise under attack dealing with security threats and compliance
Enterprise under attack dealing with security threats and complianceEnterprise under attack dealing with security threats and compliance
Enterprise under attack dealing with security threats and compliance
 
Best Practices for Building Scalable Visibility Architectures
Best Practices for Building Scalable Visibility ArchitecturesBest Practices for Building Scalable Visibility Architectures
Best Practices for Building Scalable Visibility Architectures
 
Veracode Corporate Overview - Print
Veracode Corporate Overview - PrintVeracode Corporate Overview - Print
Veracode Corporate Overview - Print
 
Scalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto PresentationScalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto Presentation
 

More from Kyle Lai

Isaca app sec presentation - v3
Isaca app sec presentation - v3Isaca app sec presentation - v3
Isaca app sec presentation - v3Kyle Lai
 
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2Kyle Lai
 
Whitepaper - Cybersecurity Threats for Treasure and Payment Mgmt Systems
Whitepaper - Cybersecurity Threats for Treasure and Payment Mgmt SystemsWhitepaper - Cybersecurity Threats for Treasure and Payment Mgmt Systems
Whitepaper - Cybersecurity Threats for Treasure and Payment Mgmt SystemsKyle Lai
 
Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...
Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...
Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...Kyle Lai
 
Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2Kyle Lai
 
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04Kyle Lai
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04Kyle Lai
 

More from Kyle Lai (7)

Isaca app sec presentation - v3
Isaca app sec presentation - v3Isaca app sec presentation - v3
Isaca app sec presentation - v3
 
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
 
Whitepaper - Cybersecurity Threats for Treasure and Payment Mgmt Systems
Whitepaper - Cybersecurity Threats for Treasure and Payment Mgmt SystemsWhitepaper - Cybersecurity Threats for Treasure and Payment Mgmt Systems
Whitepaper - Cybersecurity Threats for Treasure and Payment Mgmt Systems
 
Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...
Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...
Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...
 
Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2
 
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04
 

Pactera - Cloud, Application, Cyber Security Trend 2016

  • 1. 1© Pactera. Confidential. All Rights Reserved. Cybersecurity & Application Security Trend Pactera Cybersecurity Services August, 2016
  • 2. ©Pactera.Confidential.AllRightsReserved. 2 Agenda  Application Security Trend  Cloud Security Trend  DevOps Security (SecDevOps) Trend  Introduce Pactera Cybersecurity Services
  • 3. ©Pactera.Confidential.AllRightsReserved. 3 Application Security Survey 38% have a "maturing" Application Security program 40% have documented approaches and policies to which third-party software vendors must adhere 41% named public-facing web applications as the leading cause of breaches Source: SANS 2016 Application Security Survey - 475 respondents
  • 4. ©Pactera.Confidential.AllRightsReserved. 4 Critical Vulnerabilities Caused by Coding Issues 38% Source: SANS 2016 Application Security Survey
  • 5. ©Pactera.Confidential.AllRightsReserved. 5 Time to Patch Critical Application Vulnerabilities Source: SANS 2016 Application Security Survey
  • 6. ©Pactera.Confidential.AllRightsReserved. 6 Maturity of Application Security Programs from Survey 62.8% Source: SANS 2016 Application Security Survey
  • 7. ©Pactera.Confidential.AllRightsReserved. 7 Top Application Security Concerns Source: SANS 2016 Application Security Survey 1. Lack of application security skills, tools, and methods 2. Lack of funding and management buy-in 3. Silos between security, development and business units 4. Identifying all applications in the portfolio 5. Fear of modifying production code (might “break the app”)
  • 8. ©Pactera.Confidential.AllRightsReserved. 8 Top Application Security Processes and Controls in Place Source: SANS 2016 Application Security Survey Most bang for the buck! 1. Train developers on application security 2. Perform periodic vulnerability scanning 3. Inventory and assess all applications 4. Commission penetration testing by a third-party 5. Use Internal Penetration Testing 6. Incorporate continuous vulnerability scanning (dynamic scanning)
  • 9. ©Pactera.Confidential.AllRightsReserved. 9 Application Security: Distribution of Malicious Attacks Attack Types: DT, HTTP, RFI, Spam, SQLi, and XSS attacks Source: 2016 Imperva Web Application Attack Report Ed. 6 2.5 times more Cross-Site Scripting attacks 3 times more SQL Injection attacks 3 out of 4 applications were targeted
  • 10. ©Pactera.Confidential.AllRightsReserved. 10 Cloud Adoption Source: CloudPassage 2016 Security Survey Report 79% of respondents are either in planning or trial stages, currently implementing or in active production cloud environments
  • 11. ©Pactera.Confidential.AllRightsReserved. 11 Top Cloud Service Delivery and Providers Source: CloudPassage 2016 Security Survey Report
  • 12. ©Pactera.Confidential.AllRightsReserved. 12 BARRIERS TO CLOUD ADOPTION Source: CloudPassage 2016 Security Survey Report
  • 14. ©Pactera.Confidential.AllRightsReserved. 14 Biggest Security Threats in Public Cloud Source: CloudPassage 2016 Security Survey Report
  • 15. ©Pactera.Confidential.AllRightsReserved. 15 Top Cloud Security Concerns Source: CloudPassage 2016 Security Survey Report
  • 16. ©Pactera.Confidential.AllRightsReserved. 16 DevOps Security (SecDevOps) - Pay Attention to Security Conducting a security review process for all major features but not slow down development Integrating security testing & controls into SDLC - Dev, QA & Ops (include design review, demo review, demo feedback) Security is an integral part of continuous delivery High performers spend 50% less time remediating security issues Automate security testing process to include testing the security requirements App Security group made pre-approved, easy to use libraries, packages, toolchains, processes for developers and IT Ops to use 2016 State of DevOps Report – by Puppet + DORA Results:
  • 17. ©Pactera.Confidential.AllRightsReserved. 17 DevOps Security (SecDevOps) – continues. 2016 State of DevOps Report – by Puppet + DORA • Security is an integral part of continuous delivery • High performers spend 50% less time remediating security issues
  • 19. ©Pactera.Confidential.AllRightsReserved. 19Who’s Pactera - Serving Top Global Brands Across Key Industries BFSI Technology Telecom Manufacturing & Retail Others North America & EU 42% Greater China 47% Asia Pacific 11% 35% 43% 8% 12% 2% Source: Pactera, 2015 estimated revenue data
  • 20. ©Pactera.Confidential.AllRightsReserved. 20Pactera: Exceptional Record of Security, Privacy and Quality Security is a top priority for Pactera and our clients. We are proud of our consistent track record of meeting and exceeding customer expectations for security and quality among our facilities, people and processes. Security &Quality ISO 9001 (1st China-based IT services firm to be ISO certified) 1st China-based IT services firm to pass SEI-CMM company-wide Level 5 in 2003 Personal Information Protection Assessment (PIPA) certified in 2009 IAOP (Intl Association of Outsourcing Professionals) Exclusive COP Partner in China Strict leverage of this methodology in daily operations ISO 27001 Certified Since 2006 Pass CMMI Level 5 in 2008 #1 in security infrastructure among Microsoft Offshore Facilities (OFs) worldwide, 2011-12. “Grade A” Microsoft Procurement 2012 ranking in Service Quality & Satisfaction.
  • 21. Pactera Cybersecurity Services Centers of Excellence (COE) ©Pactera.SECCOEConfidential.AllRightsReserved. 21 Cybersecurity COE is an experienced global team with security expertise to deliver customer centric security services.
  • 22. Pactera Cybersecurity Services Capabilities ©Pactera.SECCOEConfidential.AllRightsReserved. 22 Why Pactera Cybersecurity Services? Industry Top Security Pros Security Software Partner Asia and U.S. Elite Teams BFSI, Gov, Healthcare, Regulatory Experience Privacy Experience App Sec Training Provider •Improve Threat Prevention, Detection, & Response Capability •Privacy Program Development & Consulting Cybersecurity & Privacy Program Consulting •Reduce Risk by Remediate Threats •SecDevOps (Improve Security in DevOps) Application Vulnerability / Penetration Testing •Reduce Vulnerabilities via Secure Coding Practice Application Secure Coding Practice Training •Manage Security Risks Posed by Suppliers Third-party Supplier Security Risk Management
  • 23. Client References ©Pactera.SECCOEConfidential.AllRightsReserved. 23 • For major financial institutions - – Performed third-party security assessments, helped suppliers to enhance security and reduce client third-party risk exposure – Performed application security assessments, provided recommendations for remediation to enhance protection – Conducted security vulnerability assessments – Participated in Cybersecurity Incident Response and root cause analysis • For a Fortune 50 software firm - – Perform information security consulting – Application vulnerability assessment and management, regulatory compliance – Ensuring Security Compliance for over 2000 applications through threat modeling, secure code review, vulnerability assessment, privacy compliance processes in agile and DevOps environments • For a major international airline and a leading mobile phone provider - – Perform application vulnerability assessments in agile and DevOps environment – Conduct web and mobile application penetration testing • Ensure security weaknesses are identified and remediated • Prevent leak of sensitive information • For a major member loyalty program management firm – – Perform Data Privacy Governance and ISO 27001 Certification program development – Conduct security assessment, penetration testing / vulnerability assessment – Help the client to attain ISO 27001 certification • For a leading Australian Telco - – Performed IT security maturity assessments and penetration testing service to its newly acquired entity in China – Assist the client to construct a 2 years roadmap to increase the security maturity to the expected level
  • 24. Q&A Thank You SecurityInfo@Pactera.com www.Pactera.com Kyle Lai CISSP, CSSLP, CISA, CIPP/US/G CISO, Head of Security Services http://Linkedin.com/in/kylelai @KyleOnCyber