New Synopsys research uncovers security&#x27;s biggest challenges

Intronis MSP Solutions by Barracuda

Infographic: 5 Tips for Approaching Customers About Cloud Security

Cyber security zips to the forefront when data breaches impact large corporations, but in fact 81% of all data breaches happen to small businesses. If your customers have not been breached then you still have time to protect them, but what is the best way to approach a customer about this growing threat? And how can you evaluate their current level of security? Use these five tips to prepare for cyber security conversations that will protect your customers and grow your data protection business. Learn more at http://www.intronis.com/security

(ISC)2 Auckland Chapter Survey Results 2019

Chris Hails

Rules and Regulations for a Fresh Start of 2018

techexpert2345

Infographic 2014 smart_grid_cybersecurity_survey_smart_modular_technologies_z...

Massimiliano Mandolini

The document summarizes the results of a 2014 cybersecurity survey of the smart grid. It found that over 70% of respondents viewed security as a big or very big problem currently and in the next five years. Respondents rated power outages, system failures, and power flow disruption as the highest consequence events. To remedy security concerns, respondents believed government standards and legal ramifications would be most effective. Over half felt the grid was only slightly prepared or not prepared at all for security threats. Most organizations planned to invest less than $5 million in cybersecurity technologies in the next year, with the largest investments going to distribution automation and advanced metering infrastructure.

Data breaches are still a significant issue, with total breaches increasing 23% from 2013 to 2014. Ransomware attacks also grew significantly in 2014. Consumer attitudes toward data privacy are weakening information protection strategies, as many people are willing to share private information for free apps without understanding how their data will be used. The report discusses these trends in data breaches and privacy, and provides tips for improving defenses such as using security intelligence, preparing for breaches, developing layered defenses, and educating staff on data privacy.

Flipping the Script & Changing the Game in Cyber

scoopnewsgroup

This document discusses a new approach to cybersecurity as perimeter security becomes less effective. It summarizes that: 1) While security investments are increasing, the costs of breaches are rising faster. 2) The document proposes integrating cyber hygiene practices like patching and encryption across secure infrastructure, devices, networks, and storage to reduce the attack surface and build situational awareness. 3) It also suggests rationalizing the crowded cybersecurity solution ecosystem and using the hypervisor to enforce the intended secure state of workloads through learning, locking, and adapting techniques.

To Catch a Phish, or: Why You Must Automate Email Security

Catherine Arizan

MobileSecurityInfographic_v3

Carlos Villafane

A 2015 survey by SOTI found that 53% of enterprises did not have a mobile strategy, while 47% did. SOTI provides enterprise mobility management solutions to help companies securely extend mobility throughout their organizations. The survey also found that employees were putting companies at risk by using public Wi-Fi for corporate devices, storing work files in consumer cloud services, and sharing work documents personally without permission.

NTXISSACSC3 - Removing the Snake Oil from Your Security Program by Jim Broome

The document is a presentation about removing snake oil from security programs. It discusses DirectDefense, a security services company founded in 2011 that offers assessments for networks, platforms, and applications. The presentation focuses on how attack methods have evolved from directly targeting users to targeting applications and vulnerabilities in unpatched systems and misconfigurations. It emphasizes the importance of effective security strategies and avoiding warranties.

Outpost24 webinar - A day in the life of an information security professional

The document discusses the importance of a full stack cyber security approach from an information security professional's perspective. It recommends scanning both external and internal networks as the first and second lines of defense, similar to an airbag and seatbelt in a car. The document also provides an overview of a product demo for a network security workflow automation tool that allows for discovery scanning, dynamic asset management, risk prioritization, and flexible reporting.

The Top 7 Causes of Major Security Breaches

Kaseya

In these times where North American companies are under constant cyber-attack, can you afford to underestimate the disaster that a security breach could cause on your organization? Your organization's leadership has entrusted your team with the company's cyber security, and this includes ensuring that user data is safe and their productivity isn't compromised. Join our panel of experts (Alex Brandt, who brings 19 years of hands-on expertise in the IT space, and Cynthia James, a security expert with over 25 years in the industry) as they discuss the 7 biggest reasons that business security gets compromised (and what you can do about it). These include: The threat of increased employee mobility Managing BYOD Perimeter-less networks The best way to reduce human error And MUCH more... Stick around until the end and gain the visibility you need to uncover security holes before they become major disasters and put your organization and (even worse) your job at risk.

