SlideShare a Scribd company logo

Unified application security analyser

Tim Youm
Tim Youm

Enable best-of-breed security testing for enterprise, web and mobile applications • Facilitate application security testing for your customers at the appropriate stage of their development lifecycle • Identify security vulnerabilities such as SQL injection and cross-site scripting (XSS) • Automate correlation of static, dynamic and interactive application security testing results • Deliver detailed reporting to your customers that summarise security vulnerabilities, assesses potential risk and offers remediation tactics

Mobile
1 of 14
Download to read offline
Tim Youm unifiedmobility@au1.ibm.com +61 416 176 573 Unified Application (Mobile, Web & PC) Security Analyser
Security status 2
Security status § Average losses from cyberattacks is over 2.6M for Australian companies2 and $400K for Australian SMBs3 § More than 20% companies had mobile data breaches due to mobile malware/rogue WiFi hotspots1 § Nearly 40% don’t have visibility on their mobile security status whether they have been impacted1 § Every day, there are 12,000+ new mobile malware/ransomware4 § Mobile Data usage is expected to grow more than 7x by 20203 § Source 1: Online survey responses from LinkedIn group , Source 2 Source: Webroot SMB Threat Report 2015, Source 3: Cisco Visual Network Index Report, 2016 Source 4: AVAST , 2016 5. Ponemon Institute, June 2016 : 20161 Cost of Data Breach Study: Australia (26 Australian companies participated the survey) 3
MaaS360 Mobility Management UMM( MDM/EMM/MEM/MTP/UEM/MIM/AI) Integrated IT StackBI Bluemix Mobile First Apps, Maximo, Form Builder MobileFirst Foundation AppScan QRadar Verse App Horizontal apps Vertical apps Mobile app development Tools App Security Analyser SIEM IaaS/PaaS HW WatsonAnalytics/AI 4
Business Problem: Security teams are often responsible for the security of thousands of applications; but don’t have enough security experts on staff to handle the workload. It was a problem that Cisco faced several years ago. With a small security team and an application portfolio of nearly 2,500 applications, security staff worried they were becoming a “bottleneck” in application security. Solution: Using IBM® Security AppScan® Enterprise, Cisco empowered developers and QA personnel to test applications and address security issues before deployment. Benefits: Drove a 33 percent decrease in number of security issues found, reduced post-deployment remediation costs significantly, freed security experts to focus on deep application vulnerability assessments. Featured Security Offering: IBM® Security AppScan® Enterprise Link to Case Study: Cisco Case Study “AppScan helped us create a self-service model. We could take the product and put it in the hands of the developers and QA testers so they could identify and fix security vulnerabilities before production.” Sujata Ramamoorthy Director, Information Security Cisco Cisco empowered developers and QA personnel to test applications and address security issues prior to deployment, with IBM® Security AppScan® 5
6 Concur https://www.youtube.com/watch?v=gXDU7VbjNic&t=2s Bank of East Asia http://asianbankingandfinance.net/banking-technology/more-news/bank-east-asia- partners-ibm-launch-iportfolio-analyzer Overview: https://www.youtube.com/watch?v=PCoM042wBnM Mobile App: https://www.youtube.com/watch?v=zPynCmQATpw Concur & Bank of East Asia empowered developers and QA personnel to test applications and address security issues prior to deployment, with IBM® Security AppScan®
7 Starting at $569.21 AUD per month (charged per application) Purchased scans can be executed in conjunction with detailed vulnerability reporting, at a predictable cost. Starting at $278.52 AUD per scan Starting at $16,445.00 AUD per user per year Floating user single install Licensed for a pool of unnamed users, but can only be installed on one system. Priced by number of users.+$13,305.50 On-Premise SaaS AppScan Commercial RRP Start a Free Trial: https://lnkd.in/gacAEa5
Why is application security vital? You’ve probably done a lot to encourage data security—but could the applications you run be the equivalent of a front door to your enterprise that’s been left wide open? The security of the data in your organisation’s hands depends on a lot more than just locking down individual files and records. You need to tighten security at the application level, too, because applications can control access to your data—and even to your organisation’s Internet of Things (IoT) infrastructure. Many notorious security breaches have occurred not because of poor data security practices, but because of vulnerable applications. Deploying application security helps prevent rogue or vulnerable software from allowing cybercriminals to siphon data that you thought wassecure. Even so, application security remains an often-neglected area of cybersecurity,1 and breaches continue tooccur. Why? In part, because locking down applications is more complicated than encrypting files or safeguarding networks with firewalls. Applications have also grown in number and type, with the advent of app stores and specialised applications that access cloud-basedinfrastructure. Meanwhile, widespread adoption of bring-your-own-device (BYOD) policies has resulted in an increase in unvetted applications, and application-connected IoT data sources proliferate rapidly. Application security is vitalto: • Prevent reputational damage • Maintain customertrust • Avoid remediationcosts • Detect and respond to security risks before they cause damage Watch a demo of what IBM Application Security on Cloud can accomplish for you. 1 “How to Make Application Security a Strategically Managed Discipline,” Ponemon Institute, March 2016. 2 “The State of Mobile Application Insecurity,” Ponemon Institute, February 2015. In one study, 77% of respondingdevelopers say applications are vulnerable because pressure to release applications quickly prevents adequate testing.2 APPLICATION SECURITY A COMPLETE SOLUTION CASE STUDIES FOR MORE INFORMATION COMPLEX TASKS APPLICATION CHALLENGES BEST PRACTICES 8
Why do organisations struggle to achieve application security success? Application security is complicated by factors that span developers, IT staff and end users. In combination, these factors can make organisations susceptible to vulnerabilities. Rush torelease A pervasive “rush to release” atmosphere means developers are often short of testing resources. But application security doesn’t just rest with developers. There’s a parallel rush to install applications quickly, as users seek the efficiencies that new software can deliver. Complexapplications Software varies wildly in scope, data requirements, language and platform. A compromised application with a direct line to company data can be as risky as a misplaced laptop loaded with similar data— perhaps worse, if the gap goes unnoticed. An insecure or malicious application could expose your data, whether it has been exploited by a security vulnerability or because it began life insecure. Application security not apriority Application-layer vulnerabilities are often viewed as low priorities, and organisations typically do not rank applications by importance for protection. And applications are often dispersed throughout an organisation—along with accountability for their security—withlittle visibility into which ones are in use or which ones are most vulnerable. Lack ofstandards Users can’t devote time to security testing—and don’t know how to test effectively. There are few universal application securitystandards, so guidance and on-site expertise can be difficult to assess or employ. 1 “How to Make Application Security a Strategically Managed Discipline,” Ponemon Institute, March 2016. Learn more about risk-based application securitymanagement. A recent Ponemon Institute study foundthat 47% of respondents said mobile application risk in their organisations was increasing or significantly increasing.1 APPLICATION SECURITY A COMPLETE SOLUTION CASE STUDIES FOR MORE INFORMATION COMPLEX TASKS APPLICATION CHALLENGES BEST PRACTICES 9
