SlideShare a Scribd company logo

Don’t WannaCry? Here’s How to Stop Those Ransomware Blues

Synopsys Software Integrity Group
Synopsys Software Integrity Group

This document discusses the WannaCry ransomware attack of May 2017. It provides an overview of how WannaCry worked, including that it infected over 300,000 Windows machines worldwide by encrypting their contents until a ransom was paid in bitcoin. It spread using vulnerabilities in Microsoft SMB and EternalBlue/DoublePulsar exploits. The document advocates for securing networks and applications to manage risks from these types of attacks and focuses on quality and security practices across the software development lifecycle.

Software
1 of 20
Download to read offline
© 2017 Synopsys, Inc. 1 Don’t WannaCry? How Stop Those Ransomware Blues Robert Vamosi CISSP, Security Strategist, Synopsys Steve Cohen, Product Marketing Manager, Synopsys
© 2017 Synopsys, Inc. 2 Robert Vamosi Steven Cohen Security Strategist at Synopsys Product Marketing Manager at Synopsys
© 2017 Synopsys, Inc. 3 WannaCry Ransomware: An Overview
© 2017 Synopsys, Inc. 4 Confidential The WannaCry Pandemic • Infected 300,000 Windows machines worldwide at its peak (May 12, 2017). • Encrypted contents of compromised Windows machines until a ransom was paid via BitCoin.
© 2017 Synopsys, Inc. 5 Confidential How does WannaCry work? • Encrypts the contents of a compromised machine. • Uses a private key/public key. • Once ransom is paid, unlocks contents with the private key.
© 2017 Synopsys, Inc. 6 Confidential What is WannaCry? A computer worm
© 2017 Synopsys, Inc. 7 Confidential Classic computer worms Examples include: • Morris worm (1988) • ILOVEYOU (2000) • Code Red (2001) • SQLSlammer (2003) • MSBlaster (2005)
© 2017 Synopsys, Inc. 8 Confidential Securing the Network Layer
© 2017 Synopsys, Inc. 9 Confidential Who is affected? •Mostly Windows 7 systems that have not installed the MS17-010 update •Potentially all Windows systems that have not installed the MS17- 010 update
© 2017 Synopsys, Inc. 10 Confidential How does WannaCry spread? •Uses a vulnerability in Microsoft SMB (now patched MS17-010) •Uses an exploit called EternalBlue to establish a remote access •Uses an exploit called DoublePulsar to download ransomware package
© 2017 Synopsys, Inc. 11 Confidential Securing the Application layer
© 2017 Synopsys, Inc. 12 Confidential Managing risk by focusing on quality and security Risk Mgmt. Software Quality Software Security Other
© 2017 Synopsys, Inc. 13 Confidential Penetrate and then pivot across attack surfaces WannaCry demonstrates how incredibly important it is for firms to focus on their network attack surface, and to extend that same rigor to their software attack surface to avoid unnecessary risk.
© 2017 Synopsys, Inc. 14 Confidential The evolving landscape of software development Embedded devices Cloud (private, hybrid, public) Languages, open source and frameworks New tech stacks and attack surfaces Agile, DevOpsSec, CI/CD Fit into toolchain eco-systems Automation through toolchain integration New development philosophies and approaches Comprehensive view into risk Accuracy and speed of quality defects and security vulnerability feedback Focus Lack visibility into evolving application portfolio Align with workflow timeframes Security as a core component of quality Testing coverage and depth Changing testing demands
© 2017 Synopsys, Inc. 15 Confidential Comprehensive portfolio to manage risk Program Design and Development Define, implement and measure a SSI to reflect your evolving development and deployment environments Managing Risk Across your SDLC with Diverse Products Build in security and quality through automation at every step during development and across the supply chain Managed Services Offerings Get the testing capacity you need, at the depth you need, to rapidly respond to changing testing requirements and evolving threats Professional Services Offerings Adopt quality and security best practices, tools, and strategies to your technology stack Education Offerings Prepares developers and security professionals to build security and quality into their software development process and remediate found vulnerabilities and defects
© 2017 Synopsys, Inc. 16 Confidential Improving the quality and security of your SDLC
© 2017 Synopsys, Inc. 17 Confidential Complete support across your SDLC REQUIREMENTS & DESIGN Architecture Risk Analysis Security Code Design Analysis Threat Modeling TRAINING Core Security Training Secure Coding Training eLearning SAST (IDE) SAST (Build) SCA (Source) IAST IMPLEMENTATION SAST (Managed) Fuzz Testing SCA (Binary) Mobile Testing VERIFICATION DAST (Managed) Pen Testing Network Pen Testing RELEASE Agile DevOpsCI/CD ANY DEVELOPMENT APPROACH ANY DEPLOYMENT ENVIRONMENT Embedded Cloud Mobile
© 2017 Synopsys, Inc. 18 Confidential Address changing risk management requirements Any test… SAST, DAST, IAST, Source Code Analysis, business logic testing …on any software… Web, mobile, legacy, cloud, IoT, embedded systems ...at any depth... From fully automated to comprehensive manual testing ...with complete flexibility... On-premises, managed services or a blend of both to cover your entire portfolio ...at any stage in the SDLC… Architecture and design to real-time in the IDE to production application testing …with services and programs
© 2017 Synopsys, Inc. 19 Confidential Q&A
Thank You

