SDLC Meets PCI Compliance: Securing Applications From the Inside Out

Your VP just resigned and took a position at your biggest competitor. Did you remember to examine the Salesforce logs to see if he downloaded your entire customer database and history of purchases? Do you even have access to those logs? And if you did, and found the obvious, how would it help now? Catching Bradley Manning who stole sensitive government information, Ross Klein who took with him an entire hotel brand concept and Gary Min that copied chemical formulas was too late for the US government, DuPont and Starwood hotels respectively.

In this presentation we look into how to proactively monitor user activity to detect potential threats from employees before the damage occurs. Focusing on how to effectively collect activity logs and analyze them against user, role and entitlement information, to detect abnormal activity, predict which employees may pose more threat if not loyal and to reduce the associated risk.

More and more security operations centers are transforming their operations from being reactive, to proactive and even predictive. Hear how big data technologies like Autonomy IDOL can be leveraged with traditional security monitoring tools for Social Network Monitoring and Data Loss Prevention (data in motion) to drive value and empower a “next generation SOC.”

Mobile devices are a hot trend amongst security topics this year. While most cover the angle of the device management, only few go into testing the applications. Since the mobile application vulnerability landscape is still young, there is a need to classify these vulnerabilities so that development teams can focus and root them out of their codebases. Join us as we explore the OWASP Mobile Top 10 classification system and metrics from a large case study of a real enterprise facing the deployment and assessment of a large number of mobile applications. Developers, Managers, and team leads will leave with resources and guidelines to start mobile security both at the process level and code level, including how to handle external mobile development teams they might contract. Get ahead of upcoming PCI compliance by addressing your mobile software early!

Compliance and security are better together and there are tools and resources that can be combined to achieve both. Learn the top 10 tips - such as continuous monitoring, assessing the controls, and cost-effective audit logs - to understand and implement best practices of compliance and security together.

Network security is not just about eliminating bad traffic, it is also about making sure applications and critical data are always available to the right audience at the right time. The right network security architecture can provide security for physical assets, but also extend protection for virtual and cloud computing infrastructures without impacting performance. In fact, unlike in the past, a network security product should never be considered a bottleneck due to deep packet inspection, but should actually be capable of improving bandwidth and performance.

About the Presenter:
Sanjay Raja, Director of Product Marketing for HP TippingPoint, is responsible for marketing of HP TippingPoint’s Network and Cloud Security solutions. He has over 12 years of experience in various Product Marketing, Product Management, and Alliances roles primarily in IT Security. He has been in the IT industry for the last 18 years with experience in Security, Networking, Servers and Storage and Network and Application Performance Testing. In addition he has authored several papers and presented at various industry events on security, compliance and testing. Prior to HP he has worked at Cabletron Systems, 3Com, Nexsi Systems, Spirent Communications, Top Layer Networks, Symantec and most recently Crossbeam Systems. Sanjay currently holds a B.S.EE and MBA from Worcester Polytechnic Institute.

While organizations continue to battle cyber criminals, it seems that security professions are always fighting a losing war. However, a new weapon has been building up within the domain of most organizations, one that can help tip the balance in favor of the good guys. Find out how we can take the massive amounts of information we are generating and turn it to help bring valuable intelligence that can stop cyber-attacks from compromising your enterprise.

Join us to explore the mobile application threat landscape and identify ways to prepare for reverse engineering and tampering attacks.

The mobile App Economy is growing explosively as businesses are seeking to embrace innovation to provide new products and services to consumers, partners, and employees. However, malicious hackers and criminal organizations are now targeting these applications with a growing number of sophisticated attacks. Security of mobile apps, rather than devices, has become the new focal point as well as a top level concern for all stakeholders.

In this webinar, mobile security experts, Jason Schmitt, Director of Product Management of HP Fortify and Vince Arneja, VP of Product Management of Arxan Technologies will explore the mobile application threat landscape to identify a wide range of threats from vulnerability based attacks to reverse engineering and tampering attacks. The presenters will also address how to achieve comprehensive mobile application security within the SDLC to manage risk and exposure for B2C, B2E and B2B applications and protect today’s App Economy from theft, fraud, malware invasion, and tampering. You will gain insights how to develop and launch vulnerability-free, self-defending, and tamper-proofed applications that can withstand the new attacks.

HP Fortify is the leader in Software Security Assurance with solutions that contain, remove, and prevent software vulnerabilities. Arxan Technologies is the leader in protecting the App Economy with application protection solutions that are deployed on over one hundred million devices by Fortune 500 and global financial services.