Effective application security practices confirm that security should be viewed as a process, not as a series of items to check off a list. As such, application security testing must be comprehensive and ongoing. For developers, the application security testing process should be embedded in the software development lifecycle, with ongoing source code analysis. For end-user organisations, the process continues, with vetting of all new software that’s deployed, as well as re- testing applications on which the organisation alreadyrelies. Comprehensive application security shouldinvolve: • Discovering and cataloging applications thatare currently inuse • Static testing—scanning application source code for vulnerabilities is the most direct way to find the actual code behind a particular securityvulnerability • Dynamic testing—evaluating what the software does when it’s deployed (for instance, is it vulnerable to potential cross-site scripting and SQL injectionattacks?) • Mobile application security testing, due to the proliferation of new mobile applications in themarket • Deployment of new software only after it’s been vetted Applications should be re-evaluated regularly, and this evaluation should be informed by sources such as the Open Web Application Security Project (OWASP)Top Tenlist1—new threats can putformerly safe applications atrisk. What is effective application security? 1 Paul Ionescu, “The 10 Most Common Application Attacks in Action,” IBM Security Intelligence, April 8, 2015. 2 “Number of apps available in leading app stores as of June 2016,” Statista, June 2016. 3 “Number of Android Applications,” AppBrain, Accessed October 13, 2016. Learn more about the risks that make application security vital. As of September 2016, there were 2 million Apple iOS applications available for download,2 and morethan 2.4 million Google Android applications.3 APPLICATION SECURITY A COMPLETE SOLUTION CASE STUDIES FOR MORE INFORMATION COMPLEX TASKS APPLICATION CHALLENGES BEST PRACTICES 10
In vetting applications for security risks, organisations operate under constraints that range from limited budgets to heavy workloads of their security and IT staffs. But such constraints cannot get in the way of improving security protection. Instead, your organisation should employ best practices thatinclude: • Oversight—Planned, automated testing delivers morethorough and reliable results than ad-hoctesting • Continuity—Applications should be built and tested forsecurity and re- tested to keep up with vulnerabilities • Prioritisation—Ranking application security issues based on severity and potential business impact permits problems to be tackled in the order that makes the most business sense • Flexibility—Avoiding restrictive implementation requirements is critical to evaluate the full range of applications deployed by your organisation • Adaptability—Threats change over time; a flexible approach results in fewer changes to remain in control of application security • Timeliness—To avoid disrupting—or redoing—development processes, applications should be tested throughout all stages of the development lifecycle An integrated application security solution such as IBM®Application Security on Cloud can help you minimise security gaps and identify potential vulnerabilities. Integration with other securityproducts and practices makes risk mitigation for applications part of a comprehensive security program, not anafterthought. Leverage our time-tested application security best practices See how IBM Application Security on Cloud identifies and remediates vulnerabilities. 58% of organisations say security concerns inhibit full deployment of a mobile security strategy.1 1 “2016 Mobile Security & Business Transformation Study,” Information Security Media Group, Sponsored by IBM Corp., 2016. APPLICATION SECURITY A COMPLETE SOLUTION CASE STUDIES FOR MORE INFORMATION COMPLEX TASKS APPLICATION CHALLENGES BEST PRACTICES 11
Bolster your application-security risk management byimplementing an integrated solution, rather than relying on disparate tools. IBM Application Security on Cloud is a comprehensive, cost-effective, user-friendly and easy-to-deploy cloud- based solution forweb and mobile applications that unites all phases of application security testing. Our cloud-based offering is based on years of IBM experience in on-premises security testing, and interoperates with other security tools to facilitate comprehensive cyber-defense protection. IBM Application Security on Cloud is a complete, subscription- based solution that permits you to test applications and improve security protection by providing actionable data. With IBMApplication Security on Cloud, you can quickly assess application risk ratings, so you can focus remediation efforts on your most significant vulnerabilities. Register for a trial version of IBM Application Security on Cloud, or download an on-premises IBM Security AppScan® trial. Comprehensive, cloud-based application security testing CASE STUDIESA COMPLETE SOLUTIONAPPLICATION SECURITY Youcan perform static security testing of application code written in a wide number of programming languages, conduct dynamic analysis for pre-production and in-production software webapplications; and test Android and iOS applications, prior to their deployment. IBM Application Security on Cloud identifies and reports security issues, ranks them according to exposure and criticality, and recommends remediation steps. All of the results can be integrated into a number of DevOps systems and integrated development environments(IDEs). A full range of companion consulting services is also available, enabling your security team to take full advantage of the capabilities IBM Security has tooffer. FOR MORE INFORMATION The IBM ApplicationSecurity on Cloud dashboardview. Click image to enlarge. Click again for original size. 12
Organisations that deploy application security solutions from IBM realise the value of integration and automation as part of their overall security strategies, whether they’re creating applications,or deploying them. Protecting code throughout the software developmentlifecycle • Concur Technologies of Bellevue, Washington specialises in corporate expense management, so it manages confidential financial information on an everyday basis. Protecting that information is paramount, but also difficult to achieve. As an organisation with a large mobile presence, including its own mobile applications, Concur deployed AppScan with the same vulnerability testing technology that powers IBM Application Security on Cloud. With AppScan, Concur can test its applications for security risks as they’re developed and conveniently analyse production code. Managing risk in a fast-growingenterprise • Migros, a Turkish retail giant that’s experiencing break-neck growth at home and abroad, has a large-scale infrastructure to protect, with applications transmitting inventory and payment information over a network that encompasses nearly 1,500 stores and more than 100,000 Internet-connected endpoint devices. In orchestrating its growth, the company faced challenges in moving operations to the cloud as it implemented a BYOD policy. By leveraging IBM application security solutions, Migros has been able toscale its business while minimising risk. Real-world IBM Application Security on Cloud use cases CASE STUDIESA COMPLETE SOLUTIONAPPLICATION SECURITY IBM offers a complete portfolio of application security testing tools, used by leadingcompanies in fields as diverse as manufacturing1 and financial services2 to help protect applications, devices anddata. Sign up for a complimentary trial plan of IBM Application Security on Cloud. 1 “Large global automaker: Protecting the Connected Car Ecosystem,” IBM Corp., July 2016. 2 “Progressive Insurance: Proactively Protecting Data by Creating Appropriate Controls,” IBM Corp., May 2016. FOR MORE INFORMATION 13
Unified Application (Mobile, Web & PC) Security Analyser Start a free trial: https://lnkd.in/gacAEa5 Tim Youm unifiedmobility@au1.ibm.com +61 416 176 573