Pharos Security Solution

Pharos Security

Outpost24 Webinar - Creating a sustainable application security program to dr...

Threat Lab and Creating a Need for Layered Security

Purdicom

Jon-Marc Wilkinson presented on the need for layered security approaches based on trends from WatchGuard's Threat Lab. The lab analyzes global attack trends seen in the Firebox feed. Personalized email phishing and sextortion campaigns were highlighted as growing threats. WatchGuard offers a suite of security services through its Firebox products to provide intrusion prevention, antivirus, anti-phishing, and other protections. Dimension was presented as a tool to help partners create their own threat labs and add value. The key takeaways were that the Threat Lab forms the basis for sales, WatchGuard provides a full security platform, and Dimension enhances partner value.

Выдержит ли ваш бизнес натиск ransomware?

Positive Hack Days

Вы разрабатываете программу непрерывности бизнеса и экстренного восстановления, планируете, как будете справляться с пожаром, сбоями питания или стихийными бедствиями. Но внезапно в вашу сеть попадает шифровальщик-вымогатель, и, возможно, каждую секунду вы теряете доступность своих активов, а вместе с ними и данные. Докладчик расскажет о том, почему угрозу шифровальщиков стоит рассматривать в контексте непрерывности бизнеса и как справляться с уже произошедшим инцидентом и минимизировать его последствия.

EMA Network Security Survey Findings (SEP 2016)

Outpost24 webinar - Busting the myths of cloud security

Outpost24 Webinar - Common wireless security threats and how to avoid them

How to adapt to the IOT

Information Security Professionals are fast realizing that they are facing new challenges: 1) How do I strategize, budget, & execute today for a world that I can’t even imagine five years from now? 2) How do I sleep at night when after 99 successes, one small miscalculation could put my name on the front page of the Wall Street Journal or the headline of the Drudge Report? 3) Now that the guys in the high-back chairs in the corner offices want to invite me to their meetings, how do I put all this craziness into words that they can understand? In this fast changing world, let’s be honest, the pocketbooks have opened & IT Security is getting the funds <<yea>> & the attention <<boo>> that we need. The bottom line? You’ll leave this discussion with four or five things you can do that will keep you on the road to those 99 successes while making that story above the fold a little less likely.

How to adapt to the IoT

National Retail Federation

This document discusses how to adapt security frameworks for the Internet of Things (IoT). It begins by defining IoT and providing examples of past IoT security incidents. It then discusses how IoT will change security and potential risks and exposures. The document outlines building a risk model for IoT by defining use cases, identifying impacts and vulnerabilities, and evolving threats. It stresses securing diverse IoT devices and rethinking security strategies. The document concludes by providing actions organizations can take over the next week, 90 days and year to prepare security frameworks for IoT.

Digital crimescene emv_update_nrfprotect17_skipmyersbethprovenzano_final061217

This document discusses card-not-present fraud and the digital crime scene. It provides an overview of EMV certification for retailers, noting that the process can take 6 months or longer for many. While retailers wait for certification, they face liability if a chip card is used at a magnetic stripe reader. The document then shifts to discussing developing a crime scene mindset when investigating digital crimes. Key elements of a digital crime scene like device fingerprints, email addresses, and payment types are examined. Methods like reverse engineering fraud analysis and linking virtual evidence are presented as ways to understand the digital crime scene and connect evidence to bad actors.

EMA Network Security Survey and Recommendations

Five steps to achieving hipaa compliance

Anita Jones

The document outlines five steps to achieving Health Insurance Portability and Accountability Act (HIPAA) compliance: 1. Complete a risk assessment to identify vulnerabilities and design a compliance plan. 2. Collaborate with stakeholders across departments to develop appropriate privacy and security standards and prevent non-compliance. 3. Craft comprehensive policies that reflect HIPAA regulations and address required and addressable specifications. 4. Review purchases of IT and medical equipment from a risk management perspective to ensure security standards are met. 5. Develop a culture of accountability where departments collaborate to maintain compliance and address issues.

NTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy

Jon Murphy, National Practice Lead, AOS Top 10 Trends for 2015 in Information Tech Risk Management ITRM is more than merely security hardware and apps under the control of an overworked network admin. It is strategic and tactical process, technology, and people in various roles and levels working collaboratively to protect vital organizational assets like data, information, ability to delivery timely, and reputation. Organizations need continuous, current, Actionable InsightSM about probable sources of majorly impactful risks and threats. Then and only then are they adequately prepared to make the smartest investments in continuing education, process improvement, and procedures for the proper use of the right technology for their situation. This multi-media, interactive presentation will cover the current top trends for 2015 in ITRM and that Actionable InsightSM - what your organization can and should do about likely and impactful IT risks and vulnerabilities.

Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...

Mobile and Internet of Things (IoT) applications continue to be released at a rapid pace. But organizations’ rush-to-release of new applications to meet rapidly-evolving user demand can jeopardize the applications’ level of security protection. View these slides from our January 18th webinar, where Larry Ponemon from the Ponemon Institute, Arxan Technologies and IBM Security review findings from our brand-new mobile & IoT application security study.

Mobile Security: Perceptions vs Device-harvested Reality

Zimperium

What's hot

3 Perspectives Around Data Breaches

Symantec

Flipping the Script & Changing the Game in Cyber

scoopnewsgroup

To Catch a Phish, or: Why You Must Automate Email Security

Catherine Arizan

MobileSecurityInfographic_v3

Carlos Villafane

NTXISSACSC3 - Removing the Snake Oil from Your Security Program by Jim Broome

Outpost24 webinar - A day in the life of an information security professional

The Top 7 Causes of Major Security Breaches

Kaseya

Pharos Security Solution

Pharos Security

Outpost24 Webinar - Creating a sustainable application security program to dr...

Threat Lab and Creating a Need for Layered Security

Purdicom

Выдержит ли ваш бизнес натиск ransomware?

Positive Hack Days

EMA Network Security Survey Findings (SEP 2016)

Outpost24 webinar - Busting the myths of cloud security

Outpost24 Webinar - Common wireless security threats and how to avoid them

How to adapt to the IOT

How to adapt to the IoT

National Retail Federation

Digital crimescene emv_update_nrfprotect17_skipmyersbethprovenzano_final061217

EMA Network Security Survey and Recommendations

Five steps to achieving hipaa compliance

Anita Jones

NTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy

What's hot (20)

3 Perspectives Around Data Breaches

Flipping the Script & Changing the Game in Cyber

To Catch a Phish, or: Why You Must Automate Email Security

MobileSecurityInfographic_v3

NTXISSACSC3 - Removing the Snake Oil from Your Security Program by Jim Broome

Outpost24 webinar - A day in the life of an information security professional

The Top 7 Causes of Major Security Breaches

Pharos Security Solution

Outpost24 Webinar - Creating a sustainable application security program to dr...

Threat Lab and Creating a Need for Layered Security

Выдержит ли ваш бизнес натиск ransomware?

EMA Network Security Survey Findings (SEP 2016)

Outpost24 webinar - Busting the myths of cloud security

Outpost24 Webinar - Common wireless security threats and how to avoid them

How to adapt to the IOT

How to adapt to the IoT

Digital crimescene emv_update_nrfprotect17_skipmyersbethprovenzano_final061217

EMA Network Security Survey and Recommendations

Five steps to achieving hipaa compliance

NTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy

Similar to New Synopsys research uncovers security's biggest challenges

Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...

Mobile Security: Perceptions vs Device-harvested Reality

Zimperium

Sécurité Mobile : Votre Entreprise est-elle préparée pour 2020?

AGILLY

Bonjour, Nous avons pensé que ce webinar devrait vous intéresser. Comment la mobilité, l'Internet des objets et l'intelligence artificielle vont impacter la votre transformation digitale. Toutes les entreprises modernes s'activent pour accélérer leur transformation numérique, mettant une pression immense sur les responsables informatiques pour la réalisation de projets nouveaux et ambitieux. Cela arrive à un moment où les équipes informatique et de sécurité sont invitées à s'intégrer davantage. Pendant ce temps, la travail quotidien de la gestion des utilisateurs, des appareils, des applications et du contenu devient plus encombrant. Revivez ce webinar qui présente sur l'étude Forrester, basée sur la contribution de 556 professionnels de l'IT. Découvrez ce que l'avenir réserve pour mobilité, les terminaux et l'IoT en 2020: Quel équipe IT sera responsable de la sécurisation de l'IoT? Combien de systèmes seront nécessaires pour gérer les terminaux du futur? Dans quelle mesure votre environnement de base changera-t-il radicalement dans quelques années? D'ici 2020, quel pourcentage d'organisations utiliseront l'informatique propulsée par l'Intelligence Artificielle et l'Analyse Cognitive?

Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...

Puneet Kukreja

Insider threat seems to be one of the biggest risks for organisations looking to protect their data assets. Enterprises spend large proportion of their budget to secure and protect their most critical assets from exfiltration and leakage. However, it's not all about nation state and espionage, it's about identifying potential insider threat scenarios, understanding the organisation’s critical assets and the controls to protect them. With the recent spate of data breaches originating from trusted insiders, how do enterprises ensure their data assets are safe from insider threat and appropriate controls are in place? What models have been implemented to identify potential insider threat scenarios? Which critical data assets must be safeguarded? What combination of technologies are required to protect against insider threat? Is there a psychology element? The session seeks to answer these questions by sharing experience from two use cases; one which approached the problem from a technical perspective, and the other using consolidation of existing technology data sets.

Accenture 2017 Global Risk Study: Capital Markets Summary

accenture

Vetting Mobile Apps for Corporate Use: Security Essentials

NowSecure

Cisco Connect 2018 Philippines - security keynote

NetworkCollaborators

The document discusses the challenges facing cybersecurity in Southeast Asia. It notes a rising risk of cyber attacks in the region due to increasing digital connectivity and interdependence between countries. Cyber defenses are often porous due to limited intelligence sharing and underinvestment. The cybersecurity industry in Southeast Asia is fragmented with many small players and a lack of holistic providers. The document calls for sustained regional commitment to cybersecurity and building cybersecurity capabilities to strengthen the ecosystem.

Emerging Trends in Application Security

Cybersecurity and Healthcare - HIMSS 2018 Survey

Imperva

Webinar–5 ways to risk rank your vulnerabilities

Vulnerabilities are an inevitable part of software development and management. Whether they’re in open source or custom code, new vulnerabilities will be discovered as a codebase ages. As stated in the 2019 Open Source Security and Risk Analysis report, 60% of the codebases audited in 2018 contained at least one known vulnerability. As the number of disclosures, patches, and updates grows, security professionals must decide which critical items to address immediately and which items to defer. For more information, please visit our website at www.synopsys.com/software.

Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...

SolarWinds

According to the fourth annual Federal Cybersecurity Survey from SolarWinds and Market Connections, insider threats are the leading source of threats to federal agencies. Human error is one of the most common insider threats, followed by abuse of privileges, and theft. The increased sophistication of threats, volume of attacks, and end-user policy violations make agencies more vulnerable than ever. In this webinar, we discussed how implementing the right tools, as well as continuously monitoring systems and networks, can provide the data to make informed decisions and help agencies safeguard against insider threats, and quickly identify and fix vulnerabilities. During this webinar our presenters discussed: The 2017 SolarWinds Federal Cybersecurity Survey, and the top sources of threats How the right tools and technologies can provide IT infrastructure data to help safeguard against malicious and non-malicious internal threats, including: Utilizing fault, performance, and log management data to help ensure that devices are continuously monitored and operating correctly Leveraging configuration management to help prevent errors and reduce vulnerabilities How the implementation of Security Incident and Event Management (SIEM) tools can better equip agencies to quickly detect and respond to security threats and help to reduce vulnerability, including: Utilizing log data to detect malicious or out-of-policy actions, fine-tune firewall configurations, and monitor Active Directory® changes How to track devices and users on your network and maintain historic data for forensics

High Performance Security Report - High Technology

Accenture Security

The document is a report from Accenture on cybersecurity for high technology companies. It finds that only 44% of respondents have confidence in their cybersecurity capabilities across key domains. Failure rates for security breaches are alarmingly high, with thousands to millions of random breach attempts per week and over 144 focused attacks per year resulting in one in four attacks being successful breaches. Internal breaches are particularly problematic, with 41% of security impacts coming from malicious insiders. The report recommends that companies pressure test security capabilities, make security a shared responsibility, protect key assets from within, increase executive engagement, continually innovate defenses, and ensure security is connected to business needs.

