SlideShare a Scribd company logo

Info sec for startups

Download as PPTX, PDF
Kesava Reddy
Kesava Reddy

Information Security is a fast changing landscape. As an entrepreneur, your main focus is getting clients, perfecting your products and services.

Business
1 of 19
01 www.indusface.com | Indusface, Confidential and Proprietary InfoSec for StartupsPresented by Venkatesh Sundar, CTO, Indusface
02 www.indusface.com | Indusface, Confidential and Proprietary The Importance of Information Security Loss of customer database, credit card details, financial disruption and defacement are only few of the disasters that application layer hacking brings. Little or no application security assistance for start- ups in India 75% security breaches happen at the application layer: Gartner of these 10recent start-up Hacking incidences in ecommerce, online song portals, taxi-for- hire services and other sectors.
03 www.indusface.com | Indusface, Confidential and Proprietary Total Application Security Concept
04 www.indusface.com | Indusface, Confidential and Proprietary Detect
05 www.indusface.com | Indusface, Confidential and Proprietary Detection Challenges Web applications are critical to online business processes. 1 Web applications have become increasingly complex, having tremendous amounts of sensitive data which can be used in unexpected ways, abused, stolen, and attacked. 2 Increasing threats, regulations, and the changing IT landscape has made dynamic software security testing important. 3 Vulnerabilities in applications lead to security breaches, which are a threat to brand reputation. 4 There are complex business logic flaws that are specific to application process and cannot be detected automatically. 5
06 www.indusface.com | Indusface, Confidential and Proprietary Comprehensive Application Testing Combining automated and human intelligence to test web applications during and after development. 1 Automated detection and reporting of underlying weaknesses as listed by the Open Web Application Security Project. 2 Manual penetration testing of web application by experts to find flaws specific to business logics. 3 Continuous scanning for malware and other bugs. 4 Inspection of spammy changes on the website that could lead to blacklisting and defacement. 5
07 www.indusface.com | Indusface, Confidential and Proprietary Security in Software Development Processes An effective Secure Development Life Cycle program: Implementation of a Secure Development Life Cycle (SDLC) program ensures that security is inherent in good enterprise software design and development, not an afterthought later in production. • Designs security imperatives from the beginning of development process. • Sets up checkpoints, during the build and test process. • Releases nothing to production until security standards are met, as a matter of policy.
08 www.indusface.com | Indusface, Confidential and Proprietary Map Security & Privacy Requirements Threat Modeling Security Design Review Static Analysis Peer Review Security Test Cases Dynamic Analysis Final Security Review Application Security Monitoring Requirements Design Development Test Deployment SDLC Process Flow
09 www.indusface.com | Indusface, Confidential and Proprietary Protect
010 www.indusface.com | Indusface, Confidential and Proprietary Why Protect? Detection alone does not prevent attacks. • 8 in 10 ‘Critical’ level vulnerabilities remained unpatched for almost 175 days after detection • Patching web applications is a costly and time- consuming process. • 9 in 10 ‘High’ level vulnerabilities remained unpatched for 115 days after detection
011 www.indusface.com | Indusface, Confidential and Proprietary Logical Flaws Exploitation Trust Breach 3rd Party Application Risks Cloud Storage Risks Beyond Compliance Enterprises need to adopt more holistic, integrated security solutions that can continuously monitor and defend against emerging attacks Total Application Security (TAS), an integrated solution which can Detect, Protect and Monitor systems on a continuous basis 24X7. Beyond Compliance : Compliance should be a start point. It’s just a baseline security posture and organizations will need to look beyond that and develop a security trend on their own. Detection Isn’t Enough Logical Flaws Exploitation : Even average developers are getting aware of CSRF , XSS. Attackers are always looking into newer exploitation methods. Trust Breach : Shellshock and Heartbleed sho wed, how exploiting vulnerabilities in UNIX Bash Shell and OpenSSL cryptographic library can help breach into secure systems. Third-Party Application Risks: Complexities with web application security getting fierce. Cloud Storage Risks : More individuals and organizations will be shifting towards cloud computing, which also involves cloud- based web applications and their penetration risks.
012 www.indusface.com | Indusface, Confidential and Proprietary Existing Security Infrastructure Not Enough ! 100 days required on average to fix a serious vulnerability 75% attacks happen at the application layer “Expert tuning can mean the difference between a working defense layer and a technology that is just gathering dust and using up budget.” Wendy Nather, Feb. 2012 WAF Technology providers should offer “security-as-a-service” 55% of IT departments erroneously assume that having a strong Network Firewall is sufficient to make up for lack of a WAF DDoS Mitigation – Just Network DDoS is not enough to handle sophisticated application DDoS attacks
013 www.indusface.com | Indusface, Confidential and Proprietary Web Application Firewall Proactive web application protection through virtual patching without code change 1 Automated protection from exploitation of OWASP Top 10 vulnerabilities 2 Custom rules for business logic flaws by security experts 3 Zero False Positives to ensure genuine traffic remains unaffected 4 Compliance to Payment Card Industry’s (PCI) Requirement 6.6 5
014 www.indusface.com | Indusface, Confidential and Proprietary WAF Features Web Application Firewall Next – Generation Firewall Multiprotocol Security IP Reputation Web Attack Signatures Web Vulnerabilities Signatures Automatic Policy Learning URL, Parameter, Cookie & Form Protection Leverage Vulnerability Scan ResultsGood to very good Average or Fair Below Average
015 www.indusface.com | Indusface, Confidential and Proprietary Monitor
016 www.indusface.com | Indusface, Confidential and Proprietary Continuous Inspection for Monitoring provides in-depth data to identify and mitigate Distributed-Denial- of-Services attacks. 1 It helps improving detection and protection policies. 2 Real-time incidence monitoring, response and reporting ensures application security day in and day out. 3 Startups can take informed security decisions with actionable insights and not just random data feeds. 4 Proof-of-Exploitation demonstrating how hackers use vulnerabilities to attack. 5
017 www.indusface.com | Indusface, Confidential and Proprietary Proactive Learning with Analytics Analyzing and understanding patterns through machine fingerprints, IPs, payload and bot signatures Refining the process to strengthen overall security posture Integrating acquired knowledge to develop smarter detection and protection policies Studying WAF traffic data to identify attack attempts
018 www.indusface.com | Indusface, Confidential and Proprietary Detect Protect Monitor Web Application Security Process for Startups: • OWASP Vulnerabilities • Business Logic Flaws • Malware • OWASP Attacks • Business Logic Exploitation • Malware • DDoS Attacks • Rule Violation • False Positives
019 www.indusface.com | Indusface, Confidential and Proprietary Thank You For more information view www.indusface.com