Recommended

Actionable insights
Actionable insightsActionable insights
Actionable insightsTim Youm
 
Thinking of choosing Trend Micro?
Thinking of choosing Trend Micro?Thinking of choosing Trend Micro?
Thinking of choosing Trend Micro?Symantec
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020IBM Security
 
Recent ECB/ EBA regulations how they will impact European banks in 2016
Recent ECB/ EBA regulations how they will impact European banks in 2016Recent ECB/ EBA regulations how they will impact European banks in 2016
Recent ECB/ EBA regulations how they will impact European banks in 2016IBM Security
 
The ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentThe ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentIBM Security
 
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarDon’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarIBM Security
 
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteThe Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteIBM Security
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityIBM Security
 

Recommended

Actionable insights
Actionable insightsActionable insights
Actionable insightsTim Youm
 
Thinking of choosing Trend Micro?
Thinking of choosing Trend Micro?Thinking of choosing Trend Micro?
Thinking of choosing Trend Micro?Symantec
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020IBM Security
 
Recent ECB/ EBA regulations how they will impact European banks in 2016
Recent ECB/ EBA regulations how they will impact European banks in 2016Recent ECB/ EBA regulations how they will impact European banks in 2016
Recent ECB/ EBA regulations how they will impact European banks in 2016IBM Security
 
The ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentThe ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentIBM Security
 
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarDon’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarIBM Security
 
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteThe Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteIBM Security
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityIBM Security
 
Tolly Report: Stopping Attacks You Can't See
Tolly Report: Stopping Attacks You Can't SeeTolly Report: Stopping Attacks You Can't See
Tolly Report: Stopping Attacks You Can't SeeIBM Security
 
Infographic: Mobile is growing and so are security threats
Infographic: Mobile is growing and so are security threatsInfographic: Mobile is growing and so are security threats
Infographic: Mobile is growing and so are security threatsIBM Security
 
QRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the MouseQRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the MouseIBM Security
 
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security
 
Infographic: 5 Tips for Cloud Success
Infographic: 5 Tips for Cloud SuccessInfographic: 5 Tips for Cloud Success
Infographic: 5 Tips for Cloud SuccessIBM Security
 
Malware on Smartphones and Tablets: The Inconvenient Truth
Malware on Smartphones and Tablets: The Inconvenient TruthMalware on Smartphones and Tablets: The Inconvenient Truth
Malware on Smartphones and Tablets: The Inconvenient TruthIBM Security
 
Mojave Networks Webinar: A Three-Pronged Approach to Mobile Security
Mojave Networks Webinar: A Three-Pronged Approach to Mobile SecurityMojave Networks Webinar: A Three-Pronged Approach to Mobile Security
Mojave Networks Webinar: A Three-Pronged Approach to Mobile SecurityMojave Networks
 
Securing Office 365
Securing Office 365Securing Office 365
Securing Office 365Symantec
 
Compete To Win: Don’t Just Be Compliant – Be Secure!
Compete To Win: Don’t Just Be Compliant – Be Secure!Compete To Win: Don’t Just Be Compliant – Be Secure!
Compete To Win: Don’t Just Be Compliant – Be Secure!IBM Security
 
IBM MaaS360 with watson
IBM MaaS360 with watsonIBM MaaS360 with watson
IBM MaaS360 with watsonPrime Infoserv
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats IBM Security
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackIBM Security
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA IBM Security
 
What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020TestingXperts
 
2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?IBM Security
 
See How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsSee How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsIBM Security
 
Top 2016 Mobile Security Threats and your Employees
Top 2016 Mobile Security Threats and your EmployeesTop 2016 Mobile Security Threats and your Employees
Top 2016 Mobile Security Threats and your EmployeesNeil Kemp
 
