Deutsche Telekom Partnering Operating Alliance Summit - Zimperium

•Download as PPTX, PDF•

0 likes•186 views

Zimperium

Zimperium's presentation at Deutsche Telekom's Operator Partner Summit at Hub:Raum in Berlin, Germany.

Technology

All Rights Reserved © 2016
Critical Vulnerabilities per OS
0
100
200
300
400
2007 2008 2009 2010 2011 2012 2013 2014 2015 2016
Android iOS

All Rights Reserved © 2016 3
Enterprise Mobility: Real world examples

All Rights Reserved © 2016 4
In-app protection made
Simple
❯ Embed Zimperium threat engine into
applications through SDK
Secure
❯ Ensure mobile enterprise applications are
protected against mobile cyberattacks
❯ Implement custom app workflows for a
device under attack
❯ Safeguard the data in customer / partner
business transactions
Single Mobile Threat Management Platform now
generates: Self-Protecting Apps

All Rights Reserved © 2016
Global Threat Analysis Report Over 3800 Critical* threats in 7 days
• 63% of threats were network based
• 36% were App based
• >1000 devices involved across 86 unique networks
Top 4 Threats
• Suspicious Apps (36%)
• Fake SSLs (35%)
• SSL Strip (23%)
• ARP/ICMP MITM (4%)
24
362
18
6
114
514
13
15
1066
ARP MITM
Fake SSL certificate MITM
ICMP Redirect MITM
Rogue Access Point
SSL Strip
Suspicious Android App
System Tampering
Traffic Tampering
Grand Total
# of Devices
2%
35%
2%
0%
23%
36%
1%
1% # of Threats
ARP MITM
Fake SSL certificate
MITM
ICMP Redirect MITM
Rogue Access Point
App Based
36%
Device Based
1%
Network
Based
63%
Threat Distribution
App Based
Device Based
Network Based

All Rights Reserved © 2016
Currently on Google and Apple stores..

All Rights Reserved © 2016
Contact Us
https://www.zimperium.com/contact

You’ve studied the best practices, charted out your course and are ready to embark on your application security journey. But there is still one roadblock that could derail your entire program if you ignore it – getting buy-in from the rest of your company. You see, application security is unlike other forms of security in that it directly impacts the productivity of multiple teams outside the IT and security teams. Who are the groups you need to work with? At what point in the planning and execution stages should you engage with these teams? And why are they so concerned with your application security strategy? The answer to these questions can be found in this short, yet informative presentation. You'll learn about the teams you need to work with, and how to best communicate and work with them to ensure the success of your application security program.

Infographic network protection security

IBM Security

June 2016 Worldwide Netskope Cloud Report

Netskope

In this Netskope Cloud Report™, we’ve compiled the most interesting trends on cloud app adoption and usage based on aggregated, anonymized data from the Netskope Active Platform™. Report findings are based on usage seen across millions of users in hundreds of accounts globally, and represent usage trends from January 1 through March 31, 2016. Report highlights: - Three-quarters of cloud apps in use lack key capabilities to comply with the upcoming European Union General Data Protection Regulation. - Malware continues its rise in enterprise clouds, with an average of 11.0 percent of enterprises detecting malware in their sanctioned apps. - 26.2 percent of malware files discovered in sanctioned apps are shared with internal or external users or publicly. - Enterprises have an average of 935 cloud apps in use, a slight rise from 917 last quarter. The Microsoft Office 365 suite continues to lead the pack in top-used business productivity apps, with Office 365 Outlook.com, OneDrive for Business, SharePoint, Yammer, and Lync in the number 2, 3, 12, 19, and 20 spots, respectively. - Cloud Storage apps dominate cloud DLP violations, with 73.6 percent of the total.

[Infographic] CYREN Q3 2015 Cyber Threat ReportChristian Reuter

Infographic: Mobile is growing and so are security threats

IBM Security

Case Closed with IBM Application Security on Cloud infographic

IBM Security

This infographic demonstrates how to leverage IBM Application Security Analyzer (formerly IBM AppScan Mobile Analyzer and IBM AppScan Dynamic Analyzer) to improve mobile and Web application security, by performing periodic application security testing, identifying high-priority vulnerabilities and improving the effectiveness of your application security program. You’ll also have the peace of mind that’s derived by eliminating security vulnerabilities from Web and mobile applications before they’re placed into production and deployed. For additional information, please visit: www.ibm.com/applicationsecurity.