Recommended

Manjula security for startups
Manjula security for startupsManjula security for startups
Manjula security for startups
Kesava Reddy
 
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Emrah Alpa, CISSP CEH CCSK
 
The 1st Step to Zero Trust: Asset Management for Cybersecurity
The 1st Step to Zero Trust: Asset Management for CybersecurityThe 1st Step to Zero Trust: Asset Management for Cybersecurity
The 1st Step to Zero Trust: Asset Management for Cybersecurity
nathan-axonius
 
Navigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesNavigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation Slides
Ivanti
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
centralohioissa
 
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
centralohioissa
 
Digital Transformation and Security for the Modern Business Part 1 – Finance
Digital Transformation and Security for the Modern Business Part 1 – FinanceDigital Transformation and Security for the Modern Business Part 1 – Finance
Digital Transformation and Security for the Modern Business Part 1 – Finance
Xenith Document Systems Ltd
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
centralohioissa
 

Recommended

Manjula security for startups
Manjula security for startupsManjula security for startups
Manjula security for startups
Kesava Reddy
 
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Emrah Alpa, CISSP CEH CCSK
 
The 1st Step to Zero Trust: Asset Management for Cybersecurity
The 1st Step to Zero Trust: Asset Management for CybersecurityThe 1st Step to Zero Trust: Asset Management for Cybersecurity
The 1st Step to Zero Trust: Asset Management for Cybersecurity
nathan-axonius
 
Navigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesNavigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation Slides
Ivanti
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
centralohioissa
 
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
centralohioissa
 
Digital Transformation and Security for the Modern Business Part 1 – Finance
Digital Transformation and Security for the Modern Business Part 1 – FinanceDigital Transformation and Security for the Modern Business Part 1 – Finance
Digital Transformation and Security for the Modern Business Part 1 – Finance
Xenith Document Systems Ltd
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
centralohioissa
 
Building Trust in Blockchain: How Blockchain Will Revolutionize Businesses in...
Building Trust in Blockchain: How Blockchain Will Revolutionize Businesses in...Building Trust in Blockchain: How Blockchain Will Revolutionize Businesses in...
Building Trust in Blockchain: How Blockchain Will Revolutionize Businesses in...
PECB
 
“Verify and never trust”: The Zero Trust Model of information security
“Verify and never trust”: The Zero Trust Model of information security“Verify and never trust”: The Zero Trust Model of information security
“Verify and never trust”: The Zero Trust Model of information security
Ahmed Banafa
 
Managing Identity without Boundaries
Managing Identity without BoundariesManaging Identity without Boundaries
Managing Identity without Boundaries
Ping Identity
 
How Zero Trust Makes the Mission Simple & Secure
How Zero Trust Makes the Mission Simple & SecureHow Zero Trust Makes the Mission Simple & Secure
How Zero Trust Makes the Mission Simple & Secure
scoopnewsgroup
 
Identiverse Zero Trust Customer Briefing, Identiverse 2019
Identiverse Zero Trust Customer Briefing, Identiverse 2019Identiverse Zero Trust Customer Briefing, Identiverse 2019
Identiverse Zero Trust Customer Briefing, Identiverse 2019
Identity Defined Security Alliance
 
NUS-ISS Learning Day 2019-Complying with new IoT cyber security guide
NUS-ISS Learning Day 2019-Complying with new IoT cyber security guideNUS-ISS Learning Day 2019-Complying with new IoT cyber security guide
NUS-ISS Learning Day 2019-Complying with new IoT cyber security guide
NUS-ISS
 
Compliance is a pit stop – your destination lies ahead
Compliance is a pit stop – your destination lies aheadCompliance is a pit stop – your destination lies ahead
Compliance is a pit stop – your destination lies ahead
IBM Security
 
Mobile App Security: Enterprise Checklist
Mobile App Security: Enterprise ChecklistMobile App Security: Enterprise Checklist
Mobile App Security: Enterprise Checklist
Jignesh Solanki
 
Clear and Present Danger
Clear and Present DangerClear and Present Danger
Clear and Present Danger
Ping Identity
 
Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!
centralohioissa
 
Cyber Security in The Cloud
Cyber Security in The CloudCyber Security in The Cloud
Cyber Security in The Cloud
PECB
 
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security MetricsJack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security Metrics
centralohioissa
 
Advantages Of Using Cyber Security Solution
Advantages Of Using Cyber Security SolutionAdvantages Of Using Cyber Security Solution
Advantages Of Using Cyber Security Solution
Cyber Infrastructure INC
 