Uncover What's Inside the Mind of a Hacker
Uncover What's Inside the Mind of a HackerUncover What's Inside the Mind of a Hacker
Uncover What's Inside the Mind of a HackerIBM Security
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsIBM Security
 
Ibm security products portfolio
Ibm security products portfolioIbm security products portfolio
Ibm security products portfolioPatrick Bouillaud
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityCygnet Infotech
 
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comMobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comIdexcel Technologies
 

More Related Content

What's hot

Tolly Report: Stopping Attacks You Can't See
Tolly Report: Stopping Attacks You Can't SeeTolly Report: Stopping Attacks You Can't See
Tolly Report: Stopping Attacks You Can't SeeIBM Security
 
Infographic: Mobile is growing and so are security threats
Infographic: Mobile is growing and so are security threatsInfographic: Mobile is growing and so are security threats
Infographic: Mobile is growing and so are security threatsIBM Security
 
QRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the MouseQRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the MouseIBM Security
 
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security
 
Infographic: 5 Tips for Cloud Success
Infographic: 5 Tips for Cloud SuccessInfographic: 5 Tips for Cloud Success
Infographic: 5 Tips for Cloud SuccessIBM Security
 
Malware on Smartphones and Tablets: The Inconvenient Truth
Malware on Smartphones and Tablets: The Inconvenient TruthMalware on Smartphones and Tablets: The Inconvenient Truth
Malware on Smartphones and Tablets: The Inconvenient TruthIBM Security
 
Mojave Networks Webinar: A Three-Pronged Approach to Mobile Security
Mojave Networks Webinar: A Three-Pronged Approach to Mobile SecurityMojave Networks Webinar: A Three-Pronged Approach to Mobile Security
Mojave Networks Webinar: A Three-Pronged Approach to Mobile SecurityMojave Networks
 
Securing Office 365
Securing Office 365Securing Office 365
Securing Office 365Symantec
 
Compete To Win: Don’t Just Be Compliant – Be Secure!
Compete To Win: Don’t Just Be Compliant – Be Secure!Compete To Win: Don’t Just Be Compliant – Be Secure!
Compete To Win: Don’t Just Be Compliant – Be Secure!IBM Security
 
IBM MaaS360 with watson
IBM MaaS360 with watsonIBM MaaS360 with watson
IBM MaaS360 with watsonPrime Infoserv
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats IBM Security
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackIBM Security
 
What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020TestingXperts
 
2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?IBM Security
 
See How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsSee How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsIBM Security
 
Top 2016 Mobile Security Threats and your Employees
Top 2016 Mobile Security Threats and your EmployeesTop 2016 Mobile Security Threats and your Employees
Top 2016 Mobile Security Threats and your EmployeesNeil Kemp
 
Uncover What's Inside the Mind of a Hacker
Uncover What's Inside the Mind of a HackerUncover What's Inside the Mind of a Hacker
Uncover What's Inside the Mind of a HackerIBM Security
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsIBM Security
 
Ibm security products portfolio
Ibm security products portfolioIbm security products portfolio
Ibm security products portfolioPatrick Bouillaud
 

What's hot (20)

Tolly Report: Stopping Attacks You Can't See
Tolly Report: Stopping Attacks You Can't SeeTolly Report: Stopping Attacks You Can't See
Tolly Report: Stopping Attacks You Can't See
 
Infographic: Mobile is growing and so are security threats
Infographic: Mobile is growing and so are security threatsInfographic: Mobile is growing and so are security threats
Infographic: Mobile is growing and so are security threats
 
QRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the MouseQRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the Mouse
 
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
 
Infographic: 5 Tips for Cloud Success
Infographic: 5 Tips for Cloud SuccessInfographic: 5 Tips for Cloud Success
Infographic: 5 Tips for Cloud Success
 
Malware on Smartphones and Tablets: The Inconvenient Truth
Malware on Smartphones and Tablets: The Inconvenient TruthMalware on Smartphones and Tablets: The Inconvenient Truth
Malware on Smartphones and Tablets: The Inconvenient Truth
 
Mojave Networks Webinar: A Three-Pronged Approach to Mobile Security
Mojave Networks Webinar: A Three-Pronged Approach to Mobile SecurityMojave Networks Webinar: A Three-Pronged Approach to Mobile Security
Mojave Networks Webinar: A Three-Pronged Approach to Mobile Security
 
Securing Office 365
Securing Office 365Securing Office 365
Securing Office 365
 
Compete To Win: Don’t Just Be Compliant – Be Secure!
Compete To Win: Don’t Just Be Compliant – Be Secure!Compete To Win: Don’t Just Be Compliant – Be Secure!
Compete To Win: Don’t Just Be Compliant – Be Secure!
 
IBM MaaS360 with watson
IBM MaaS360 with watsonIBM MaaS360 with watson
IBM MaaS360 with watson
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon Black
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA
 
What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020
 
2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?
 
