Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Hp Fortify Pillar

1,823 views

Published on

  • Be the first to comment

Hp Fortify Pillar

  1. 1. HP FortifyApplication SecurityNameTitleEnterprise Security© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  2. 2. The problem© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  3. 3. Cyber attackers are targeting applications Applications Hardware Networks Intellectual Security Measures Property • Switch/Router security • Firewalls Customer • NIPS/NIDS Data • VPN • Net-Forensics • Business Anti-Virus/Anti-Spam • DLP Processes • Host FW • Host IPS/IDSTrade • Vuln. Assessment tools Secrets3 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  4. 4. Application security challenges In-house development Securing legacy Certifying new applications Demonstrating releases compliance Procuring secure software Outsourced Commercial Open source4 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  5. 5. Today’s approach > expensive, reactive IT deploys the bad software 2 Somebody builds bad software 1 We are breached or pay to have someone 3 tell us our code is bad We convince & pay the developer 4 to fix it5 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  6. 6. Why it doesn’t work30x more costly to secure in production 30X 15X Cost 10X 5X 2X Requirements Coding Integration/ System Production component testing testing After an application is released into Production, it costs 30x more than during design. Source: NIST6 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  7. 7. The solution© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  8. 8. The right approach > systematic, proactive Embed security into SDLC development process 1 2 Leverage Security Gate to validate resiliency of internal or external In-house Outsourced Commercial Open source code before Production 3 Monitor and protect software Improve SDLC policies running in Production This is application security8 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  9. 9. HP Fortify Software Security CenterIdentifies and eliminates risk in existing applications and prevents the introductionof risk during application development, in-house or from vendors. • Protects business critical applications from advanced cyber attacks by removing security vulnerabilities from software IN-HOUSE OUTSOURCED • Accelerates time-to-value for achieving secure applications • Increases development productivity by enabling security to be built into software, rather than added on after it is deployed COMMERCIAL OPEN SOURCE • Delivers risk intelligence from application development to improve operational security9 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  10. 10. Minimizing risk, driving business agilityApplication security benefits • Reduce risk with • Deliver • Meet government • Build a security minimal effort measurable and industry culture and operational business and compliance throughout your costs strategic value regulations organization10 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  11. 11. Competitive differentiators We enable companies to build a holistic application security program from the ground up to secure all their software from development to production— regardless of who and where it is developed, and whatever device, form factor or environment it is running on. Breadth: the most Depth: 492 unique Services: expert guidance complete software security vulnerability categories to custom-tailor and solution with static, discovered across 21 integrate software security dynamic and hybrid testing, programming languages and into your unique along with collaborative over 750,000 individual development, testing and remediation and proactive platform and framework production environments SDLC governance. APIs.11 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  12. 12. Summary: HP Fortify Software Security CenterComprehensive application security solutions That proactively identifies and eliminates the immediate risk in legacy 1 applications, as well as the introduction of systemic risk during application development 2 To ensure that all software is trustworthy and in compliance with internal and external security mandates Scaling to protect all your business-critical desktop, mobile and cloud 3 applications 4 Available on-premise or on-demand, and with managed services12 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  13. 13. Real world example:Heartland Systems© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  14. 14. Heartland cybercrime case 1. Sometime in 2007: Albert Gonzalez and 2 Russian co-conspirators gained access to Heartland systems through a personnel application 2. Attackers injected code into data processing network and installed a sniffer malware that was able to see credit card numbers and other details. 3. After being alerted by Visa and MasterCard of suspicious card transactions activity, Heartland called U.S. Secret Service and hired two breach forensics teams to investigate 4. Jan 20, 2009: Breach reported by Heartland • At least 650 financial institutions affected • 94M credit records stolen • Fines levied to banks > $6M • Total cost of damages / loss > $140M 5. At the time, the Heartland breach was the largest identity theft case ever14 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  15. 15. How HP Fortify can help 1 2 3 Use SCA to ensure that Use WI to simulate Use SSC to build every single line of code attacks against web security into any is developed securely, applications in Staging application in whether internal or from and to continuously scan development and 3rd party or built for the the application in production from the desktop, cloud or mobility Production ground up15 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  16. 16. Thank you© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

×