Do You Manage Software? Understanding Your Role in Cybersecurity Defense

Flexera

Organizations are under constant attack by hackers targeting applications used by the business. The University of Maryland recently quantified the near-constant rate of attacks on computers with Internet access to every 39 seconds. The best defense requires a holistic approach and collaboration of different teams in a concerted effort to reduce the attack surface for hackers. In this webinar we will discuss the roles and the impact that activities, not always associated with security, have in reducing risk. Whether you are an asset manager, a desktop or datacenter manager, or an IT security professional, your role has a significant impact on your organizations ability to reduce the risk of cyber-attack.

Benchmarking Your GDPR Compliance: Will You Make the Grade? [TrustArc Webinar...

TrustArc

Watch the webinar on-demand: https://info.trustarc.com/benchmarking-gdpr-compliance-webinar.html Register now to watch this on-demand webinar to learn: - How companies are approaching the GDPR - Where they are prioritizing their effort - How much they expect to spend - These benchmarks can help you position your own program internally and build a case for further investment. To register for upcoming/on-demand webinars visit: https://www.trustarc.com/events/webinar-schedule/ Who Will Make the Grade? With less than one year to go before the GDPR is enforced across Europe, how has the industry responded to the GDPR requirements and how many companies will make the grade by May 2018? Recent TrustArc research conducted by Dimensional Research found that over 61% of companies have not even started their GDPR Compliance programs. Of those that had started - the three challenges cited most by the privacy professionals surveyed were difficult to maintain and update privacy programs (57%), lack of appropriate tools and technology (56%), and lack of internal resources (54%).

Cybersecurity In The Cognitive Era: Priming Your Digital Immune System

This document discusses cognitive security solutions and their potential benefits. It notes that current security challenges include keeping up with the increasing speed, sophistication and volume of threats. Cognitive security solutions could help by ingesting and organizing vast amounts of security data to provide better intelligence, speed and accuracy. The document profiles organizations as "Primed", "Pressured" or "Prudent" based on their security effectiveness, understanding of cognitive benefits, and readiness. The "Primed" are most familiar with cognitive security and have the resources to adopt it. While still emerging, the document recommends organizations recognize weaknesses and become educated on cognitive security to prepare.

Cybersecurity in the Cognitive Era: Priming Your Digital Immune System

What could cybersecurity look like in the cognitive era? Organizations are facing a number of well-known security challenges and these challenges are leading to gaps in intelligence, speed, and accuracy when it comes to threats and incidents. The gaps can’t be addressed by simply scaling up legacy processes and infrastructure – new approaches are needed, and cognitive security solutions may help address these gaps. IBM conducted a survey of over 700 security professionals leaders and practitioners from 35 countries, representing 18 industries to get a sense for what challenges they are facing, how they are being addressed, and how they view cognitive security solutions as a potential powerful new tool. Join us as Diana Kelley, Executive Security Advisor in IBM Security, and David Jarvis, Functional Research Lead for CIO and Cybersecurity in the IBM Institute for Business Value, discuss findings from the 2016 Cybersecurity Study “Cybersecurity in the Cognitive Era: Priming Your Digital Immune System” This webinar will cover an overview of the study findings, including: Security challenges, shortcomings and what security leaders are doing about them Views on cognitive security solutions – how they might help, readiness to implement and what might be holding them back What those that are ready to implement cognitive enabled security today are thinking and doing

Security Trend Report, 2017

Bill Chamberlin

Purpose: The slides provide an overview on the I.T. Security trend Content: Summary information about the I.T. Security marketplace, including trends drivers, spending trends, industry business cases, and adoption challenges. Also included are links to additional resources. How To Use This Report: This report is best read/studied and used as a learning document. You may want to view the slides in slideshow mode so you can easily follow the links Available on Slideshare: This presentation (and other Trend Reports for 2017) will be available publically on Slideshare at http://www.slideshare.net/horizonwatching Please Note: This report is based on internal IBM analysis and is not meant to be a statement of direction by IBM nor is IBM committing to any particular technology or solution.

Adapted from an ESG report - Outnumbered, Outgunned.

Proofpoint

The document discusses how Proofpoint helps security teams address skills shortages through advanced threat protection products. It notes that threats are evolving across multiple vectors while security skills are hard to find. Proofpoint provides threat intelligence and tools to help security teams block attacks, detect threats, and respond to breaches without requiring expert skills. Through products like Targeted Attack Protection and the Nexus Threat Graph, Proofpoint aggregates data to identify attackers and campaigns in order to help security teams prioritize and resolve risks.

Mobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App Risk

NowSecure

Andrew Hoog, founder of NowSecure, gave a presentation on managing third-party mobile app risk in healthcare. He discussed how BYOD and use of personal devices is common in healthcare despite risks. Analysis of top hospitals found on average 89 apps per device, representing over 2 million potential points of risk. Analysis of medical apps found many had significant security issues putting patient data at risk. Hoog advocated for vetting all third-party apps used through tools like NowSecure to identify and remedy security issues in order to better manage third-party mobile app risk.

CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...

Cohesive Networks

The document discusses cybersecurity frameworks and introduces the NIST Cybersecurity Framework. It provides an overview of the framework, explaining that it was created to provide a common language for organizations to assess security capabilities, identify gaps, and measure progress across different standards. The framework establishes guidelines for profiling current security levels, setting targets, and developing action plans to close gaps. An example is provided of a company that used the framework to improve security and facilitate auditing and certification.

Similar to New Synopsys research uncovers security's biggest challenges (20)

Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...

Mobile Security: Perceptions vs Device-harvested Reality

Sécurité Mobile : Votre Entreprise est-elle préparée pour 2020?

Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...

Accenture 2017 Global Risk Study: Capital Markets Summary

Vetting Mobile Apps for Corporate Use: Security Essentials

Cisco Connect 2018 Philippines - security keynote

Emerging Trends in Application Security

Cybersecurity and Healthcare - HIMSS 2018 Survey

Webinar–5 ways to risk rank your vulnerabilities

Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...

High Performance Security Report - High Technology

Do You Manage Software? Understanding Your Role in Cybersecurity Defense

Benchmarking Your GDPR Compliance: Will You Make the Grade? [TrustArc Webinar...

Cybersecurity In The Cognitive Era: Priming Your Digital Immune System

Cybersecurity in the Cognitive Era: Priming Your Digital Immune System

Security Trend Report, 2017

Adapted from an ESG report - Outnumbered, Outgunned.

Mobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App Risk

CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...

More from Synopsys Software Integrity Group

Webinar–Segen oder Fluch?

Die Zeiten ändern sich und verlangen immer mehr Aufmerksamkeit. Dies trifft speziell im Bereich Open-Source-Software zu. Die Komplexität gerade in der Technologiebranche ist enorm, gerade wenn der Sicherheitsaspekt eine wichtige Rolle spielt. Die Nutzung von Open-Source ist bereits beachtlich und nimmt stetig zu. Im Vergleich zum letzten Jahr ist die Anzahl der Unternehmen, die OSS verwenden enorm gestiegen. In Deutschland setzen 69% der befragten Unternehmen OSS ein und der Trend steigt stetig. Im globalen Vergleich verwenden laut des OSSRA Berichts 2019 (Open Source Sicherheits-und Risikoanalyse) 60% der befragten Unternehmen Open Source im analysierten Code im Jahr 2018; eine 3%ige Steigerung zum Vorjahr.

Webinar–Mobile Application Hardening Protecting Business Critical Apps

During this talk, we looked at some of the typical controls that Android/iOS applications exhibit, how they work, how to spot them, and how to sidestep them. We’ll demonstrate analysis and techniques using free open source tooling such as Radare and Frida, and for some parts, we’ll use IDA Pro. And since “automation” is the buzzword of the year, we’ll discuss how to automate some of these activities, which typically take up most of the assessment window. For more information, please visit our website at www.synopsys.com/software

Webinar–The 2019 Open Source Year in Review

This annual review will highlight the most significant legal developments related to open source software in 2019, including: •Evolution of open source: control, sustainability, and politics •Litigation update: Cambium and Artifex cases •Patents and the open source community •Impacts of government sanctions •The shift left for compliance and rise of bug bounty programs •And much, much more For more information, please visit https://www.synopsys.com/software-integrity/managed-services/open-source-software-audit.html