Zero Trust Networks
Zero Trust NetworksZero Trust Networks
Zero Trust Networks
Practical Code, LLC
 
Lisa Guess - Embracing the Cloud
Lisa Guess - Embracing the CloudLisa Guess - Embracing the Cloud
Lisa Guess - Embracing the Cloud
centralohioissa
 
Cyber Security for Digital-Era
Cyber Security for Digital-EraCyber Security for Digital-Era
Cyber Security for Digital-Era
JK Tech
 
NUS-ISS Learning Day 2019-Software Platforms - Welcoming Unknown Enemies?
NUS-ISS Learning Day 2019-Software Platforms - Welcoming Unknown Enemies?NUS-ISS Learning Day 2019-Software Platforms - Welcoming Unknown Enemies?
NUS-ISS Learning Day 2019-Software Platforms - Welcoming Unknown Enemies?
NUS-ISS
 
Avoid These Top 15 IT Security Threats
Avoid These Top 15 IT Security ThreatsAvoid These Top 15 IT Security Threats
Avoid These Top 15 IT Security Threats
JumpCloud
 
Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?
centralohioissa
 
5 benefits that ai gives to cloud security venkat k - medium
5 benefits that ai gives to cloud security venkat k - medium5 benefits that ai gives to cloud security venkat k - medium
5 benefits that ai gives to cloud security venkat k - medium
usmsystem
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBsJyothi Satyanathan
 
Hybrid website security from Indusface
Hybrid website security from IndusfaceHybrid website security from Indusface
Hybrid website security from Indusface
Infosys
 

More Related Content

What's hot

Building Trust in Blockchain: How Blockchain Will Revolutionize Businesses in...
Building Trust in Blockchain: How Blockchain Will Revolutionize Businesses in...Building Trust in Blockchain: How Blockchain Will Revolutionize Businesses in...
Building Trust in Blockchain: How Blockchain Will Revolutionize Businesses in...
PECB
 
“Verify and never trust”: The Zero Trust Model of information security
“Verify and never trust”: The Zero Trust Model of information security“Verify and never trust”: The Zero Trust Model of information security
“Verify and never trust”: The Zero Trust Model of information security
Ahmed Banafa
 
Managing Identity without Boundaries
Managing Identity without BoundariesManaging Identity without Boundaries
Managing Identity without Boundaries
Ping Identity
 
How Zero Trust Makes the Mission Simple & Secure
How Zero Trust Makes the Mission Simple & SecureHow Zero Trust Makes the Mission Simple & Secure
How Zero Trust Makes the Mission Simple & Secure
scoopnewsgroup
 
Identiverse Zero Trust Customer Briefing, Identiverse 2019
Identiverse Zero Trust Customer Briefing, Identiverse 2019Identiverse Zero Trust Customer Briefing, Identiverse 2019
Identiverse Zero Trust Customer Briefing, Identiverse 2019
Identity Defined Security Alliance
 
NUS-ISS Learning Day 2019-Complying with new IoT cyber security guide
NUS-ISS Learning Day 2019-Complying with new IoT cyber security guideNUS-ISS Learning Day 2019-Complying with new IoT cyber security guide
NUS-ISS Learning Day 2019-Complying with new IoT cyber security guide
NUS-ISS
 
Compliance is a pit stop – your destination lies ahead
Compliance is a pit stop – your destination lies aheadCompliance is a pit stop – your destination lies ahead
Compliance is a pit stop – your destination lies ahead
IBM Security
 
Mobile App Security: Enterprise Checklist
Mobile App Security: Enterprise ChecklistMobile App Security: Enterprise Checklist
Mobile App Security: Enterprise Checklist
Jignesh Solanki
 
Clear and Present Danger
Clear and Present DangerClear and Present Danger
Clear and Present Danger
Ping Identity
 
Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!
centralohioissa
 
Cyber Security in The Cloud
Cyber Security in The CloudCyber Security in The Cloud
Cyber Security in The Cloud
PECB
 
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security MetricsJack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security Metrics
centralohioissa
 
Advantages Of Using Cyber Security Solution
Advantages Of Using Cyber Security SolutionAdvantages Of Using Cyber Security Solution
Advantages Of Using Cyber Security Solution
Cyber Infrastructure INC
 
Zero Trust Networks
Zero Trust NetworksZero Trust Networks
Zero Trust Networks
Practical Code, LLC
 
Lisa Guess - Embracing the Cloud
Lisa Guess - Embracing the CloudLisa Guess - Embracing the Cloud
Lisa Guess - Embracing the Cloud
centralohioissa
 
Cyber Security for Digital-Era
Cyber Security for Digital-EraCyber Security for Digital-Era
Cyber Security for Digital-Era
JK Tech
 
NUS-ISS Learning Day 2019-Software Platforms - Welcoming Unknown Enemies?
NUS-ISS Learning Day 2019-Software Platforms - Welcoming Unknown Enemies?NUS-ISS Learning Day 2019-Software Platforms - Welcoming Unknown Enemies?
NUS-ISS Learning Day 2019-Software Platforms - Welcoming Unknown Enemies?
NUS-ISS
 
Avoid These Top 15 IT Security Threats
Avoid These Top 15 IT Security ThreatsAvoid These Top 15 IT Security Threats
Avoid These Top 15 IT Security Threats
JumpCloud
 
Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?
centralohioissa
 
5 benefits that ai gives to cloud security venkat k - medium
5 benefits that ai gives to cloud security venkat k - medium5 benefits that ai gives to cloud security venkat k - medium
5 benefits that ai gives to cloud security venkat k - medium
usmsystem
 

What's hot (20)

Building Trust in Blockchain: How Blockchain Will Revolutionize Businesses in...
Building Trust in Blockchain: How Blockchain Will Revolutionize Businesses in...Building Trust in Blockchain: How Blockchain Will Revolutionize Businesses in...
Building Trust in Blockchain: How Blockchain Will Revolutionize Businesses in...
 