See How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsSee How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile Metrics
 
Top 2016 Mobile Security Threats and your Employees
Top 2016 Mobile Security Threats and your EmployeesTop 2016 Mobile Security Threats and your Employees
Top 2016 Mobile Security Threats and your Employees
 
Uncover What's Inside the Mind of a Hacker
Uncover What's Inside the Mind of a HackerUncover What's Inside the Mind of a Hacker
Uncover What's Inside the Mind of a Hacker
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
 
Ibm security products portfolio
Ibm security products portfolioIbm security products portfolio
Ibm security products portfolio
 

Similar to Unified application security analyser

Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityCygnet Infotech
 
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comMobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comIdexcel Technologies
 
Case Closed with IBM Application Security on Cloud infographic
Case Closed with IBM Application Security on Cloud infographicCase Closed with IBM Application Security on Cloud infographic
Case Closed with IBM Application Security on Cloud infographicIBM Security
 
What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App Sec
What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App SecWhat the New OWASP Top 10 2013 and Latest X-Force Report Mean for App Sec
What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App SecIBM Security
 
Unicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecurityUnicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecuritySubho Halder
 
Research Article On Web Application Security
Research Article On Web Application SecurityResearch Article On Web Application Security
Research Article On Web Application SecuritySaadSaif6
 
application-security-fallacies-and-realities-veracode
application-security-fallacies-and-realities-veracodeapplication-security-fallacies-and-realities-veracode
application-security-fallacies-and-realities-veracodesciccone
 
Ultimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecUltimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecJessica Lavery Pozerski
 
ultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeSean Varga
 
How Healthcare CISOs Can Secure Mobile Devices
How Healthcare CISOs Can Secure Mobile DevicesHow Healthcare CISOs Can Secure Mobile Devices
How Healthcare CISOs Can Secure Mobile DevicesSkycure
 
Key Strategies to Address Rising Application Risk in Your Enterprise
Key Strategies to Address Rising Application Risk in Your EnterpriseKey Strategies to Address Rising Application Risk in Your Enterprise
Key Strategies to Address Rising Application Risk in Your EnterpriseLumension
 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsCognizant
 
En msft-scrty-cntnt-e book-cybersecurity
En msft-scrty-cntnt-e book-cybersecurityEn msft-scrty-cntnt-e book-cybersecurity
En msft-scrty-cntnt-e book-cybersecurityOnline Business
 
Intelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityIntelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityTyler Shields
 
Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec
 

Similar to Unified application security analyser (20)

Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App Security
 
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comMobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
 
Mobile Apps Security Testing -1
Mobile Apps Security Testing -1Mobile Apps Security Testing -1
Mobile Apps Security Testing -1
 
Case Closed with IBM Application Security on Cloud infographic
Case Closed with IBM Application Security on Cloud infographicCase Closed with IBM Application Security on Cloud infographic
Case Closed with IBM Application Security on Cloud infographic
 
What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App Sec
What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App SecWhat the New OWASP Top 10 2013 and Latest X-Force Report Mean for App Sec
What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App Sec
 
Unicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecurityUnicom Conference - Mobile Application Security
Unicom Conference - Mobile Application Security
 
Mobile Application Security
Mobile Application Security Mobile Application Security
Mobile Application Security
 
Research Article On Web Application Security
Research Article On Web Application SecurityResearch Article On Web Application Security
Research Article On Web Application Security
 
application-security-fallacies-and-realities-veracode
application-security-fallacies-and-realities-veracodeapplication-security-fallacies-and-realities-veracode
application-security-fallacies-and-realities-veracode
 
Ultimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecUltimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSec
 
ultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracode
 
How Healthcare CISOs Can Secure Mobile Devices
How Healthcare CISOs Can Secure Mobile DevicesHow Healthcare CISOs Can Secure Mobile Devices
How Healthcare CISOs Can Secure Mobile Devices
 
Research Paper
Research PaperResearch Paper
Research Paper
 
Key Strategies to Address Rising Application Risk in Your Enterprise
Key Strategies to Address Rising Application Risk in Your EnterpriseKey Strategies to Address Rising Application Risk in Your Enterprise
Key Strategies to Address Rising Application Risk in Your Enterprise
 
Rapport X force 2014
Rapport X force 2014Rapport X force 2014
Rapport X force 2014
 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting Reputations
 
2016 Trends in Security
2016 Trends in Security 2016 Trends in Security
2016 Trends in Security
 
En msft-scrty-cntnt-e book-cybersecurity
En msft-scrty-cntnt-e book-cybersecurityEn msft-scrty-cntnt-e book-cybersecurity
En msft-scrty-cntnt-e book-cybersecurity
 
Intelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityIntelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software Security
 
Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security Webinar
 

More from Tim Youm

11 best practices for mobility management
11 best practices for mobility management11 best practices for mobility management
11 best practices for mobility managementTim Youm
 
Unified Cloud with Watson Overview
Unified Cloud with Watson OverviewUnified Cloud with Watson Overview
Unified Cloud with Watson OverviewTim Youm
 
Unified Mobility in Schools
Unified Mobility in SchoolsUnified Mobility in Schools
Unified Mobility in SchoolsTim Youm
 
Unified Mobility in the Industrial Sector
Unified Mobility in the Industrial SectorUnified Mobility in the Industrial Sector
Unified Mobility in the Industrial SectorTim Youm
 
Unified Mobility in Healthcare
Unified Mobility in HealthcareUnified Mobility in Healthcare
Unified Mobility in HealthcareTim Youm
 
2017 Mobility industry trends
2017 Mobility industry trends2017 Mobility industry trends
2017 Mobility industry trendsTim Youm
 

More from Tim Youm (6)

11 best practices for mobility management
11 best practices for mobility management11 best practices for mobility management
11 best practices for mobility management
 
Unified Cloud with Watson Overview
Unified Cloud with Watson OverviewUnified Cloud with Watson Overview
Unified Cloud with Watson Overview
 
Unified Mobility in Schools
Unified Mobility in SchoolsUnified Mobility in Schools
Unified Mobility in Schools
 
Unified Mobility in the Industrial Sector
Unified Mobility in the Industrial SectorUnified Mobility in the Industrial Sector
Unified Mobility in the Industrial Sector
 
Unified Mobility in Healthcare
Unified Mobility in HealthcareUnified Mobility in Healthcare
Unified Mobility in Healthcare
 