Cloud Access Security Brokers

Abhishek Tripathi

Let's hack your mobile device. Yes we can. And many other do.

DATA SECURITY SOLUTIONS

Tackling today's cyber security challenges - WISER Services & Solutions

CYBERWISER .eu

Antonio Alvarez Romero (ATOS) is giving an high level overview of WISER project, higlighting its innovative vision, objectives and concrete outputs. Learn about how WISER is making cyber security accessible and affordable, especially for SMEs by breaking down barriers to effective cyber risk management. ICT-intensive SMEs can easily access tools to regularly profile their cyber risks and carry out vulnerability tests to stop attacks before they happen.

Symantec Internet Security Threat Report 2014 - Volume 19

Symantec

Michael Kropyva - Security Compliance For Cloud Providers - Customer`s Perspe...

Cloud Security Alliance Lviv Chapter

State of Application Security: State of PiracyIBM Security

What is the Cybersecurity plan for tomorrow?

Samvel Gevorgyan

The Seven Kinds of Security

Veracode

Enterprises are constantly working to implement new, faster, better technology to run their businesses. In turn, cyberattackers are working equally as hard to find ways to breach that technology, and security professionals are churning out solutions to thwart attacks. This cycle of activity leads to today’s layered, complex enterprise security ecosystems. These ecosystems are like any ecosystem in the natural world, with interdependencies, limited resources, and a need for balance to make them run smoothly. If one layer falters, the whole ecosystem can become unstable. With the recent introduction of applications as a business driver, the security ecosystem needs to adapt. The application layer is now a critical player, and requires a reworking of the ecosystem to restore balance and security. However, this reworking has yet to happen in many cases, leading to the surge of breaches we’ve seen lately. End-point and network security tend to garner the lion’s share of IT attention – leading to an unbalanced security ecosystem, an exposed application layer, and serious breaches. It is important to understand all the layers of security and how they work together to secure your enterprise. Start by getting the facts and stats with our new gbook, The Seven Kinds of Security.

The Top Three 2021 Cyber Threats

Sai Huda

Globally recognized cybersecurity expert and best-selling author, Sai Huda, says the top three cyber threats that all organizations need to be on heightened alert for in 2021 are ransomware, cloud misconfigurations exploit and supply chain compromise. Sai Huda advises businesses on cyber risk management and is a frequent keynote speaker at major industry conferences. He is also the author of the best-selling book “Next Level Cybersecurity: Detect the Signals, Stop the Hack.” In this ground-breaking book, Sai Huda reveals 15 signals that provide early tip-offs to cyberattacks and a seven step method to implement an early warning and detection system to stop a cyber attack in time and prevent loss or damage. Sai Huda is warning businesses worldwide to be on heightened alert for ransomware, especially new variants that are programmed to scan for keywords that indicate mission critical or highly sensitive data so that critical data can be found quickly. Then the ransomware will exfiltrate a copy, then it will encrypt and lock down access to the data and demand a ransom payment. The attacker will then release a portion of the data publicly to extort the victim to pay the ransom. Phishing and unpatched vulnerabilities are the two main ways the attacker is able to insert ransomware. He is also warning that cloud misconfigurations are another major threat as businesses move to the cloud but fail to configure properly all of the systems and services the cloud provider makes available. The cloud provider is responsible for security of the cloud, while the business itself is responsible for security in the cloud. Cloud configurations require specific know-how to prevent and detect a cyber attack. Otherwise, there will be many doors and windows open for an attacker to exploit and break in. Supplier compromise is also another major threat, especially software providers, as evident with the recent SolarWinds supply chain compromise, where the attackers inserted a backdoor malware into the software update process at the supplier and with one fell swoop, as thousands downloaded the software update, the attacker gained entry undetected into thousands or organizations worldwide. So a compromise at a supplier can be the backdoor into the organization. Regardless, there will be signals of the attackers and in his book Sai Huda reveals the signals that organizations must be on the look out for to prevent becoming victim to ransomware, cloud misconfigurations exploit or supply chain compromise.