“Verify and never trust”: The Zero Trust Model of information security
“Verify and never trust”: The Zero Trust Model of information security“Verify and never trust”: The Zero Trust Model of information security
“Verify and never trust”: The Zero Trust Model of information security
 
Managing Identity without Boundaries
Managing Identity without BoundariesManaging Identity without Boundaries
Managing Identity without Boundaries
 
How Zero Trust Makes the Mission Simple & Secure
How Zero Trust Makes the Mission Simple & SecureHow Zero Trust Makes the Mission Simple & Secure
How Zero Trust Makes the Mission Simple & Secure
 
Identiverse Zero Trust Customer Briefing, Identiverse 2019
Identiverse Zero Trust Customer Briefing, Identiverse 2019Identiverse Zero Trust Customer Briefing, Identiverse 2019
Identiverse Zero Trust Customer Briefing, Identiverse 2019
 
NUS-ISS Learning Day 2019-Complying with new IoT cyber security guide
NUS-ISS Learning Day 2019-Complying with new IoT cyber security guideNUS-ISS Learning Day 2019-Complying with new IoT cyber security guide
NUS-ISS Learning Day 2019-Complying with new IoT cyber security guide
 
Compliance is a pit stop – your destination lies ahead
Compliance is a pit stop – your destination lies aheadCompliance is a pit stop – your destination lies ahead
Compliance is a pit stop – your destination lies ahead
 
Mobile App Security: Enterprise Checklist
Mobile App Security: Enterprise ChecklistMobile App Security: Enterprise Checklist
Mobile App Security: Enterprise Checklist
 
Clear and Present Danger
Clear and Present DangerClear and Present Danger
Clear and Present Danger
 
Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!
 
Cyber Security in The Cloud
Cyber Security in The CloudCyber Security in The Cloud
Cyber Security in The Cloud
 
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security MetricsJack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security Metrics
 
Advantages Of Using Cyber Security Solution
Advantages Of Using Cyber Security SolutionAdvantages Of Using Cyber Security Solution
Advantages Of Using Cyber Security Solution
 
Zero Trust Networks
Zero Trust NetworksZero Trust Networks
Zero Trust Networks
 
Lisa Guess - Embracing the Cloud
Lisa Guess - Embracing the CloudLisa Guess - Embracing the Cloud
Lisa Guess - Embracing the Cloud
 
Cyber Security for Digital-Era
Cyber Security for Digital-EraCyber Security for Digital-Era
Cyber Security for Digital-Era
 
NUS-ISS Learning Day 2019-Software Platforms - Welcoming Unknown Enemies?
NUS-ISS Learning Day 2019-Software Platforms - Welcoming Unknown Enemies?NUS-ISS Learning Day 2019-Software Platforms - Welcoming Unknown Enemies?
NUS-ISS Learning Day 2019-Software Platforms - Welcoming Unknown Enemies?
 
Avoid These Top 15 IT Security Threats
Avoid These Top 15 IT Security ThreatsAvoid These Top 15 IT Security Threats
Avoid These Top 15 IT Security Threats
 
Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?
 
5 benefits that ai gives to cloud security venkat k - medium
5 benefits that ai gives to cloud security venkat k - medium5 benefits that ai gives to cloud security venkat k - medium
5 benefits that ai gives to cloud security venkat k - medium
 

Similar to Info sec for startups

Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBsJyothi Satyanathan
 
Hybrid website security from Indusface
Hybrid website security from IndusfaceHybrid website security from Indusface
Hybrid website security from Indusface
Infosys
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
SecPod Technologies
 
Akamai Intelligent Edge Security
Akamai Intelligent Edge SecurityAkamai Intelligent Edge Security
Akamai Intelligent Edge Security
Akamai Technologies
 
The Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny HeaberlinThe Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny Heaberlin
Cloud Expo
 
Forcepoint Corporate Presentation_Short.pptx
Forcepoint Corporate Presentation_Short.pptxForcepoint Corporate Presentation_Short.pptx
Forcepoint Corporate Presentation_Short.pptx
caesar92
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)Norm Barber
 
Top 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdfTop 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdf
SolviosTechnology
 
Top 8 Cloud Computing Security Challenges.pptx
Top 8 Cloud Computing Security Challenges.pptxTop 8 Cloud Computing Security Challenges.pptx
Top 8 Cloud Computing Security Challenges.pptx
BluechipComputerSyst
 
EDR - Cehckpoint CPX 2024 Harmony Endpoint.pptx
EDR - Cehckpoint CPX 2024 Harmony Endpoint.pptxEDR - Cehckpoint CPX 2024 Harmony Endpoint.pptx
EDR - Cehckpoint CPX 2024 Harmony Endpoint.pptx
AldoPalominoBravo
 
Why Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughWhy Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t Enough
Imperva
 
Presentation Flow Part A – The Challenge
Presentation Flow Part A – The ChallengePresentation Flow Part A – The Challenge
Presentation Flow Part A – The Challengewebhostingguy
 