Recommended

Accelerating Incident Response in Organizations of Any Size
Accelerating Incident Response in Organizations of Any SizeAccelerating Incident Response in Organizations of Any Size
Accelerating Incident Response in Organizations of Any SizeCisco Canada
 
Open Source Security at Scale- The DevOps Challenge 
Open Source Security at Scale- The DevOps Challenge Open Source Security at Scale- The DevOps Challenge 
Open Source Security at Scale- The DevOps Challenge WhiteSource
 
Acronis True Image 3rd Party Speed & Ransomware Tests, Apr 2017 from MRG Effitas
Acronis True Image 3rd Party Speed & Ransomware Tests, Apr 2017 from MRG EffitasAcronis True Image 3rd Party Speed & Ransomware Tests, Apr 2017 from MRG Effitas
Acronis True Image 3rd Party Speed & Ransomware Tests, Apr 2017 from MRG EffitasAcronis
 
Securing the Web with the Crowd
Securing the Web with the CrowdSecuring the Web with the Crowd
Securing the Web with the CrowdCrowdsourcing Week
 
Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...
Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...
Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...NetworkCollaborators
 
Keynote Opensource
Keynote OpensourceKeynote Opensource
Keynote OpensourceMicrosoft
 
Why does security matter for devops by Caroline Wong
Why does security matter for devops by Caroline WongWhy does security matter for devops by Caroline Wong
Why does security matter for devops by Caroline WongDevSecCon
 
Elastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElasticsearch
 

Recommended

Accelerating Incident Response in Organizations of Any Size
Accelerating Incident Response in Organizations of Any SizeAccelerating Incident Response in Organizations of Any Size
Accelerating Incident Response in Organizations of Any SizeCisco Canada
 
Open Source Security at Scale- The DevOps Challenge 
Open Source Security at Scale- The DevOps Challenge Open Source Security at Scale- The DevOps Challenge 
Open Source Security at Scale- The DevOps Challenge WhiteSource
 
Acronis True Image 3rd Party Speed & Ransomware Tests, Apr 2017 from MRG Effitas
Acronis True Image 3rd Party Speed & Ransomware Tests, Apr 2017 from MRG EffitasAcronis True Image 3rd Party Speed & Ransomware Tests, Apr 2017 from MRG Effitas
Acronis True Image 3rd Party Speed & Ransomware Tests, Apr 2017 from MRG EffitasAcronis
 
Securing the Web with the Crowd
Securing the Web with the CrowdSecuring the Web with the Crowd
Securing the Web with the CrowdCrowdsourcing Week
 
Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...
Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...
Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...NetworkCollaborators
 
Keynote Opensource
Keynote OpensourceKeynote Opensource
Keynote OpensourceMicrosoft
 
Why does security matter for devops by Caroline Wong
Why does security matter for devops by Caroline WongWhy does security matter for devops by Caroline Wong
Why does security matter for devops by Caroline WongDevSecCon
 
Elastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElasticsearch
 
Elastic Security: Protección empresarial basada en Elastic Stack
Elastic Security: Protección empresarial basada en Elastic StackElastic Security: Protección empresarial basada en Elastic Stack
Elastic Security: Protección empresarial basada en Elastic StackElasticsearch
 
Infosec Europe 2017 Highlights | Lastline, Inc.
Infosec Europe 2017 Highlights | Lastline, Inc.Infosec Europe 2017 Highlights | Lastline, Inc.
Infosec Europe 2017 Highlights | Lastline, Inc.Lastline, Inc.
 
Elastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElasticsearch
 
LF_APIStrat17_Practical DevSecOps for APIs
LF_APIStrat17_Practical DevSecOps for APIsLF_APIStrat17_Practical DevSecOps for APIs
LF_APIStrat17_Practical DevSecOps for APIsLF_APIStrat
 
Continuous Security
Continuous SecurityContinuous Security
Continuous SecurityEqual Experts
 
Getting to Know Security and Devs: Keys to Successful DevSecOps
Getting to Know Security and Devs: Keys to Successful DevSecOpsGetting to Know Security and Devs: Keys to Successful DevSecOps
Getting to Know Security and Devs: Keys to Successful DevSecOpsFranklin Mosley
 
SAFE_Presentation
SAFE_PresentationSAFE_Presentation
SAFE_PresentationAl Corbi
 
ІЛЛЯ ЛУБЕНЕЦЬ «DevSecOps наступний етап розвитку DevOps» GO DevOps
ІЛЛЯ ЛУБЕНЕЦЬ «DevSecOps наступний етап розвитку DevOps» GO DevOpsІЛЛЯ ЛУБЕНЕЦЬ «DevSecOps наступний етап розвитку DevOps» GO DevOps
ІЛЛЯ ЛУБЕНЕЦЬ «DevSecOps наступний етап розвитку DevOps» GO DevOpsUA DevOps Conference
 
Tapping Hackers for Continuous Security: That's Hacker-Powered Security
Tapping Hackers for Continuous Security: That's Hacker-Powered SecurityTapping Hackers for Continuous Security: That's Hacker-Powered Security
Tapping Hackers for Continuous Security: That's Hacker-Powered SecurityHackerOne
 
CactusCon 2018 - Anatomy of an AppSec Program
CactusCon 2018 - Anatomy of an AppSec Program CactusCon 2018 - Anatomy of an AppSec Program
CactusCon 2018 - Anatomy of an AppSec Program Bishop Fox
 
KACE End Point Security Update
KACE End Point Security UpdateKACE End Point Security Update
KACE End Point Security Updatekenross15
 
Cyber Security Testing
Cyber Security TestingCyber Security Testing
Cyber Security TestingPECB
 
ITAM AUS 2017 Harnessing the power of SAM Intelligence for Cyber Security
ITAM AUS 2017 Harnessing the power of SAM Intelligence for Cyber SecurityITAM AUS 2017 Harnessing the power of SAM Intelligence for Cyber Security
ITAM AUS 2017 Harnessing the power of SAM Intelligence for Cyber SecurityMartin Thompson
 
Security Consulting Services
Security Consulting ServicesSecurity Consulting Services
Security Consulting ServicesePlus
 
The New Normal: Managing the constant stream of new vulnerabilities
The New Normal: Managing the constant stream of new vulnerabilitiesThe New Normal: Managing the constant stream of new vulnerabilities
The New Normal: Managing the constant stream of new vulnerabilitiesMajor Hayden
 
week6
week6week6
week6ym
 
The 7 Rules of IT Disaster Recovery by Acronis
The 7 Rules of IT Disaster Recovery by AcronisThe 7 Rules of IT Disaster Recovery by Acronis
The 7 Rules of IT Disaster Recovery by AcronisAcronis
 
Security it trans
Security it transSecurity it trans
Security it transPrasad Shevate
 
RSA Conference 2019 Survey Results
RSA Conference 2019 Survey Results RSA Conference 2019 Survey Results
RSA Conference 2019 Survey Results Synopsys Software Integrity Group
 
Once Upon A Time in Application Security land...A true story of how applicati...
Once Upon A Time in Application Security land...A true story of how applicati...Once Upon A Time in Application Security land...A true story of how applicati...
Once Upon A Time in Application Security land...A true story of how applicati...Debbie Rosen
 
How to get the best out of DevSecOps - a security perspective
How to get the best out of DevSecOps - a security perspectiveHow to get the best out of DevSecOps - a security perspective
How to get the best out of DevSecOps - a security perspectiveColin Domoney
 
Découvrez le Rugged DevOps
Découvrez le Rugged DevOpsDécouvrez le Rugged DevOps
Découvrez le Rugged DevOpsTalent Agile @ Avanade
 

More Related Content

What's hot

Elastic Security: Protección empresarial basada en Elastic Stack
Elastic Security: Protección empresarial basada en Elastic StackElastic Security: Protección empresarial basada en Elastic Stack
Elastic Security: Protección empresarial basada en Elastic StackElasticsearch
 
Infosec Europe 2017 Highlights | Lastline, Inc.
Infosec Europe 2017 Highlights | Lastline, Inc.Infosec Europe 2017 Highlights | Lastline, Inc.
Infosec Europe 2017 Highlights | Lastline, Inc.Lastline, Inc.
 
Elastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElasticsearch
 
LF_APIStrat17_Practical DevSecOps for APIs
LF_APIStrat17_Practical DevSecOps for APIsLF_APIStrat17_Practical DevSecOps for APIs
LF_APIStrat17_Practical DevSecOps for APIsLF_APIStrat
 
Getting to Know Security and Devs: Keys to Successful DevSecOps
Getting to Know Security and Devs: Keys to Successful DevSecOpsGetting to Know Security and Devs: Keys to Successful DevSecOps
Getting to Know Security and Devs: Keys to Successful DevSecOpsFranklin Mosley
 
SAFE_Presentation
SAFE_PresentationSAFE_Presentation
SAFE_PresentationAl Corbi
 
ІЛЛЯ ЛУБЕНЕЦЬ «DevSecOps наступний етап розвитку DevOps» GO DevOps
ІЛЛЯ ЛУБЕНЕЦЬ «DevSecOps наступний етап розвитку DevOps» GO DevOpsІЛЛЯ ЛУБЕНЕЦЬ «DevSecOps наступний етап розвитку DevOps» GO DevOps
ІЛЛЯ ЛУБЕНЕЦЬ «DevSecOps наступний етап розвитку DevOps» GO DevOpsUA DevOps Conference
 
Tapping Hackers for Continuous Security: That's Hacker-Powered Security
Tapping Hackers for Continuous Security: That's Hacker-Powered SecurityTapping Hackers for Continuous Security: That's Hacker-Powered Security
Tapping Hackers for Continuous Security: That's Hacker-Powered SecurityHackerOne
 
CactusCon 2018 - Anatomy of an AppSec Program
CactusCon 2018 - Anatomy of an AppSec Program CactusCon 2018 - Anatomy of an AppSec Program
CactusCon 2018 - Anatomy of an AppSec Program Bishop Fox
 
KACE End Point Security Update
KACE End Point Security UpdateKACE End Point Security Update
KACE End Point Security Updatekenross15
 
Cyber Security Testing
Cyber Security TestingCyber Security Testing
Cyber Security TestingPECB
 
ITAM AUS 2017 Harnessing the power of SAM Intelligence for Cyber Security
ITAM AUS 2017 Harnessing the power of SAM Intelligence for Cyber SecurityITAM AUS 2017 Harnessing the power of SAM Intelligence for Cyber Security
ITAM AUS 2017 Harnessing the power of SAM Intelligence for Cyber SecurityMartin Thompson
 
Security Consulting Services
Security Consulting ServicesSecurity Consulting Services
Security Consulting ServicesePlus
 
The New Normal: Managing the constant stream of new vulnerabilities
The New Normal: Managing the constant stream of new vulnerabilitiesThe New Normal: Managing the constant stream of new vulnerabilities
The New Normal: Managing the constant stream of new vulnerabilitiesMajor Hayden
 
week6
week6week6
week6ym
 
The 7 Rules of IT Disaster Recovery by Acronis
The 7 Rules of IT Disaster Recovery by AcronisThe 7 Rules of IT Disaster Recovery by Acronis
The 7 Rules of IT Disaster Recovery by AcronisAcronis
 
Once Upon A Time in Application Security land...A true story of how applicati...
Once Upon A Time in Application Security land...A true story of how applicati...Once Upon A Time in Application Security land...A true story of how applicati...
Once Upon A Time in Application Security land...A true story of how applicati...Debbie Rosen
 

What's hot (20)

Elastic Security: Protección empresarial basada en Elastic Stack
Elastic Security: Protección empresarial basada en Elastic StackElastic Security: Protección empresarial basada en Elastic Stack
Elastic Security: Protección empresarial basada en Elastic Stack
 
Infosec Europe 2017 Highlights | Lastline, Inc.
Infosec Europe 2017 Highlights | Lastline, Inc.Infosec Europe 2017 Highlights | Lastline, Inc.
Infosec Europe 2017 Highlights | Lastline, Inc.
 
Elastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic Stack
 
LF_APIStrat17_Practical DevSecOps for APIs
LF_APIStrat17_Practical DevSecOps for APIsLF_APIStrat17_Practical DevSecOps for APIs
LF_APIStrat17_Practical DevSecOps for APIs
 
Continuous Security
Continuous SecurityContinuous Security
Continuous Security
 
Getting to Know Security and Devs: Keys to Successful DevSecOps
Getting to Know Security and Devs: Keys to Successful DevSecOpsGetting to Know Security and Devs: Keys to Successful DevSecOps
Getting to Know Security and Devs: Keys to Successful DevSecOps
 
SAFE_Presentation
SAFE_PresentationSAFE_Presentation
SAFE_Presentation
 
ІЛЛЯ ЛУБЕНЕЦЬ «DevSecOps наступний етап розвитку DevOps» GO DevOps
ІЛЛЯ ЛУБЕНЕЦЬ «DevSecOps наступний етап розвитку DevOps» GO DevOpsІЛЛЯ ЛУБЕНЕЦЬ «DevSecOps наступний етап розвитку DevOps» GO DevOps
ІЛЛЯ ЛУБЕНЕЦЬ «DevSecOps наступний етап розвитку DevOps» GO DevOps
 
Tapping Hackers for Continuous Security: That's Hacker-Powered Security
Tapping Hackers for Continuous Security: That's Hacker-Powered SecurityTapping Hackers for Continuous Security: That's Hacker-Powered Security
Tapping Hackers for Continuous Security: That's Hacker-Powered Security
 
CactusCon 2018 - Anatomy of an AppSec Program
CactusCon 2018 - Anatomy of an AppSec Program CactusCon 2018 - Anatomy of an AppSec Program
CactusCon 2018 - Anatomy of an AppSec Program
 
KACE End Point Security Update
KACE End Point Security UpdateKACE End Point Security Update
KACE End Point Security Update
 
Cyber Security Testing
Cyber Security TestingCyber Security Testing
Cyber Security Testing
 
ITAM AUS 2017 Harnessing the power of SAM Intelligence for Cyber Security
ITAM AUS 2017 Harnessing the power of SAM Intelligence for Cyber SecurityITAM AUS 2017 Harnessing the power of SAM Intelligence for Cyber Security
ITAM AUS 2017 Harnessing the power of SAM Intelligence for Cyber Security
 
Security Consulting Services
Security Consulting ServicesSecurity Consulting Services
Security Consulting Services
 
The New Normal: Managing the constant stream of new vulnerabilities
The New Normal: Managing the constant stream of new vulnerabilitiesThe New Normal: Managing the constant stream of new vulnerabilities
The New Normal: Managing the constant stream of new vulnerabilities
 
week6
week6week6
week6
 
The 7 Rules of IT Disaster Recovery by Acronis
The 7 Rules of IT Disaster Recovery by AcronisThe 7 Rules of IT Disaster Recovery by Acronis
The 7 Rules of IT Disaster Recovery by Acronis
 
Security it trans
Security it transSecurity it trans
Security it trans
 
RSA Conference 2019 Survey Results
RSA Conference 2019 Survey Results RSA Conference 2019 Survey Results
RSA Conference 2019 Survey Results
 
Once Upon A Time in Application Security land...A true story of how applicati...
Once Upon A Time in Application Security land...A true story of how applicati...Once Upon A Time in Application Security land...A true story of how applicati...
Once Upon A Time in Application Security land...A true story of how applicati...
 

Similar to Don’t WannaCry? Here’s How to Stop Those Ransomware Blues

How to get the best out of DevSecOps - a security perspective
How to get the best out of DevSecOps - a security perspectiveHow to get the best out of DevSecOps - a security perspective
How to get the best out of DevSecOps - a security perspectiveColin Domoney
 
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUnderstanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUlf Mattsson
 
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...Synopsys Software Integrity Group
 
Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.marketingunitrends
 
SACON - Devops-container (Richard Bussiere)
SACON - Devops-container (Richard Bussiere)SACON - Devops-container (Richard Bussiere)
SACON - Devops-container (Richard Bussiere)Priyanka Aash
 
Take Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps ProgramTake Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps ProgramDeborah Schalm
 
Take Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps Program Take Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps Program DevOps.com
 
Turning security into code by Jeff Williams
Turning security into code by Jeff WilliamsTurning security into code by Jeff Williams
Turning security into code by Jeff WilliamsDevSecCon
 
Next-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approachNext-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approachNowSecure
 
Synopsys_site.pptx
Synopsys_site.pptxSynopsys_site.pptx
Synopsys_site.pptxArthur528009
 
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...Shannon Williams
 
Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...
Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...
Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...Outpost24
 
Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Alert Logic
 
Shedding Light Onto the Top 6 Threat Modeling Misconceptions
Shedding Light Onto the Top 6 Threat Modeling MisconceptionsShedding Light Onto the Top 6 Threat Modeling Misconceptions
Shedding Light Onto the Top 6 Threat Modeling MisconceptionsSynopsys Software Integrity Group
 
Continuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycleContinuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycleRogue Wave Software
 