Strategies to combat new, innovative cyber threats in 2019

SrikanthRaju7

We will focus on sharing our predictions for the big new changes we expect to see in cyber attacks and attack patterns in the coming year. Before we dive into those, we will spend a little bit of time focusing on the five newest tactical attacks we expect to see a whole lot more of in 2019. After that, we will look into the big new shifts in targets and attack strategy that will dominate Cyberwarfare over the coming year. After we review the tactical and strategic threats you will need to look out for next year, We will provide a look at the primary defensive strategies you can deploy to combat tomorrow’ emerging threats. That being said, while we feel confident that these represent some of the biggest new movements in the cybersecurity landscape in 2019, we also recognize that we are not the only experts here. And that there might be some big, effective attack and defense strategies that did not make it into our presentation.So, I welcome you to please share your own views on what you think will be the key threats in the comments here. With that being said, let’s get started!

2017 Security Report Presentation

ixiademandgen

Security in the Hybrid Cloud Now and in 2016

IDG Connect

18-mobile-malware.pptx

sundar110567

5 Key Ways to Incorporate Security Protection into your Organization’s Mobile...

IBM Security

Take a deep-dive into the benefits of incorporating improved security protection into your organization’s mobile application development lifecycle, from testing phase to run-time. In this on-demand webinar, you’ll learn how to: - Better identify application integrity risks (vulnerable portions of your apps that could serve as attractive attack targets to hackers, even after you’ve adhered to safe-coding practices), and to bolster your overall level of mobile security protection. - Deploy protection tools—based on AppScan-aided risk assessment technology and supplemented by manual analysis—to design and implement “defend”, “detect”, and “react” protections inside your applications, without modifying their source code. - Augment your code-testing with proactive protections inside your mobile applications, by learning more about IBM’s and Arxan’s partnered solutions. View the full on-demand webcast: http://securityintelligence.com/events/incorporating-security-protection-organizations-mobile-application-development-lifecycle/#.VYxU1_lVhBf

What's hot

Infographic: 5 Tips for Cloud Success

IBM Security

Security and Your Business

All Covered

Selling Your Organization on Application Security

Veracode

Infographic network protection security

IBM Security

June 2016 Worldwide Netskope Cloud Report

Netskope

[Infographic] CYREN Q3 2015 Cyber Threat ReportChristian Reuter

Infographic: Mobile is growing and so are security threats

IBM Security

Case Closed with IBM Application Security on Cloud infographic

IBM Security

Cloud Access Security Brokers

Abhishek Tripathi

Let's hack your mobile device. Yes we can. And many other do.

DATA SECURITY SOLUTIONS

Tackling today's cyber security challenges - WISER Services & Solutions

CYBERWISER .eu

Symantec Internet Security Threat Report 2014 - Volume 19

Symantec

Michael Kropyva - Security Compliance For Cloud Providers - Customer`s Perspe...

Cloud Security Alliance Lviv Chapter

State of Application Security: State of PiracyIBM Security

What is the Cybersecurity plan for tomorrow?

Samvel Gevorgyan

The Seven Kinds of Security

Veracode

The Top Three 2021 Cyber Threats

Sai Huda

Strategies to combat new, innovative cyber threats in 2019

SrikanthRaju7

2017 Security Report Presentation

ixiademandgen

Security in the Hybrid Cloud Now and in 2016

IDG Connect

What's hot (20)

Infographic: 5 Tips for Cloud Success

Security and Your Business

Selling Your Organization on Application Security

Infographic network protection security

June 2016 Worldwide Netskope Cloud Report

[Infographic] CYREN Q3 2015 Cyber Threat Report

Infographic: Mobile is growing and so are security threats

Case Closed with IBM Application Security on Cloud infographic

Cloud Access Security Brokers

Let's hack your mobile device. Yes we can. And many other do.

Tackling today's cyber security challenges - WISER Services & Solutions

Symantec Internet Security Threat Report 2014 - Volume 19

Michael Kropyva - Security Compliance For Cloud Providers - Customer`s Perspe...