Presentation Flow Part A – The Challenge
Presentation Flow Part A – The ChallengePresentation Flow Part A – The Challenge
Presentation Flow Part A – The Challengewebhostingguy
 
iViZ Security : On Demand Penetration Testing
iViZ Security : On Demand Penetration TestingiViZ Security : On Demand Penetration Testing
iViZ Security : On Demand Penetration Testing
iViZ Techno Solutions
 
Segurdad de red para la generacion de la nube symantec
Segurdad de red para la generacion de la nube symantecSegurdad de red para la generacion de la nube symantec
Segurdad de red para la generacion de la nube symantec
CSA Argentina
 
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 sucesuminas
 
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataBridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical Data
IBM Security
 
Aalto cyber-10.4.18
Aalto cyber-10.4.18Aalto cyber-10.4.18
Aalto cyber-10.4.18
japijapi
 
Data security in cloud
Data security in cloudData security in cloud
Data security in cloudInterop
 

Similar to Info sec for startups (20)

Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBs
 
Hybrid website security from Indusface
Hybrid website security from IndusfaceHybrid website security from Indusface
Hybrid website security from Indusface
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
 
Akamai Intelligent Edge Security
Akamai Intelligent Edge SecurityAkamai Intelligent Edge Security
Akamai Intelligent Edge Security
 
The Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny HeaberlinThe Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny Heaberlin
 
Forcepoint Corporate Presentation_Short.pptx
Forcepoint Corporate Presentation_Short.pptxForcepoint Corporate Presentation_Short.pptx
Forcepoint Corporate Presentation_Short.pptx
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
 
Top 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdfTop 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdf
 
Top 8 Cloud Computing Security Challenges.pptx
Top 8 Cloud Computing Security Challenges.pptxTop 8 Cloud Computing Security Challenges.pptx
Top 8 Cloud Computing Security Challenges.pptx
 
EDR - Cehckpoint CPX 2024 Harmony Endpoint.pptx
EDR - Cehckpoint CPX 2024 Harmony Endpoint.pptxEDR - Cehckpoint CPX 2024 Harmony Endpoint.pptx
EDR - Cehckpoint CPX 2024 Harmony Endpoint.pptx
 
Why Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughWhy Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t Enough
 
Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?
 
Presentation Flow Part A – The Challenge
Presentation Flow Part A – The ChallengePresentation Flow Part A – The Challenge
Presentation Flow Part A – The Challenge
 
Presentation Flow Part A – The Challenge
Presentation Flow Part A – The ChallengePresentation Flow Part A – The Challenge
Presentation Flow Part A – The Challenge
 
iViZ Security : On Demand Penetration Testing
iViZ Security : On Demand Penetration TestingiViZ Security : On Demand Penetration Testing
iViZ Security : On Demand Penetration Testing
 
Segurdad de red para la generacion de la nube symantec
Segurdad de red para la generacion de la nube symantecSegurdad de red para la generacion de la nube symantec
Segurdad de red para la generacion de la nube symantec
 
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
 
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataBridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical Data
 
Aalto cyber-10.4.18
Aalto cyber-10.4.18Aalto cyber-10.4.18
Aalto cyber-10.4.18
 
Data security in cloud
Data security in cloudData security in cloud
Data security in cloud
 

More from Kesava Reddy

The Effectual Way of Starting A Startup.
The Effectual Way of Starting A Startup.The Effectual Way of Starting A Startup.
The Effectual Way of Starting A Startup.
Kesava Reddy
 
EMPLOYEE TO ENTREPRNEUR : Prepare to Plunge
EMPLOYEE TO ENTREPRNEUR : Prepare to PlungeEMPLOYEE TO ENTREPRNEUR : Prepare to Plunge
EMPLOYEE TO ENTREPRNEUR : Prepare to Plunge
Kesava Reddy
 
Digital Marketing For Startups By VENUGOPAL GANGANNA, CEO at Langoor Digital
Digital Marketing For Startups By VENUGOPAL GANGANNA, CEO at Langoor DigitalDigital Marketing For Startups By VENUGOPAL GANGANNA, CEO at Langoor Digital
Digital Marketing For Startups By VENUGOPAL GANGANNA, CEO at Langoor Digital
Kesava Reddy
 
Marketing & Branding for Startups
Marketing & Branding for StartupsMarketing & Branding for Startups
Marketing & Branding for Startups
Kesava Reddy
 
Marketing For Startups
Marketing For StartupsMarketing For Startups
Marketing For Startups
Kesava Reddy
 
2016 cloudnine iimb startup 7
2016 cloudnine iimb startup 72016 cloudnine iimb startup 7
2016 cloudnine iimb startup 7
Kesava Reddy
 
Lean for startup IIMB NSRCEL
Lean for startup IIMB NSRCEL Lean for startup IIMB NSRCEL
Lean for startup IIMB NSRCEL
Kesava Reddy
 
Iimb 4startups appknox
Iimb 4startups appknoxIimb 4startups appknox
Iimb 4startups appknox
Kesava Reddy
 
Saas aroundio-iimb
Saas aroundio-iimbSaas aroundio-iimb
Saas aroundio-iimb
Kesava Reddy
 
hiver
hiverhiver
hiver
Kesava Reddy
 
Botmetric iim preso may 7v2
Botmetric iim preso may 7v2Botmetric iim preso may 7v2
Botmetric iim preso may 7v2
Kesava Reddy
 
Ask primer
Ask primerAsk primer
Ask primer
Kesava Reddy
 
Effectual funding
Effectual fundingEffectual funding
Effectual funding
Kesava Reddy
 