Don’t miss the results presentation of the 3rd Annual Cost of Cyber Crime Study, conducted by Ponemon Institute, sponsored by HP Enterprise Security. This research indicates that both the cost and frequency of cyber crime have continued to rise for the third straight year. According to this study of a benchmark sample of U.S. organizations, the occurrence of cyber attacks has more than doubled during this period, while the financial impact has increased by nearly 40 percent. This year’s study found that the average annualized cost of cybercrime incurred was $8.9 million. This represents a six percent increase over the average cost reported in 2011, and a 38 percent increase over 2010.

This webinar will focus on the UK and Germany results.
Attend this webinar and learn about how:

• Information theft and business disruption continue to represent the highest external costs.

• Recovery and detection remain the most costly internal activities associated with cyber crime.

• Deploying advanced security intelligence solutions can mitigate the impact of cyber attacks.

Register now!

Don’t miss the results presentation of the 3rd Annual Cost of Cyber Crime Study, conducted by Ponemon Institute, sponsored by HP Enterprise Security. This research indicates that both the cost and frequency of cyber crime have continued to rise for the third straight year. According to this study of a benchmark sample of U.S. organizations, the occurrence of cyber attacks has more than doubled during this period, while the financial impact has increased by nearly 40 percent. This year’s study found that the average annualized cost of cybercrime incurred was $8.9 million. This represents a six percent increase over the average cost reported in 2011, and a 38 percent increase over 2010.

Attend this webinar and learn about how:

•Information theft and business disruption continue to represent the highest external costs.
•Recovery and detection remain the most costly internal activities associated with cyber crime.
•Deploying advanced security intelligence solutions can mitigate the impact of cyber attacks.

Register now!

2012 3rd Annual Cost of Cyber Crime Study Results
Live Webinar
Presented by Larry Ponemon, Ponemon Institute
Sponsored by HP Enterprise Security

Don’t miss the results presentation of the 3rd Annual Cost of Cyber Crime Study, conducted by Ponemon Institute. This research indicates that both the cost and frequency of cyber crime have continued to rise for the third straight year. According to this study of a benchmark sample of U.S. organizations, the occurrence of cyber attacks has more than doubled during this period, while the financial impact has increased by nearly 40 percent. This year’s study also found that the average annualized cost of cybercrime incurred was $8.9 million. This represents a six percent increase over the average cost reported in 2011, and a 37 percent increase over 2010.

In conjunction with the third annual study of U.S. companies, for the first time cyber crime cost studies were also conducted in Japan, Australia, Germany, and the United Kingdom in 2012. Join us for this live webinar where we will compare the U.S. study findings with those from the Japan and Australia studies.

Attend this webinar and learn about how:

• Information theft and business disruption continue to represent the highest external costs.
• Recovery and detection remain the most costly internal activities associated with cyber crime.
• Deploying advanced security intelligence solutions can mitigate the impact of cyber attacks. Register now!

As organizations develop their strategy for cloud computing, maximizing business benefit while minimizing risk is key. This talk focuses on the 5 most critical considerations when adopting cloud as a business enabler. As IT complexity grows exponentially with choice, security is often an afterthought that places the business at a disadvantage. Learn the key considerations that can keep your security posture up, your risk down, and business benefit maximized.

In the wake of Wikileaks breaches in recent years, resulting from insider threat breaches, organizations began looking not only at perimeter defense but also at solutions that serve as a “Single Pane of Glass” in order to monitor and thwart insider threat and data loss activities. Specifically, organizations want to incorporate disparate applications, processes and mobile devices into the Single Pane of Glass view. In this webinar, you will learn how HP Enterprise Security solved these types of customer challenges to ensure that their “Wiki doesn’t leak.”

Speaker: Ray Patterson, Vice President of Global Services, HP Enterprise Security Products

About Ray Patterson
Ray is a veteran information security executive, having held leadership roles at VeriSign, Oracle, ArcSight, and currently at HP Enterprise Security Products (ESP). In his present role, Ray leads the Global Government Services business where his organization solves critical cyber security challenges for customers through the ESP portfolio of security solutions such as ArcSight, Fortify and Tipping Point. He also frequently presents and speaks on emerging cyber security issues impacting business and government. Ray is a retired Lieutenant Colonel, U.S Army, and is a graduate of George Washington University (MBA), George Mason University (BS), Virginia Tech (BA), and is a Certified Public Accountant.