State of Application Security: State of Piracy

What is the Cybersecurity plan for tomorrow?

The Seven Kinds of Security

The Top Three 2021 Cyber Threats

Strategies to combat new, innovative cyber threats in 2019

2017 Security Report Presentation

Security in the Hybrid Cloud Now and in 2016

Similar to Deutsche Telekom Partnering Operating Alliance Summit - Zimperium

18-mobile-malware.pptx

sundar110567

5 Key Ways to Incorporate Security Protection into your Organization’s Mobile...

IBM Security

The Inconvenient Truth About API Security

Distil Networks

The notion of API security & management in which enterprise architects, app developers and IT security experts work in harmony is great in theory. The reality, according to new research from Ovum, is much more scattered. Watch Ovum IT Security Analyst Rik Turner as he dives into new primary research on how companies are really managing API security. Then watch the lively conversation as Rami Essaid, CEO of Distil Networks, explains why APIs are becoming such an increasingly attractive target for hackers. Lastly, Shane Ward, Senior Director of Technology at GuideStar, will share best practices and pitfalls to avoid when managing both free and paid access to your APIs. Key takeaways will include: - How to benchmark your organization's API security and internal processes against your peers - Why CIO and/or CISO visibility into how API security is managed across the enterprise is so critical - How to map your business requirements to your API security strategy - A primer on API security controls, including geo/org fencing, token governance, dynamic access control lists and advanced rate limiting - Why heavy "application services governance" software suites are the wrong approach Learn more about Distil Networks API Security http://www.distilnetworks.com/api-security/

Stratégies de croissance via la mobilité (ems)

IAMCP Canada

Mobile Payments: Protecting Apps and Data from Emerging Risks

IBM Security

Symantec Mobile Security Webinar

Symantec

Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...

Skycure

Protect Your Enterprise - Check Point SandBlast Mobile

MarketingArrowECS_CZ

AppTrana SECaaS (Security as a Service)

IndusfacePvtLtd

Presentatie Kaspersky over Malware trends en statistieken, 26062015

SLBdiensten

IMPAKT: Verdediging aangaan t.o.v. (on)bekende ransomware:

Nancy Nimmegeers

Mobile Application Security Threats through the Eyes of the Attacker

bugcrowd

Security O365 Using AI-based Advanced Threat Protection

Bitglass

Office 365 has garnered widespread adoption from enterprises due to its advantages such as ease of deployment, lower TCO, and high scalability. Additionally, it enables end-users to work and collaborate from anywhere and on any device. Although Office 365 enables IT to shift the burden for app and infrastructure to the cloud vendor, data security remains the responsibility of the enterprise. Given the limitations of native malware protection on Office 365, should the enterprise rely on Office 365 to protect their data from malware and ransomware? Join Bitglass and Cylance for a discussion on malware protection solutions for Office 365. We will cover the limitations of native Office 365 malware protection as well as the benefits of AI and machine learning based approaches. We will wrap up the session by discussing how CASBs, with Advanced Threat Protection (ATP) capabilities, are uniquely positioned to protect cloud apps and end-points from malware attacks and proliferation.

Unicom Conference - Mobile Application Security

Subho Halder

Mobile adoption is strategic in every industry today. Although it can be a great catalyst for growth, the security risks that come with it cannot be overlooked. Even though this fact is established, many companies are still not following some of the mobile application security best practices. The goal of this is to raise awareness about application security by identifying some of the most critical risks facing organizations during development. We will be covering from basic OWASP top 10 security issues to live demos on different use-case scenarios on how a hacker can hack your application, and how to prevent them.

Developing Secure Mobile Applications

Denim Group

This course provides an introduction to security for mobile applications. It walks through a basic threat model for a mobile application. This threat model is then used as a framework for making good decisions about designing and building applications as well as for testing the security of existing applications. Examples are provided for both iOS (iPhone and iPad) and Android platforms and sample code is provided to demonstrate mobile security assessment techniques.

iOS and Android security: Differences you need to know

NowSecure

Mobile Application Assessment - Don't Cheat Yourself

Denim Group

See the video - http://youtu.be/V5a6DkSZn8E Too often, organizations looking to address mobile application security risks cheat themselves by myopically scanning only the software living on the device. Unfortunately, this ignores the fact that security issues can exist in code deployed on the device, in corporate web services backing the device, in any third party supporting services as well as in the interactions between any of these components. By analyzing the data from a large body of mobile application security assessments, this webinar characterizes the most common and most damaging mobile application security vulnerabilities as well as where these vulnerabilities are found and the testing activities that identified them. Attendees will walk away with a better understanding of the scope of potential mobile application security issues as well as statistics to help them better craft mobile application security programs.