Cloud for-startup
Cloud for-startupCloud for-startup
Cloud for-startup
Kesava Reddy
 
Pitching4 startups oct 2015 nbd 01
Pitching4 startups oct 2015 nbd 01Pitching4 startups oct 2015 nbd 01
Pitching4 startups oct 2015 nbd 01
Kesava Reddy
 
Pitching4 startups
Pitching4 startups Pitching4 startups
Pitching4 startups
Kesava Reddy
 
Decoding Term Sheet by N. Srikanth of Veda Corporate Advisors
Decoding Term Sheet by N. Srikanth of Veda Corporate AdvisorsDecoding Term Sheet by N. Srikanth of Veda Corporate Advisors
Decoding Term Sheet by N. Srikanth of Veda Corporate Advisors
Kesava Reddy
 
Term Sheets – Legal Issues By Ms. Neela Badami of Samvaad Ventures
Term Sheets – Legal Issues By Ms. Neela Badami of Samvaad VenturesTerm Sheets – Legal Issues By Ms. Neela Badami of Samvaad Ventures
Term Sheets – Legal Issues By Ms. Neela Badami of Samvaad Ventures
Kesava Reddy
 
Valuation for startups by Parag Dhol of Inventus Capital @ NSRCEL of IIMB
Valuation for startups by Parag Dhol of Inventus Capital @ NSRCEL of IIMBValuation for startups by Parag Dhol of Inventus Capital @ NSRCEL of IIMB
Valuation for startups by Parag Dhol of Inventus Capital @ NSRCEL of IIMBKesava Reddy
 
Stock based compensations design for startups
Stock based compensations design for startupsStock based compensations design for startups
Stock based compensations design for startups
Kesava Reddy
 

More from Kesava Reddy (20)

The Effectual Way of Starting A Startup.
The Effectual Way of Starting A Startup.The Effectual Way of Starting A Startup.
The Effectual Way of Starting A Startup.
 
EMPLOYEE TO ENTREPRNEUR : Prepare to Plunge
EMPLOYEE TO ENTREPRNEUR : Prepare to PlungeEMPLOYEE TO ENTREPRNEUR : Prepare to Plunge
EMPLOYEE TO ENTREPRNEUR : Prepare to Plunge
 
Digital Marketing For Startups By VENUGOPAL GANGANNA, CEO at Langoor Digital
Digital Marketing For Startups By VENUGOPAL GANGANNA, CEO at Langoor DigitalDigital Marketing For Startups By VENUGOPAL GANGANNA, CEO at Langoor Digital
Digital Marketing For Startups By VENUGOPAL GANGANNA, CEO at Langoor Digital
 
Marketing & Branding for Startups
Marketing & Branding for StartupsMarketing & Branding for Startups
Marketing & Branding for Startups
 
Marketing For Startups
Marketing For StartupsMarketing For Startups
Marketing For Startups
 
2016 cloudnine iimb startup 7
2016 cloudnine iimb startup 72016 cloudnine iimb startup 7
2016 cloudnine iimb startup 7
 
Lean for startup IIMB NSRCEL
Lean for startup IIMB NSRCEL Lean for startup IIMB NSRCEL
Lean for startup IIMB NSRCEL
 
Iimb 4startups appknox
Iimb 4startups appknoxIimb 4startups appknox
Iimb 4startups appknox
 
Saas aroundio-iimb
Saas aroundio-iimbSaas aroundio-iimb
Saas aroundio-iimb
 
hiver
hiverhiver
hiver
 
Botmetric iim preso may 7v2
Botmetric iim preso may 7v2Botmetric iim preso may 7v2
Botmetric iim preso may 7v2
 
Ask primer
Ask primerAsk primer
Ask primer
 
Effectual funding
Effectual fundingEffectual funding
Effectual funding
 
Cloud for-startup
Cloud for-startupCloud for-startup
Cloud for-startup
 
Pitching4 startups oct 2015 nbd 01
Pitching4 startups oct 2015 nbd 01Pitching4 startups oct 2015 nbd 01
Pitching4 startups oct 2015 nbd 01
 
Pitching4 startups
Pitching4 startups Pitching4 startups
Pitching4 startups
 
Decoding Term Sheet by N. Srikanth of Veda Corporate Advisors
Decoding Term Sheet by N. Srikanth of Veda Corporate AdvisorsDecoding Term Sheet by N. Srikanth of Veda Corporate Advisors
Decoding Term Sheet by N. Srikanth of Veda Corporate Advisors
 
Term Sheets – Legal Issues By Ms. Neela Badami of Samvaad Ventures
Term Sheets – Legal Issues By Ms. Neela Badami of Samvaad VenturesTerm Sheets – Legal Issues By Ms. Neela Badami of Samvaad Ventures
Term Sheets – Legal Issues By Ms. Neela Badami of Samvaad Ventures
 
Valuation for startups by Parag Dhol of Inventus Capital @ NSRCEL of IIMB
Valuation for startups by Parag Dhol of Inventus Capital @ NSRCEL of IIMBValuation for startups by Parag Dhol of Inventus Capital @ NSRCEL of IIMB
Valuation for startups by Parag Dhol of Inventus Capital @ NSRCEL of IIMB
 
Stock based compensations design for startups
Stock based compensations design for startupsStock based compensations design for startups
Stock based compensations design for startups
 

Recently uploaded

Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)
Lviv Startup Club
 
LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024
Lital Barkan
 
Attending a job Interview for B1 and B2 Englsih learners
Attending a job Interview for B1 and B2 Englsih learnersAttending a job Interview for B1 and B2 Englsih learners
Attending a job Interview for B1 and B2 Englsih learners
Erika906060
 