Strategies on How to Overcome Security Challenges Unique to Cloud-Native Apps
Strategies on How to Overcome Security Challenges Unique to Cloud-Native AppsStrategies on How to Overcome Security Challenges Unique to Cloud-Native Apps
Strategies on How to Overcome Security Challenges Unique to Cloud-Native AppsVMware Tanzu
 
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps WhiteSource
 

Similar to Don’t WannaCry? Here’s How to Stop Those Ransomware Blues (20)

How to get the best out of DevSecOps - a security perspective
How to get the best out of DevSecOps - a security perspectiveHow to get the best out of DevSecOps - a security perspective
How to get the best out of DevSecOps - a security perspective
 
Découvrez le Rugged DevOps
Découvrez le Rugged DevOpsDécouvrez le Rugged DevOps
Découvrez le Rugged DevOps
 
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUnderstanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External Threats
 
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
 
Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.
 
SACON - Devops-container (Richard Bussiere)
SACON - Devops-container (Richard Bussiere)SACON - Devops-container (Richard Bussiere)
SACON - Devops-container (Richard Bussiere)
 
Take Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps ProgramTake Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps Program
 
Take Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps Program Take Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps Program
 
Turning security into code by Jeff Williams
Turning security into code by Jeff WilliamsTurning security into code by Jeff Williams
Turning security into code by Jeff Williams
 
Next-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approachNext-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approach
 
Synopsys_site.pptx
Synopsys_site.pptxSynopsys_site.pptx
Synopsys_site.pptx
 
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
 
Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...
Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...
Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...
 
Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015
 
Shedding Light Onto the Top 6 Threat Modeling Misconceptions
Shedding Light Onto the Top 6 Threat Modeling MisconceptionsShedding Light Onto the Top 6 Threat Modeling Misconceptions
Shedding Light Onto the Top 6 Threat Modeling Misconceptions
 
Securing Your Cloud With Check Point's vSEC
Securing Your Cloud With Check Point's vSECSecuring Your Cloud With Check Point's vSEC
Securing Your Cloud With Check Point's vSEC
 
Continuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycleContinuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycle
 
Speed and security for your PHP application
Speed and security for your PHP applicationSpeed and security for your PHP application
Speed and security for your PHP application
 
Strategies on How to Overcome Security Challenges Unique to Cloud-Native Apps
Strategies on How to Overcome Security Challenges Unique to Cloud-Native AppsStrategies on How to Overcome Security Challenges Unique to Cloud-Native Apps
Strategies on How to Overcome Security Challenges Unique to Cloud-Native Apps
 
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
 

More from Synopsys Software Integrity Group

Webinar–Mobile Application Hardening Protecting Business Critical Apps
Webinar–Mobile Application Hardening Protecting Business Critical AppsWebinar–Mobile Application Hardening Protecting Business Critical Apps
Webinar–Mobile Application Hardening Protecting Business Critical AppsSynopsys Software Integrity Group
 
Webinar–You've Got Your Open Source Audit Report–Now What?
Webinar–You've Got Your Open Source Audit Report–Now What? Webinar–You've Got Your Open Source Audit Report–Now What?
Webinar–You've Got Your Open Source Audit Report–Now What? Synopsys Software Integrity Group
 
Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due ...
Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due ...Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due ...
Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due ...Synopsys Software Integrity Group
 
Webinar–Financial Services Study Shows Why Investing in AppSec Matters
Webinar–Financial Services Study Shows Why Investing in AppSec MattersWebinar–Financial Services Study Shows Why Investing in AppSec Matters
Webinar–Financial Services Study Shows Why Investing in AppSec MattersSynopsys Software Integrity Group
 
Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...
Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...
Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...Synopsys Software Integrity Group
 
Webinar–Is Your Software Security Supply Chain a Security Blind Spot?
Webinar–Is Your Software Security Supply Chain a Security Blind Spot?Webinar–Is Your Software Security Supply Chain a Security Blind Spot?
Webinar–Is Your Software Security Supply Chain a Security Blind Spot?Synopsys Software Integrity Group
 
Webinar–Sécurité Applicative et DevSecOps dans un monde Agile
Webinar–Sécurité Applicative et DevSecOps dans un monde AgileWebinar–Sécurité Applicative et DevSecOps dans un monde Agile
Webinar–Sécurité Applicative et DevSecOps dans un monde AgileSynopsys Software Integrity Group
 
Webinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
Webinar–Creating a Modern AppSec Toolchain to Quantify Service RisksWebinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
Webinar–Creating a Modern AppSec Toolchain to Quantify Service RisksSynopsys Software Integrity Group
 
Webinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software AssetsWebinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software AssetsSynopsys Software Integrity Group
 

More from Synopsys Software Integrity Group (20)

Webinar–Segen oder Fluch?
Webinar–Segen oder Fluch?Webinar–Segen oder Fluch?
Webinar–Segen oder Fluch?
 