Malware on Smartphones and Tablets: The Inconvenient Truth

IBM Security

View on-demand webinar: http://ibm.co/21C0aKO Recent research shows that mobile has become the hackers’ new playground. However, most users and IT professionals do not think this is a real and substantial threat. In this on-demand session, we will outline the broad scope of risk that mobile malware poses today on iOS and Android, and explain the potential business threats. The enterprise is at a critical juncture where advanced cyber-attacks targeting mobile users are now threatening both corporate and personal information. Listen in to IBM Security product specialist, Shaked Vax to learn how to reduce risk of data leakage and protect against malicious activity with a comprehensive approach that combines enterprise mobility management (EMM) and mobile threat management.

What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App Sec

IBM Security

Despite being on vulnerability “Top 10” lists for many years, application vulnerabilities such as SQL injection and Cross-Site scripting continue to be significant attack paradigms for organizational data breaches. In fact, the IBM X-Force 2013 Mid-Year Trend and Risk Report confirmed that SQL Injection (SQLi) remained the most common paradigm for attackers to breach organizational security controls. Meanwhile, Cross-Site Scripting continued to be the most common type of application vulnerability. In this session, we review the latest trends in application and mobile security vulnerabilities, and how to combat them with improved security awareness, organizational controls and application security testing technologies. We also address how to improve application security on your organization’s mobile devices.

Veracode Corporate Overview - PrintAndrew Kanikuru

Similar to Deutsche Telekom Partnering Operating Alliance Summit - Zimperium (20)

18-mobile-malware.pptx

5 Key Ways to Incorporate Security Protection into your Organization’s Mobile...

The Inconvenient Truth About API Security

Stratégies de croissance via la mobilité (ems)

Mobile Payments: Protecting Apps and Data from Emerging Risks

Symantec Mobile Security Webinar

Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...

Protect Your Enterprise - Check Point SandBlast Mobile

AppTrana SECaaS (Security as a Service)

Presentatie Kaspersky over Malware trends en statistieken, 26062015

IMPAKT: Verdediging aangaan t.o.v. (on)bekende ransomware:

Mobile Application Security Threats through the Eyes of the Attacker

Security O365 Using AI-based Advanced Threat Protection

Unicom Conference - Mobile Application Security

Developing Secure Mobile Applications

iOS and Android security: Differences you need to know

Mobile Application Assessment - Don't Cheat Yourself

Malware on Smartphones and Tablets: The Inconvenient Truth

What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App Sec

Veracode Corporate Overview - Print

Recently uploaded

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...

Ramesh Iyer

In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

DanBrown980551

Do you want to learn how to model and simulate an electrical network from scratch in under an hour? Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)! During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook. PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides: - A fully editable and extendable library for grid component modelling; - Visualization tools to display your network; - Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses; The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well. What you will learn during the webinar: - For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills; - For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.

Key Trends Shaping the Future of Infrastructure.pdf

Cheryl Hung

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Prayukth K V

The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development. The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers: State of global ICS asset and network exposure Sectoral targets and attacks as well as the cost of ransom Global APT activity, AI usage, actor and tactic profiles, and implications Rise in volumes of AI-powered cyberattacks Major cyber events in 2024 Malware and malicious payload trends Cyberattack types and targets Vulnerability exploit attempts on CVEs Attacks on counties – USA Expansion of bot farms – how, where, and why In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East Why are attacks on smart factories rising? Cyber risk predictions Axis of attacks – Europe Systemic attacks in the Middle East Download the full report from here: https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

Product School

Assuring Contact Center Experiences for Your Customers With ThousandEyes

ThousandEyes

When stars align: studies in data quality, knowledge graphs, and machine lear...