2017 Mobility industry trends
2017 Mobility industry trends2017 Mobility industry trends
2017 Mobility industry trends
 

Recently uploaded

Mobile App Penetration Testing Bsides312
Mobile App Penetration Testing Bsides312Mobile App Penetration Testing Bsides312
Mobile App Penetration Testing Bsides312wphillips114
 
Bromazolam CAS 71368-80-4 high quality opiates, Safe transportation, 99% pure
Bromazolam CAS 71368-80-4 high quality opiates, Safe transportation, 99% pureBromazolam CAS 71368-80-4 high quality opiates, Safe transportation, 99% pure
Bromazolam CAS 71368-80-4 high quality opiates, Safe transportation, 99% pureamy56318795
 
Mobile Application Development-Android and It’s Tools
Mobile Application Development-Android and It’s ToolsMobile Application Development-Android and It’s Tools
Mobile Application Development-Android and It’s ToolsChandrakantDivate1
 
Android Application Components with Implementation & Examples
Android Application Components with Implementation & ExamplesAndroid Application Components with Implementation & Examples
Android Application Components with Implementation & ExamplesChandrakantDivate1
 
原版定制英国伦敦大学金史密斯学院毕业证原件一模一样
原版定制英国伦敦大学金史密斯学院毕业证原件一模一样原版定制英国伦敦大学金史密斯学院毕业证原件一模一样
原版定制英国伦敦大学金史密斯学院毕业证原件一模一样AS
 
Abortion pills in Riyadh+966572737505 cytotec jeddah
Abortion pills in Riyadh+966572737505 cytotec jeddahAbortion pills in Riyadh+966572737505 cytotec jeddah
Abortion pills in Riyadh+966572737505 cytotec jeddahsamsungultra782445
 
Mobile Application Development- Configuration and Android Installation
Mobile Application Development- Configuration and Android InstallationMobile Application Development- Configuration and Android Installation
Mobile Application Development- Configuration and Android InstallationChandrakantDivate1
 
Mobile Application Development-Components and Layouts
Mobile Application Development-Components and LayoutsMobile Application Development-Components and Layouts
Mobile Application Development-Components and LayoutsChandrakantDivate1
 

Recently uploaded (9)

Mobile App Penetration Testing Bsides312
Mobile App Penetration Testing Bsides312Mobile App Penetration Testing Bsides312
Mobile App Penetration Testing Bsides312
 
Bromazolam CAS 71368-80-4 high quality opiates, Safe transportation, 99% pure
Bromazolam CAS 71368-80-4 high quality opiates, Safe transportation, 99% pureBromazolam CAS 71368-80-4 high quality opiates, Safe transportation, 99% pure
Bromazolam CAS 71368-80-4 high quality opiates, Safe transportation, 99% pure
 
Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)
Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)
Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)
 
Mobile Application Development-Android and It’s Tools
Mobile Application Development-Android and It’s ToolsMobile Application Development-Android and It’s Tools
Mobile Application Development-Android and It’s Tools
 
Android Application Components with Implementation & Examples
Android Application Components with Implementation & ExamplesAndroid Application Components with Implementation & Examples
Android Application Components with Implementation & Examples
 
原版定制英国伦敦大学金史密斯学院毕业证原件一模一样
原版定制英国伦敦大学金史密斯学院毕业证原件一模一样原版定制英国伦敦大学金史密斯学院毕业证原件一模一样
原版定制英国伦敦大学金史密斯学院毕业证原件一模一样
 
Abortion pills in Riyadh+966572737505 cytotec jeddah
Abortion pills in Riyadh+966572737505 cytotec jeddahAbortion pills in Riyadh+966572737505 cytotec jeddah
Abortion pills in Riyadh+966572737505 cytotec jeddah
 
Mobile Application Development- Configuration and Android Installation
Mobile Application Development- Configuration and Android InstallationMobile Application Development- Configuration and Android Installation
Mobile Application Development- Configuration and Android Installation
 
Mobile Application Development-Components and Layouts
Mobile Application Development-Components and LayoutsMobile Application Development-Components and Layouts
Mobile Application Development-Components and Layouts
 