Webinar–Mobile Application Hardening Protecting Business Critical Apps
Webinar–Mobile Application Hardening Protecting Business Critical AppsWebinar–Mobile Application Hardening Protecting Business Critical Apps
Webinar–Mobile Application Hardening Protecting Business Critical Apps
 
Webinar–The 2019 Open Source Year in Review
Webinar–The 2019 Open Source Year in ReviewWebinar–The 2019 Open Source Year in Review
Webinar–The 2019 Open Source Year in Review
 
Webinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at ScaleWebinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at Scale
 
Webinar–That is Not How This Works
Webinar–That is Not How This WorksWebinar–That is Not How This Works
Webinar–That is Not How This Works
 
Webinar–You've Got Your Open Source Audit Report–Now What?
Webinar–You've Got Your Open Source Audit Report–Now What? Webinar–You've Got Your Open Source Audit Report–Now What?
Webinar–You've Got Your Open Source Audit Report–Now What?
 
Webinar–OWASP Top 10 for JavaScript for Developers
Webinar–OWASP Top 10 for JavaScript for DevelopersWebinar–OWASP Top 10 for JavaScript for Developers
Webinar–OWASP Top 10 for JavaScript for Developers
 
Webinar–The State of Open Source in M&A Transactions
Webinar–The State of Open Source in M&A Transactions Webinar–The State of Open Source in M&A Transactions
Webinar–The State of Open Source in M&A Transactions
 
Webinar–5 ways to risk rank your vulnerabilities
Webinar–5 ways to risk rank your vulnerabilitiesWebinar–5 ways to risk rank your vulnerabilities
Webinar–5 ways to risk rank your vulnerabilities
 
Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due ...
Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due ...Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due ...
Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due ...
 
Webinar–Using Evidence-Based Security
Webinar–Using Evidence-Based Security Webinar–Using Evidence-Based Security
Webinar–Using Evidence-Based Security
 
Webinar–Delivering a Next Generation Vulnerability Feed
Webinar–Delivering a Next Generation Vulnerability FeedWebinar–Delivering a Next Generation Vulnerability Feed
Webinar–Delivering a Next Generation Vulnerability Feed
 
Webinar–Financial Services Study Shows Why Investing in AppSec Matters
Webinar–Financial Services Study Shows Why Investing in AppSec MattersWebinar–Financial Services Study Shows Why Investing in AppSec Matters
Webinar–Financial Services Study Shows Why Investing in AppSec Matters
 
Webinar–What You Need To Know About Open Source Licensing
Webinar–What You Need To Know About Open Source LicensingWebinar–What You Need To Know About Open Source Licensing
Webinar–What You Need To Know About Open Source Licensing
 
Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...
Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...
Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...
 
Webinar–Why All Open Source Scans Aren't Created Equal
Webinar–Why All Open Source Scans Aren't Created EqualWebinar–Why All Open Source Scans Aren't Created Equal
Webinar–Why All Open Source Scans Aren't Created Equal
 
Webinar–Is Your Software Security Supply Chain a Security Blind Spot?
Webinar–Is Your Software Security Supply Chain a Security Blind Spot?Webinar–Is Your Software Security Supply Chain a Security Blind Spot?
Webinar–Is Your Software Security Supply Chain a Security Blind Spot?
 
Webinar–Sécurité Applicative et DevSecOps dans un monde Agile
Webinar–Sécurité Applicative et DevSecOps dans un monde AgileWebinar–Sécurité Applicative et DevSecOps dans un monde Agile
Webinar–Sécurité Applicative et DevSecOps dans un monde Agile
 
Webinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
Webinar–Creating a Modern AppSec Toolchain to Quantify Service RisksWebinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
Webinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
 
Webinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software AssetsWebinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software Assets
 

Recently uploaded

Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationkaushalgiri8080
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendArshad QA
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 

Recently uploaded (20)

Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and Backend
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 