Elena Simperl

Knowledge engineering: from people to machines and back

Elena Simperl

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

BookNet Canada

The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more. Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/ Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

FIDO Alliance

Designing Great Products: The Power of Design and Leadership by Chief Designe...

Product School

Connector Corner: Automate dynamic content and events by pushing a button

DianaGray10

Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to: Create a campaign using Mailchimp with merge tags/fields Send an interactive Slack channel message (using buttons) Have the message received by managers and peers along with a test email for review But there’s more: In a second workflow supporting the same use case, you’ll see: Your campaign sent to target colleagues for approval If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team But—if the “Reject” button is pushed, colleagues will be alerted via Slack message Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors. And... Speakers: Akshay Agnihotri, Product Manager Charlie Greenberg, Host

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

Tobias Schneck

As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other? Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.

Bits & Pixels using AI for Good.........

Alison B. Lowndes

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...

Product School

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...

Product School

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

UiPath Test Automation using UiPath Test Suite series, part 3

DianaGray10

How world-class product teams are winning in the AI era by CEO and Founder, P...

Product School

DevOps and Testing slides at DASA Connect

Kari Kakkonen

Recently uploaded (20)

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

Key Trends Shaping the Future of Infrastructure.pdf

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

Assuring Contact Center Experiences for Your Customers With ThousandEyes

When stars align: studies in data quality, knowledge graphs, and machine lear...

Knowledge engineering: from people to machines and back

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

Designing Great Products: The Power of Design and Leadership by Chief Designe...

Connector Corner: Automate dynamic content and events by pushing a button

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

Bits & Pixels using AI for Good.........

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

UiPath Test Automation using UiPath Test Suite series, part 3

How world-class product teams are winning in the AI era by CEO and Founder, P...

DevOps and Testing slides at DASA Connect

Deutsche Telekom Partnering Operating Alliance Summit - Zimperium

4. All Rights Reserved © 2016 4 In-app protection made Simple ❯ Embed Zimperium threat engine into applications through SDK Secure ❯ Ensure mobile enterprise applications are protected against mobile cyberattacks ❯ Implement custom app workflows for a device under attack ❯ Safeguard the data in customer / partner business transactions Single Mobile Threat Management Platform now generates: Self-Protecting Apps

9. All Rights Reserved © 2016 Global Threat Analysis Report Over 3800 Critical* threats in 7 days • 63% of threats were network based • 36% were App based • >1000 devices involved across 86 unique networks Top 4 Threats • Suspicious Apps (36%) • Fake SSLs (35%) • SSL Strip (23%) • ARP/ICMP MITM (4%) 24 362 18 6 114 514 13 15 1066 ARP MITM Fake SSL certificate MITM ICMP Redirect MITM Rogue Access Point SSL Strip Suspicious Android App System Tampering Traffic Tampering Grand Total # of Devices 2% 35% 2% 0% 23% 36% 1% 1% # of Threats ARP MITM Fake SSL certificate MITM ICMP Redirect MITM Rogue Access Point App Based 36% Device Based 1% Network Based 63% Threat Distribution App Based Device Based Network Based

Editor's Notes

Embedded zIPS with its z9 is actually embedded in an app to make what we are calling zIAPs, or In-App Protection apps. zIAP determines if the device is compromised, gets the attack details. If the device is under attack, zIAP informs the app and allows for actions to be taken to mitigate the risk (dependent on the threat )such as: registers for a callback and specific actions are then taken dependent on the threat: Invalidate Session / Logout Destroy the keys / Delete Cache Raise Fraud Alert Activate 3-Factor Authentication Reduce functionality to read-only Our zANTI penetration testing tool is a specific example where zIPS is embedded for over 500,000 users Self-Protecting Apps Reduce fraud on customer/partner applications

Deutsche Telekom Partnering Operating Alliance Summit - Zimperium

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Deutsche Telekom Partnering Operating Alliance Summit - Zimperium

Similar to Deutsche Telekom Partnering Operating Alliance Summit - Zimperium (20)

Recently uploaded

Recently uploaded (20)

Deutsche Telekom Partnering Operating Alliance Summit - Zimperium

Editor's Notes