Webinar–Best Practices for DevSecOps at Scale

Today’s security professionals and software developers not only have to do more in less time; they have to do it securely. This means mitigating risk and addressing compliance requirements in an environment where: • The threat landscape continues to evolve. • Application portfolios and their risk profiles continue to shift. • Security tools are difficult to deploy, configure, and integrate into workflows. • Consumption models continue to change. How can your internal resources keep pace in this dynamic environment? Managed application security testing can be just the relief valve your organization needs. In this webinar, we’ll discuss the need for managed application security testing, the sweet spots where it offers maximum value, what you should look for in a managed application security testing provider, and highlights from Synopsys’ Managed Services offering. Today’s security professionals and software developers not only have to do more in less time; they have to do it securely. This means mitigating risk and addressing compliance requirements in an environment where: • The threat landscape continues to evolve. • Application portfolios and their risk profiles continue to shift. • Security tools are difficult to deploy, configure, and integrate into workflows. • Consumption models continue to change. How can your internal resources keep pace in this dynamic environment? Managed application security testing can be just the relief valve your organization needs. In this webinar, we’ll discuss the need for managed application security testing, the sweet spots where it offers maximum value, what you should look for in a managed application security testing provider, and highlights from Synopsys’ Managed Services offering. For more information, please visit our website at https://www.synopsys.com/software-integrity/managed-services.html

Webinar–That is Not How This Works

During a recent webinar, Jonathan Knudsen presented: "That's Not How This Works: All Development Should Be Secure." Development teams are pressured to push new software out quickly. But with speed comes risk. Anyone can write software, but if you want to create software that is safe, secure, and robust, you need the right process. Webinar attendees will learn: • Why traditional approaches to software development usually end in tears and heartburn • How a structured approach to secure software development lowers risk for you and your customers • Why automation and security testing tools are key components in the implementation of a secure development life cycle For more information, please visit our website at www.synopsys.com/software-integrity.html

Webinar–You've Got Your Open Source Audit Report–Now What?

Companies’ use of open source software has surpassed the occasional and solidified itself as the mainstream. Effectively identifying and managing the compliance and security risks associated with open source software can be a difficult task. Whether a company is acquiring another company, preparing for acquisition or simply wanting to manage their use of open source, the universal first step is to figure out the composition of the code, often via an audit. But what do you do once you have the audit report? For more information, please visit our website at https://www.synopsys.com/open-source-audit

Webinar–OWASP Top 10 for JavaScript for Developers

During a recent webinar, Lewis Ardern, senior security consultant presented "OWASP Top 10 for JavaScript Developers." 19_10_EMEA_WB_Owasp Top 10 for Java Script Developers With the release of the OWASP Top 10 2017, we saw new contenders for the most critical security issues in the web application landscape. Much of the OWASP documentation concerning issues, remediation advice, and code samples focuses on Java, C++, and C#. However, it doesn’t give much attention to JavaScript. JavaScript has drastically changed over the last few years with the release of Angular, React, and Vue, alongside the growing use of Node.js and its libraries and frameworks. This talk will introduce you to the OWASP Top 10 by explaining JavaScript client and server-side vulnerabilities. For more information, please visit our website at www.synopsys.com/standards

Webinar–The State of Open Source in M&A Transactions

During a recent webinar, West Monroe discussed, "The State of Open Source in M&A Transactions." Based extensive experience in M&A, West Monroe Partners is on the front line when it comes to tech due diligence, and they’ve seen a few trends emerge when it comes to open source and M&A deals. Buyers and seller alike need to understand these trends to get the most value out of any transaction. For more information, please visit our website at www.synopsys.com/open-source-audit

Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due ...

Dan Sturtevant, Silverthread and Niles Madison at Synopsys discussed design quality and code quality on a recent webinar. In an acquisition where a software asset is a core part of the deal valuation, it’s important to understand the overall quality of the software prior to doing the deal. Buggy software is problematic and needs to be cleaned up, so assessing code quality is important. But also, with poorly designed software, every fix is costly and laborious. This can significantly impact the long-term viability of the application, and maintaining that software can seriously degrade ROI. That’s why understanding a software system’s design or architectural health and the likely 'cost of ownership' is key.. For more information, please visit our website at https://www.synopsys.com/open-source-audit

Webinar–Using Evidence-Based Security

Webinar–Delivering a Next Generation Vulnerability Feed

The Synopsys Cybersecurity Research Center (CyRC) has a dedicated team of security analysts who specialize in sourcing, curating, and analyzing open source software vulnerabilities. The team delivers a customer-focused vulnerability feed comprising open source vulnerability reports called BDSAs (Black Duck Security Advisories). These reports are timely, accurate, and packed with relevant actionable information. In this webinar, Siobhan Hunter, security research lead, reveals why the high-quality content of the BDSA feed is best in class, with examples of how our BDSA feed compares with the NVD and insights into how we discover and deliver valuable vulnerability information for our customers every day. For more information, please visit our website at https://www.synopsys.com/cyrc