Unified application security analyser

  • 1. Tim Youm unifiedmobility@au1.ibm.com +61 416 176 573 Unified Application (Mobile, Web & PC) Security Analyser
  • 3. Security status § Average losses from cyberattacks is over 2.6M for Australian companies2 and $400K for Australian SMBs3 § More than 20% companies had mobile data breaches due to mobile malware/rogue WiFi hotspots1 § Nearly 40% don’t have visibility on their mobile security status whether they have been impacted1 § Every day, there are 12,000+ new mobile malware/ransomware4 § Mobile Data usage is expected to grow more than 7x by 20203 § Source 1: Online survey responses from LinkedIn group , Source 2 Source: Webroot SMB Threat Report 2015, Source 3: Cisco Visual Network Index Report, 2016 Source 4: AVAST , 2016 5. Ponemon Institute, June 2016 : 20161 Cost of Data Breach Study: Australia (26 Australian companies participated the survey) 3
  • 4. MaaS360 Mobility Management UMM( MDM/EMM/MEM/MTP/UEM/MIM/AI) Integrated IT StackBI Bluemix Mobile First Apps, Maximo, Form Builder MobileFirst Foundation AppScan QRadar Verse App Horizontal apps Vertical apps Mobile app development Tools App Security Analyser SIEM IaaS/PaaS HW WatsonAnalytics/AI 4
  • 5. Business Problem: Security teams are often responsible for the security of thousands of applications; but don’t have enough security experts on staff to handle the workload. It was a problem that Cisco faced several years ago. With a small security team and an application portfolio of nearly 2,500 applications, security staff worried they were becoming a “bottleneck” in application security. Solution: Using IBM® Security AppScan® Enterprise, Cisco empowered developers and QA personnel to test applications and address security issues before deployment. Benefits: Drove a 33 percent decrease in number of security issues found, reduced post-deployment remediation costs significantly, freed security experts to focus on deep application vulnerability assessments. Featured Security Offering: IBM® Security AppScan® Enterprise Link to Case Study: Cisco Case Study “AppScan helped us create a self-service model. We could take the product and put it in the hands of the developers and QA testers so they could identify and fix security vulnerabilities before production.” Sujata Ramamoorthy Director, Information Security Cisco Cisco empowered developers and QA personnel to test applications and address security issues prior to deployment, with IBM® Security AppScan® 5
  • 6. 6 Concur https://www.youtube.com/watch?v=gXDU7VbjNic&t=2s Bank of East Asia http://asianbankingandfinance.net/banking-technology/more-news/bank-east-asia- partners-ibm-launch-iportfolio-analyzer Overview: https://www.youtube.com/watch?v=PCoM042wBnM Mobile App: https://www.youtube.com/watch?v=zPynCmQATpw Concur & Bank of East Asia empowered developers and QA personnel to test applications and address security issues prior to deployment, with IBM® Security AppScan®
  • 7. 7 Starting at $569.21 AUD per month (charged per application) Purchased scans can be executed in conjunction with detailed vulnerability reporting, at a predictable cost. Starting at $278.52 AUD per scan Starting at $16,445.00 AUD per user per year Floating user single install Licensed for a pool of unnamed users, but can only be installed on one system. Priced by number of users.+$13,305.50 On-Premise SaaS AppScan Commercial RRP Start a Free Trial: https://lnkd.in/gacAEa5
  • 8. Why is application security vital? You’ve probably done a lot to encourage data security—but could the applications you run be the equivalent of a front door to your enterprise that’s been left wide open? The security of the data in your organisation’s hands depends on a lot more than just locking down individual files and records. You need to tighten security at the application level, too, because applications can control access to your data—and even to your organisation’s Internet of Things (IoT) infrastructure. Many notorious security breaches have occurred not because of poor data security practices, but because of vulnerable applications. Deploying application security helps prevent rogue or vulnerable software from allowing cybercriminals to siphon data that you thought wassecure. Even so, application security remains an often-neglected area of cybersecurity,1 and breaches continue tooccur. Why? In part, because locking down applications is more complicated than encrypting files or safeguarding networks with firewalls. Applications have also grown in number and type, with the advent of app stores and specialised applications that access cloud-basedinfrastructure. Meanwhile, widespread adoption of bring-your-own-device (BYOD) policies has resulted in an increase in unvetted applications, and application-connected IoT data sources proliferate rapidly. Application security is vitalto: • Prevent reputational damage • Maintain customertrust • Avoid remediationcosts • Detect and respond to security risks before they cause damage Watch a demo of what IBM Application Security on Cloud can accomplish for you. 1 “How to Make Application Security a Strategically Managed Discipline,” Ponemon Institute, March 2016. 2 “The State of Mobile Application Insecurity,” Ponemon Institute, February 2015. In one study, 77% of respondingdevelopers say applications are vulnerable because pressure to release applications quickly prevents adequate testing.2 APPLICATION SECURITY A COMPLETE SOLUTION CASE STUDIES FOR MORE INFORMATION COMPLEX TASKS APPLICATION CHALLENGES BEST PRACTICES 8
  • 9. Why do organisations struggle to achieve application security success? Application security is complicated by factors that span developers, IT staff and end users. In combination, these factors can make organisations susceptible to vulnerabilities. Rush torelease A pervasive “rush to release” atmosphere means developers are often short of testing resources. But application security doesn’t just rest with developers. There’s a parallel rush to install applications quickly, as users seek the efficiencies that new software can deliver. Complexapplications Software varies wildly in scope, data requirements, language and platform. A compromised application with a direct line to company data can be as risky as a misplaced laptop loaded with similar data— perhaps worse, if the gap goes unnoticed. An insecure or malicious application could expose your data, whether it has been exploited by a security vulnerability or because it began life insecure. Application security not apriority Application-layer vulnerabilities are often viewed as low priorities, and organisations typically do not rank applications by importance for protection. And applications are often dispersed throughout an organisation—along with accountability for their security—withlittle visibility into which ones are in use or which ones are most vulnerable. Lack ofstandards Users can’t devote time to security testing—and don’t know how to test effectively. There are few universal application securitystandards, so guidance and on-site expertise can be difficult to assess or employ. 1 “How to Make Application Security a Strategically Managed Discipline,” Ponemon Institute, March 2016. Learn more about risk-based application securitymanagement. A recent Ponemon Institute study foundthat 47% of respondents said mobile application risk in their organisations was increasing or significantly increasing.1 APPLICATION SECURITY A COMPLETE SOLUTION CASE STUDIES FOR MORE INFORMATION COMPLEX TASKS APPLICATION CHALLENGES BEST PRACTICES 9