Don’t WannaCry? Here’s How to Stop Those Ransomware Blues

  • 1. © 2017 Synopsys, Inc. 1 Don’t WannaCry? How Stop Those Ransomware Blues Robert Vamosi CISSP, Security Strategist, Synopsys Steve Cohen, Product Marketing Manager, Synopsys
  • 2. © 2017 Synopsys, Inc. 2 Robert Vamosi Steven Cohen Security Strategist at Synopsys Product Marketing Manager at Synopsys
  • 3. © 2017 Synopsys, Inc. 3 WannaCry Ransomware: An Overview
  • 4. © 2017 Synopsys, Inc. 4 Confidential The WannaCry Pandemic • Infected 300,000 Windows machines worldwide at its peak (May 12, 2017). • Encrypted contents of compromised Windows machines until a ransom was paid via BitCoin.
  • 5. © 2017 Synopsys, Inc. 5 Confidential How does WannaCry work? • Encrypts the contents of a compromised machine. • Uses a private key/public key. • Once ransom is paid, unlocks contents with the private key.
  • 6. © 2017 Synopsys, Inc. 6 Confidential What is WannaCry? A computer worm
  • 7. © 2017 Synopsys, Inc. 7 Confidential Classic computer worms Examples include: • Morris worm (1988) • ILOVEYOU (2000) • Code Red (2001) • SQLSlammer (2003) • MSBlaster (2005)
  • 8. © 2017 Synopsys, Inc. 8 Confidential Securing the Network Layer
  • 9. © 2017 Synopsys, Inc. 9 Confidential Who is affected? •Mostly Windows 7 systems that have not installed the MS17-010 update •Potentially all Windows systems that have not installed the MS17- 010 update
  • 10. © 2017 Synopsys, Inc. 10 Confidential How does WannaCry spread? •Uses a vulnerability in Microsoft SMB (now patched MS17-010) •Uses an exploit called EternalBlue to establish a remote access •Uses an exploit called DoublePulsar to download ransomware package
  • 11. © 2017 Synopsys, Inc. 11 Confidential Securing the Application layer
  • 12. © 2017 Synopsys, Inc. 12 Confidential Managing risk by focusing on quality and security Risk Mgmt. Software Quality Software Security Other
  • 13. © 2017 Synopsys, Inc. 13 Confidential Penetrate and then pivot across attack surfaces WannaCry demonstrates how incredibly important it is for firms to focus on their network attack surface, and to extend that same rigor to their software attack surface to avoid unnecessary risk.
  • 14. © 2017 Synopsys, Inc. 14 Confidential The evolving landscape of software development Embedded devices Cloud (private, hybrid, public) Languages, open source and frameworks New tech stacks and attack surfaces Agile, DevOpsSec, CI/CD Fit into toolchain eco-systems Automation through toolchain integration New development philosophies and approaches Comprehensive view into risk Accuracy and speed of quality defects and security vulnerability feedback Focus Lack visibility into evolving application portfolio Align with workflow timeframes Security as a core component of quality Testing coverage and depth Changing testing demands
  • 15. © 2017 Synopsys, Inc. 15 Confidential Comprehensive portfolio to manage risk Program Design and Development Define, implement and measure a SSI to reflect your evolving development and deployment environments Managing Risk Across your SDLC with Diverse Products Build in security and quality through automation at every step during development and across the supply chain Managed Services Offerings Get the testing capacity you need, at the depth you need, to rapidly respond to changing testing requirements and evolving threats Professional Services Offerings Adopt quality and security best practices, tools, and strategies to your technology stack Education Offerings Prepares developers and security professionals to build security and quality into their software development process and remediate found vulnerabilities and defects
  • 16. © 2017 Synopsys, Inc. 16 Confidential Improving the quality and security of your SDLC
  • 17. © 2017 Synopsys, Inc. 17 Confidential Complete support across your SDLC REQUIREMENTS & DESIGN Architecture Risk Analysis Security Code Design Analysis Threat Modeling TRAINING Core Security Training Secure Coding Training eLearning SAST (IDE) SAST (Build) SCA (Source) IAST IMPLEMENTATION SAST (Managed) Fuzz Testing SCA (Binary) Mobile Testing VERIFICATION DAST (Managed) Pen Testing Network Pen Testing RELEASE Agile DevOpsCI/CD ANY DEVELOPMENT APPROACH ANY DEPLOYMENT ENVIRONMENT Embedded Cloud Mobile
  • 18. © 2017 Synopsys, Inc. 18 Confidential Address changing risk management requirements Any test… SAST, DAST, IAST, Source Code Analysis, business logic testing …on any software… Web, mobile, legacy, cloud, IoT, embedded systems ...at any depth... From fully automated to comprehensive manual testing ...with complete flexibility... On-premises, managed services or a blend of both to cover your entire portfolio ...at any stage in the SDLC… Architecture and design to real-time in the IDE to production application testing …with services and programs
  • 19. © 2017 Synopsys, Inc. 19 Confidential Q&A