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
taqyed
 
Unveiling the Secrets How Does Generative AI Work.pdf
Unveiling the Secrets How Does Generative AI Work.pdfUnveiling the Secrets How Does Generative AI Work.pdf
Unveiling the Secrets How Does Generative AI Work.pdf
Sam H
 
April 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products NewsletterApril 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products Newsletter
NathanBaughman3
 
VAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and RequirementsVAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and Requirements
uae taxgpt
 
Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...
dylandmeas
 
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-indiafalcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
Falcon Invoice Discounting
 
Business Valuation Principles for Entrepreneurs
Business Valuation Principles for EntrepreneursBusiness Valuation Principles for Entrepreneurs
Business Valuation Principles for Entrepreneurs
Ben Wann
 
Brand Analysis for an artist named Struan
Brand Analysis for an artist named StruanBrand Analysis for an artist named Struan
Brand Analysis for an artist named Struan
sarahvanessa51503
 
Exploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social DreamingExploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social Dreaming
Nicola Wreford-Howard
 
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdfMeas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
dylandmeas
 
CADAVER AS OUR FIRST TEACHER anatomt in your.pptx
CADAVER AS OUR FIRST TEACHER anatomt in your.pptxCADAVER AS OUR FIRST TEACHER anatomt in your.pptx
CADAVER AS OUR FIRST TEACHER anatomt in your.pptx
fakeloginn69
 
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s DholeraTata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Avirahi City Dholera
 
Kseniya Leshchenko: Shared development support service model as the way to ma...
Kseniya Leshchenko: Shared development support service model as the way to ma...Kseniya Leshchenko: Shared development support service model as the way to ma...
Kseniya Leshchenko: Shared development support service model as the way to ma...
Lviv Startup Club
 
The Parable of the Pipeline a book every new businessman or business student ...
The Parable of the Pipeline a book every new businessman or business student ...The Parable of the Pipeline a book every new businessman or business student ...
The Parable of the Pipeline a book every new businessman or business student ...
awaisafdar
 
Digital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and TemplatesDigital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and Templates
Aurelien Domont, MBA
 
Sustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & EconomySustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & Economy
Operational Excellence Consulting
 
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdfikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
agatadrynko
 

Recently uploaded (20)

Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)
 
LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024
 
Attending a job Interview for B1 and B2 Englsih learners
Attending a job Interview for B1 and B2 Englsih learnersAttending a job Interview for B1 and B2 Englsih learners
Attending a job Interview for B1 and B2 Englsih learners
 
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
 
Unveiling the Secrets How Does Generative AI Work.pdf
Unveiling the Secrets How Does Generative AI Work.pdfUnveiling the Secrets How Does Generative AI Work.pdf
Unveiling the Secrets How Does Generative AI Work.pdf
 
April 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products NewsletterApril 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products Newsletter
 
VAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and RequirementsVAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and Requirements
 
Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...
 
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-indiafalcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
 
Business Valuation Principles for Entrepreneurs
Business Valuation Principles for EntrepreneursBusiness Valuation Principles for Entrepreneurs
Business Valuation Principles for Entrepreneurs
 
Brand Analysis for an artist named Struan
Brand Analysis for an artist named StruanBrand Analysis for an artist named Struan
Brand Analysis for an artist named Struan
 
Exploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social DreamingExploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social Dreaming
 
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdfMeas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
 
CADAVER AS OUR FIRST TEACHER anatomt in your.pptx
CADAVER AS OUR FIRST TEACHER anatomt in your.pptxCADAVER AS OUR FIRST TEACHER anatomt in your.pptx
CADAVER AS OUR FIRST TEACHER anatomt in your.pptx
 
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s DholeraTata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
 
Kseniya Leshchenko: Shared development support service model as the way to ma...
Kseniya Leshchenko: Shared development support service model as the way to ma...Kseniya Leshchenko: Shared development support service model as the way to ma...
Kseniya Leshchenko: Shared development support service model as the way to ma...
 
The Parable of the Pipeline a book every new businessman or business student ...
The Parable of the Pipeline a book every new businessman or business student ...The Parable of the Pipeline a book every new businessman or business student ...
The Parable of the Pipeline a book every new businessman or business student ...
 
Digital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and TemplatesDigital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and Templates
 
Sustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & EconomySustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & Economy
 
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdfikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
 