  • 10. Effective application security practices confirm that security should be viewed as a process, not as a series of items to check off a list. As such, application security testing must be comprehensive and ongoing. For developers, the application security testing process should be embedded in the software development lifecycle, with ongoing source code analysis. For end-user organisations, the process continues, with vetting of all new software that’s deployed, as well as re- testing applications on which the organisation alreadyrelies. Comprehensive application security shouldinvolve: • Discovering and cataloging applications thatare currently inuse • Static testing—scanning application source code for vulnerabilities is the most direct way to find the actual code behind a particular securityvulnerability • Dynamic testing—evaluating what the software does when it’s deployed (for instance, is it vulnerable to potential cross-site scripting and SQL injectionattacks?) • Mobile application security testing, due to the proliferation of new mobile applications in themarket • Deployment of new software only after it’s been vetted Applications should be re-evaluated regularly, and this evaluation should be informed by sources such as the Open Web Application Security Project (OWASP)Top Tenlist1—new threats can putformerly safe applications atrisk. What is effective application security? 1 Paul Ionescu, “The 10 Most Common Application Attacks in Action,” IBM Security Intelligence, April 8, 2015. 2 “Number of apps available in leading app stores as of June 2016,” Statista, June 2016. 3 “Number of Android Applications,” AppBrain, Accessed October 13, 2016. Learn more about the risks that make application security vital. As of September 2016, there were 2 million Apple iOS applications available for download,2 and morethan 2.4 million Google Android applications.3 APPLICATION SECURITY A COMPLETE SOLUTION CASE STUDIES FOR MORE INFORMATION COMPLEX TASKS APPLICATION CHALLENGES BEST PRACTICES 10
  • 11. In vetting applications for security risks, organisations operate under constraints that range from limited budgets to heavy workloads of their security and IT staffs. But such constraints cannot get in the way of improving security protection. Instead, your organisation should employ best practices thatinclude: • Oversight—Planned, automated testing delivers morethorough and reliable results than ad-hoctesting • Continuity—Applications should be built and tested forsecurity and re- tested to keep up with vulnerabilities • Prioritisation—Ranking application security issues based on severity and potential business impact permits problems to be tackled in the order that makes the most business sense • Flexibility—Avoiding restrictive implementation requirements is critical to evaluate the full range of applications deployed by your organisation • Adaptability—Threats change over time; a flexible approach results in fewer changes to remain in control of application security • Timeliness—To avoid disrupting—or redoing—development processes, applications should be tested throughout all stages of the development lifecycle An integrated application security solution such as IBM®Application Security on Cloud can help you minimise security gaps and identify potential vulnerabilities. Integration with other securityproducts and practices makes risk mitigation for applications part of a comprehensive security program, not anafterthought. Leverage our time-tested application security best practices See how IBM Application Security on Cloud identifies and remediates vulnerabilities. 58% of organisations say security concerns inhibit full deployment of a mobile security strategy.1 1 “2016 Mobile Security & Business Transformation Study,” Information Security Media Group, Sponsored by IBM Corp., 2016. APPLICATION SECURITY A COMPLETE SOLUTION CASE STUDIES FOR MORE INFORMATION COMPLEX TASKS APPLICATION CHALLENGES BEST PRACTICES 11
  • 12. Bolster your application-security risk management byimplementing an integrated solution, rather than relying on disparate tools. IBM Application Security on Cloud is a comprehensive, cost-effective, user-friendly and easy-to-deploy cloud- based solution forweb and mobile applications that unites all phases of application security testing. Our cloud-based offering is based on years of IBM experience in on-premises security testing, and interoperates with other security tools to facilitate comprehensive cyber-defense protection. IBM Application Security on Cloud is a complete, subscription- based solution that permits you to test applications and improve security protection by providing actionable data. With IBMApplication Security on Cloud, you can quickly assess application risk ratings, so you can focus remediation efforts on your most significant vulnerabilities. Register for a trial version of IBM Application Security on Cloud, or download an on-premises IBM Security AppScan® trial. Comprehensive, cloud-based application security testing CASE STUDIESA COMPLETE SOLUTIONAPPLICATION SECURITY Youcan perform static security testing of application code written in a wide number of programming languages, conduct dynamic analysis for pre-production and in-production software webapplications; and test Android and iOS applications, prior to their deployment. IBM Application Security on Cloud identifies and reports security issues, ranks them according to exposure and criticality, and recommends remediation steps. All of the results can be integrated into a number of DevOps systems and integrated development environments(IDEs). A full range of companion consulting services is also available, enabling your security team to take full advantage of the capabilities IBM Security has tooffer. FOR MORE INFORMATION The IBM ApplicationSecurity on Cloud dashboardview. Click image to enlarge. Click again for original size. 12
  • 13. Organisations that deploy application security solutions from IBM realise the value of integration and automation as part of their overall security strategies, whether they’re creating applications,or deploying them. Protecting code throughout the software developmentlifecycle • Concur Technologies of Bellevue, Washington specialises in corporate expense management, so it manages confidential financial information on an everyday basis. Protecting that information is paramount, but also difficult to achieve. As an organisation with a large mobile presence, including its own mobile applications, Concur deployed AppScan with the same vulnerability testing technology that powers IBM Application Security on Cloud. With AppScan, Concur can test its applications for security risks as they’re developed and conveniently analyse production code. Managing risk in a fast-growingenterprise • Migros, a Turkish retail giant that’s experiencing break-neck growth at home and abroad, has a large-scale infrastructure to protect, with applications transmitting inventory and payment information over a network that encompasses nearly 1,500 stores and more than 100,000 Internet-connected endpoint devices. In orchestrating its growth, the company faced challenges in moving operations to the cloud as it implemented a BYOD policy. By leveraging IBM application security solutions, Migros has been able toscale its business while minimising risk. Real-world IBM Application Security on Cloud use cases CASE STUDIESA COMPLETE SOLUTIONAPPLICATION SECURITY IBM offers a complete portfolio of application security testing tools, used by leadingcompanies in fields as diverse as manufacturing1 and financial services2 to help protect applications, devices anddata. Sign up for a complimentary trial plan of IBM Application Security on Cloud. 1 “Large global automaker: Protecting the Connected Car Ecosystem,” IBM Corp., July 2016. 2 “Progressive Insurance: Proactively Protecting Data by Creating Appropriate Controls,” IBM Corp., May 2016. FOR MORE INFORMATION 13
  • 14. Unified Application (Mobile, Web & PC) Security Analyser Start a free trial: https://lnkd.in/gacAEa5 Tim Youm unifiedmobility@au1.ibm.com +61 416 176 573