Webinar–Financial Services Study Shows Why Investing in AppSec Matters

This document summarizes a study on why investing in application security (appsec) matters for financial services organizations. The study found that over 50% of financial services firms had experienced theft of customer data due to insecure software. It also found that on average, only 34% of financial software and technology is tested for cybersecurity vulnerabilities. While addressing cybersecurity risks is important, the study noted that financial organizations face resource constraints, with only 45% believing they have adequate budgets for security and only 38% having necessary security skills. The document promotes the software integrity tools offered by Synopsys to help organizations build more secure software faster and address these challenges.

Webinar–What You Need To Know About Open Source Licensing

Virtually every organization uses open source software, and lots of it, to create efficiencies in software development. But left unmanaged, open source can introduce legal, IP, compliance, and other risks for the business. With over 2,500 different licenses in use, legal professionals and technical managers need to understand the license obligations associated with open source and how to mitigate risks. For more information, please visit our website at www.synopsys.com/open-source-audit

Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...

In the past few years, cybersecurity has become more intertwined into each step of the automotive development process. In particular, fuzz testing has proven to be a powerful approach to detect unknown vulnerabilities in automotive systems. However, with limited instrumentation, especially on systems such as in-vehicle infotainment (IVI) system and telematics units, there are several types of issues that go undetected, such as memory leaks and cases where the application crashes but restarts quickly. For more information, please visit www.synopsys.com/auto

Webinar–Why All Open Source Scans Aren't Created Equal

During a recent webinar attendees learned how a purpose-built M&A open source audit differs from open source management tools and why it matters in tech due diligence. We covered: • The types of risk around open source software • Why depth of analysis matters, and what it results in during M&A diligence • Why accuracy, reporting, and expert human analysis are keys to thorough diligence. For more information, please visit our website at www.synopsys.com/open-source-audit

Webinar–Is Your Software Security Supply Chain a Security Blind Spot?

Lysa Bryngelson, Sr. Product Manager for Black Duck Binary Analysis at Synopsys presented on a recent webinar. During the webinar, she discussed one of the biggest challenges companies face with third-party software is lack of visibility into the open source libraries used in the software they embed in their products. Over the last year, major security breaches have been attributed to exploits of vulnerabilities in open source frameworks used by Fortune 100 companies in education, government, financial services, retail, and media. For more information, please visit our website at www.synopsys.com/blackduck

Webinar–Sécurité Applicative et DevSecOps dans un monde Agile

Alors que l’adoption de DevOps pour des organisations Agile était une transition naturelle, le passage à DevSecOps a introduit de nouveaux défis. DevSecOps nécessite un changement important de mentalité et de culture d'entreprise pour intégrer les nouveaux outils et les nouvelles activités de sécurité. C’est la raison pour laquelle suivre le rythme d’Agile et la culture DevOps lors de l’introduction de la sécurité dans le cycle de développement logiciel (SDLC) est un défit pour de nombreuses entreprises. Dans ce webinaire, Cem Nisanoglu explore le modèle opérationnel de DevSecOps et souligne l'importance de la gestion des changements, de l'automatisation, et des indicateurs de sécurité dans une transition vers DevSecOps, ainsi que la manière dont ces activités peuvent contribuer à la formation de sécurité, à des cycles de release plus rapides, et à l'optimisation des budgets de sécurité dans l’entreprise.

Webinar–Creating a Modern AppSec Toolchain to Quantify Service Risks

Tim Mackey is a principal security strategist with the Synopsys Cybersecurity Research Center(CyRC). Within this role, he engages with various technical and business communities to understand how application security is evolving with ever-expanding attack surfaces and increasingly sophisticated threats. He specializes in container security, virtualization, cloud technologies, distributed systems engineering, mission critical engineering, performance monitoring, and large-scale data center operations. Tim takes the lessons learned from these activities and delivers talks globally at conferences like RSA, KubeCon and InfoSec. For more information, please visit www.synopsys.com/software.

Webinar – Streamling Your Tech Due Diligence Process for Software Assets

Webinar – Security Tool Misconfiguration and Abuse