Info sec for startups

  • 1. 01 www.indusface.com | Indusface, Confidential and Proprietary InfoSec for StartupsPresented by Venkatesh Sundar, CTO, Indusface
  • 2. 02 www.indusface.com | Indusface, Confidential and Proprietary The Importance of Information Security Loss of customer database, credit card details, financial disruption and defacement are only few of the disasters that application layer hacking brings. Little or no application security assistance for start- ups in India 75% security breaches happen at the application layer: Gartner of these 10recent start-up Hacking incidences in ecommerce, online song portals, taxi-for- hire services and other sectors.
  • 3. 03 www.indusface.com | Indusface, Confidential and Proprietary Total Application Security Concept
  • 4. 04 www.indusface.com | Indusface, Confidential and Proprietary Detect
  • 5. 05 www.indusface.com | Indusface, Confidential and Proprietary Detection Challenges Web applications are critical to online business processes. 1 Web applications have become increasingly complex, having tremendous amounts of sensitive data which can be used in unexpected ways, abused, stolen, and attacked. 2 Increasing threats, regulations, and the changing IT landscape has made dynamic software security testing important. 3 Vulnerabilities in applications lead to security breaches, which are a threat to brand reputation. 4 There are complex business logic flaws that are specific to application process and cannot be detected automatically. 5
  • 6. 06 www.indusface.com | Indusface, Confidential and Proprietary Comprehensive Application Testing Combining automated and human intelligence to test web applications during and after development. 1 Automated detection and reporting of underlying weaknesses as listed by the Open Web Application Security Project. 2 Manual penetration testing of web application by experts to find flaws specific to business logics. 3 Continuous scanning for malware and other bugs. 4 Inspection of spammy changes on the website that could lead to blacklisting and defacement. 5
  • 7. 07 www.indusface.com | Indusface, Confidential and Proprietary Security in Software Development Processes An effective Secure Development Life Cycle program: Implementation of a Secure Development Life Cycle (SDLC) program ensures that security is inherent in good enterprise software design and development, not an afterthought later in production. • Designs security imperatives from the beginning of development process. • Sets up checkpoints, during the build and test process. • Releases nothing to production until security standards are met, as a matter of policy.
  • 8. 08 www.indusface.com | Indusface, Confidential and Proprietary Map Security & Privacy Requirements Threat Modeling Security Design Review Static Analysis Peer Review Security Test Cases Dynamic Analysis Final Security Review Application Security Monitoring Requirements Design Development Test Deployment SDLC Process Flow
  • 9. 09 www.indusface.com | Indusface, Confidential and Proprietary Protect
  • 10. 010 www.indusface.com | Indusface, Confidential and Proprietary Why Protect? Detection alone does not prevent attacks. • 8 in 10 ‘Critical’ level vulnerabilities remained unpatched for almost 175 days after detection • Patching web applications is a costly and time- consuming process. • 9 in 10 ‘High’ level vulnerabilities remained unpatched for 115 days after detection
  • 11. 011 www.indusface.com | Indusface, Confidential and Proprietary Logical Flaws Exploitation Trust Breach 3rd Party Application Risks Cloud Storage Risks Beyond Compliance Enterprises need to adopt more holistic, integrated security solutions that can continuously monitor and defend against emerging attacks Total Application Security (TAS), an integrated solution which can Detect, Protect and Monitor systems on a continuous basis 24X7. Beyond Compliance : Compliance should be a start point. It’s just a baseline security posture and organizations will need to look beyond that and develop a security trend on their own. Detection Isn’t Enough Logical Flaws Exploitation : Even average developers are getting aware of CSRF , XSS. Attackers are always looking into newer exploitation methods. Trust Breach : Shellshock and Heartbleed sho wed, how exploiting vulnerabilities in UNIX Bash Shell and OpenSSL cryptographic library can help breach into secure systems. Third-Party Application Risks: Complexities with web application security getting fierce. Cloud Storage Risks : More individuals and organizations will be shifting towards cloud computing, which also involves cloud- based web applications and their penetration risks.
  • 12. 012 www.indusface.com | Indusface, Confidential and Proprietary Existing Security Infrastructure Not Enough ! 100 days required on average to fix a serious vulnerability 75% attacks happen at the application layer “Expert tuning can mean the difference between a working defense layer and a technology that is just gathering dust and using up budget.” Wendy Nather, Feb. 2012 WAF Technology providers should offer “security-as-a-service” 55% of IT departments erroneously assume that having a strong Network Firewall is sufficient to make up for lack of a WAF DDoS Mitigation – Just Network DDoS is not enough to handle sophisticated application DDoS attacks
  • 13. 013 www.indusface.com | Indusface, Confidential and Proprietary Web Application Firewall Proactive web application protection through virtual patching without code change 1 Automated protection from exploitation of OWASP Top 10 vulnerabilities 2 Custom rules for business logic flaws by security experts 3 Zero False Positives to ensure genuine traffic remains unaffected 4 Compliance to Payment Card Industry’s (PCI) Requirement 6.6 5
  • 14. 014 www.indusface.com | Indusface, Confidential and Proprietary WAF Features Web Application Firewall Next – Generation Firewall Multiprotocol Security IP Reputation Web Attack Signatures Web Vulnerabilities Signatures Automatic Policy Learning URL, Parameter, Cookie & Form Protection Leverage Vulnerability Scan ResultsGood to very good Average or Fair Below Average
  • 15. 015 www.indusface.com | Indusface, Confidential and Proprietary Monitor
  • 16. 016 www.indusface.com | Indusface, Confidential and Proprietary Continuous Inspection for Monitoring provides in-depth data to identify and mitigate Distributed-Denial- of-Services attacks. 1 It helps improving detection and protection policies. 2 Real-time incidence monitoring, response and reporting ensures application security day in and day out. 3 Startups can take informed security decisions with actionable insights and not just random data feeds. 4 Proof-of-Exploitation demonstrating how hackers use vulnerabilities to attack. 5
  • 17. 017 www.indusface.com | Indusface, Confidential and Proprietary Proactive Learning with Analytics Analyzing and understanding patterns through machine fingerprints, IPs, payload and bot signatures Refining the process to strengthen overall security posture Integrating acquired knowledge to develop smarter detection and protection policies Studying WAF traffic data to identify attack attempts
  • 18. 018 www.indusface.com | Indusface, Confidential and Proprietary Detect Protect Monitor Web Application Security Process for Startups: • OWASP Vulnerabilities • Business Logic Flaws • Malware • OWASP Attacks • Business Logic Exploitation • Malware • DDoS Attacks • Rule Violation • False Positives
  • 19. 019 www.indusface.com | Indusface, Confidential and Proprietary Thank You For more information view www.indusface.com