The emergence of Enterprise 2.0 with social, mobile, local, and cloud applications within the enterprise has increased IT infrastructure management challenges with an increasing number of IT assets. Bring your own device (BYOD) is no longer an option for the enterprise. Your business needs an open IT architecture to facilitate collaboration between customers and employees, but your IT operations cannot fully support it due to security issues. How do you align business and IT needs while keeping your enterprise secure? This webcast talks about how to seamlessly integrate the Network Operations Center (NOC) and the Security Operations Center (SOC) to secure your IT infrastructure and empower your organization to collaborate with your ecosystem effectively.

Speaker Bio:
Sridhar Karnam, Product Marketing Manager, HP Enterprise Security Products. Sri Karnam is a subject matter expert on IT operations and security challenges, and has over 10 years of experience managing IT and security software products through their entire lifecycle. He has an MBA from Wigan & Leigh College in the UK, and an MS in Engineering Management from Santa Clara University. In his spare time, Sri enjoys building robots.

Social networking for most of us is becoming wrapped into our DNA. This is especially important for the next generation workforce. Additionally, the employees today and those of tomorrow will expect the capability to blog and social network with corporate assets and corporate bandwidth. Additionally, these technologies are being widely used for corporate marketing and communication. That is why it's important to look at all aspects of securing your infrastructure and more importantly, the people that drive your organization today. This involves educating people, corporate process and the right security technologies. The following session will cover the benefits and the security risks inherit with social networking across all business verticals. Additionally, the author will provide a use case analysis of information that is gathered via web beacons that harvest information unknowing to the user.

The amount of digital data is exploding exponentially. It is being generated, transmitted and exchanged much faster, by more sources and in different formats than ever before. At the same time, the number of attempts to infiltrate organizations to steal and profit from the unauthorized use of critical data is skyrocketing. Not only are financially motivated criminals conducting more attacks on organizations, there has also been a dramatic increase in the number of data theft attempts by nation states and politically motivated hacking groups. We will discuss new technological innovation that enables HP ArcSight SIEM solutions to maintain the security of organizational IT assets by detecting more incidents and addressing larger sets of log data.

Join us to explore the mobile application threat landscape and identify ways to prepare for reverse engineering and tampering attacks.

The mobile App Economy is growing explosively as businesses are seeking to embrace innovation to provide new products and services to consumers, partners, and employees. However, malicious hackers and criminal organizations are now targeting these applications with a growing number of sophisticated attacks. Security of mobile apps, rather than devices, has become the new focal point as well as a top level concern for all stakeholders.

In this webinar, mobile security experts, Jason Schmitt, Director of Product Management of HP Fortify and Vince Arneja, VP of Product Management of Arxan Technologies will explore the mobile application threat landscape to identify a wide range of threats from vulnerability based attacks to reverse engineering and tampering attacks. The presenters will also address how to achieve comprehensive mobile application security within the SDLC to manage risk and exposure for B2C, B2E and B2B applications and protect today’s App Economy from theft, fraud, malware invasion, and tampering. You will gain insights how to develop and launch vulnerability-free, self-defending, and tamper-proofed applications that can withstand the new attacks.

HP Fortify is the leader in Software Security Assurance with solutions that contain, remove, and prevent software vulnerabilities. Arxan Technologies is the leader in protecting the App Economy with application protection solutions that are deployed on over one hundred million devices by Fortune 500 and global financial services.

Vulnerabilities that exist in today’s commercial and custom software are the primary target for attackers. The most severe of these vulnerabilities are those that can result in remote code execution – that is an attacker can take complete control of another system for the purposes of stealing information, defacing property or just causing trouble. In this session, Brian Gorenc, will demonstrate how to analyze a vulnerability and the steps required to weaponize it. Centering on a vulnerability in a Microsoft application, the demo will show you how an attacker can quickly move from proof-of-concept to remote code execution. The discussion will also include thoughts on mitigation strategies for reducing risk.

Are you wondering what you should do to fight cyber terrorism? Hacktivist groups like Lulzsec and Anonymous are encouraging fellow hackers to open fire on any organization or agency that crosses their path. That adds a lot of pressure on all security professionals. Join cyber security expert Narayan Makaram, Director of Solutions Marketing, Enterprise Security at Hewlett-Packard, to learn:

· Why hackers are going after big and small organizations worldwide

· What you should do… and NOT do

· How to prepare for The Day should things go south

We will also cover the best practices organizations worldwide have implemented to better prepare themselves against cyber terrorism.