Name: Medical Device Security: An Industry Under Attack and Unprepared to Defend
Start: 2017-06-21T16:00:00Z
End: 2017-06-21T16:48:49.000Z
Location: BrightTALK
Rating: 4.33

We go beyond traditional application testing to empower you to build security into your software at every stage of your development process. We offer application testing and remediation expertise, guidance for structuring a software security initiative, training, and professional services for a proactive approach to application security.

And all that code needs to be secure. This presentation will discuss what happens when unsecured code on IoT/Embedded devices are released to the unsuspecting public and how the security industry (Synopsys) can help prevent this in the future.  I will cover how the latest software development techniques can also incorporate the latest cutting edge tools to help eliminate security vulnerabilities before they make it to production. And finally how you can be a part of the solution instead of part of the problem.

Software is eating the world. The Embedded World that is.

Elena Kvochko is the CIO for the Group Security Function within a leading financial services organization. Previously she was an information technology manager at World Economic Forum, where she led global partnership programs on cyber resilience and the Internet of Things. She was also responsible for building relationships with information technology industry partners. Elena is the author of numerous articles and has contributed to Forbes, the New York Times, Harvard Business Review, and other media outlets. She is also a member of the Wall Street Journal CIO Network. She holds full CISSP and CEH certifications and has a master’s degree in technology policy from the University of Massachusetts, as well as executive certificates from MIT and Yale. She lives in New York City.

Listen as Gary and Elena discuss security policy, security technology, the role of a CIO, holistic security tactics, the economics of a security breach, and more.

Silver Bullet Podcast #143 with Elena Kvochko

SAST, IAST, DAST, MAST, *AST – There are plenty of technologies and ways to test your software, but how do we do that without slowing us down in a rapid development environment. In this talk we will give practical advice on how to integrate software security testing into your CI/CD and your development process so it works. The talk will review the pros and cons of each of the testing technologies, and how to adapt it to rapid development, and how to manage the balance between risk and speed to build a proper signoff process, so that real threats will become blockers, but other issues will be handled in a parallel slower cycle, without slowing down the main delivery.

*AST in CI/CD - How to Make it Work

Craig Froelich is the chief information security officer (CISO) for Bank of America. He leads the Global Information Security team responsible for security strategy, policy, and programs. Before moving to Bank of America through acquisition, he was responsible for Countrywide’s cyber security technology, networks, crisis management, and security operations. Craig has over a decade of experience in product management and application development for software and hardware companies. He also serves on the board of FS-ISAC and the executive committee of BITS. On Twitter, he describes himself as “a SoCal dude learning to be a southern gentleman” as a Los Angeles transplant to Charlotte, North Carolina, where he lives with his family.

Listen as Gary and Craig discuss the role of the CISO in the financial services ecosystem and the newly released 2018 CISO Report.

Silver Bullet Podcast #142 with Craig Froelich

Bruce Potter is CISO at Expel, where he is responsible for cyber risk and ensuring the secure operation of Expel’s services. Previously, Bruce co-founded Ponte Technologies (sold to KeyW Corporation). He then served as CTO at KeyW for 2 years. Before that, Bruce was a security consultant at Cigital. In a seemingly previous life, Bruce founded the Shmoo Group. To this day, he helps run the annual hacker conference ShmooCon. He has co-authored several books, including “802.11 Security,” “Aggressive Network Self-Defense,” and “Host Integrity Monitoring.” Bruce regularly speaks at DEF CON, Black Hat, and O’Reilly Security conferences. He lives in Maryland with his family.

Listen as Gary and Bruce discuss ShmooCon, the state of software security books, network security trends, hacking back, the relationship between preventative security engineering and operational security, DevOps, the CISO role, and more.

Silver Bullet Podcast #141 with Bruce Potter

What if you could test software for unknowns? You can with fuzz testing. Fuzz testing manipulates input data to send until the malformed input causes the software to crash. Our fuzzing solution provides pre-built test suites that eases the burden of manual black box test creation. And our fuzz testing solution runs on any VM or Windows or Linux computer to produce a detailed remediation package that helps identify and fix software issues fast.

Fuzz Testing From Synopsys

Wouldn’t it be great to minimize the risks of 3rd party code? Introducing software composition analysis – or SCA -- from Synopsys. Our SCA solution quickly and accurately scans virtually any software package. It produces a bill of materials listing third-party components, their versions, and their location. And our SCA solution runs on either source code or binary, either as a managed service, or as an on premise virtual appliance, so that you always know for certain what’s in your software.

Software Composition Analysis from Synopsys

As the world's 16th largest software company, Synopsys has a history of being a global leader and was recognized by Gartner as a leader in software quality and security solutions. At Synopsys, we offer the most comprehensive solution for integrating security and quality into your SDLC and supply chain and work with over 1,500 industry-leading companies across all sectors including: 17 of the top 20 commercial banks 9 of the top 10 software companies 4 of top 5 managed healthcare firms 3 of top 4 US wireless providers By injecting software quality and security at the right time, at the right depth within your development environment, our software integrity platform promotes productivity and efficiency that empowers customers to develop secure, high-quality software. Our testing solutions improve the accuracy of findings, speeds up the delivery of results, and reduces the level of noise faced by developers.

Synopsys is Software Security

How well do your security controls align with industry best practices? Software design flaws account for up to 50 percent of security vulnerabilities. If you are only checking for bugs in your code or running fuzz tests against your system you might still miss up to half of the security vulnerabilities in your software. Auditing controls, authorizations, and component updates are essential strategies to help reduce security flaws and lower your risk of a breach. But how do you know whether they are implemented correctly? Introducing Software Architecture and Design from Synopsys. Our experts evaluate the design of your key security controls against industry best practices to determine if any are misconfigured, weak, misused, or missing.

Software Architecture & Design from Synopsys

Do you know how well your organization's people, processes, and technologies can withstand a real-life cyberattack? What level of access and information that an attacker might gain? Personal Identifying Information, Personal Account Number, or corporate intellectual property. What damage might a severe data breach cause? What harm such an attack might bring to the organization’s brand and reputation? Introducing Red Teaming from Synopsys. Red Teaming simulates an attack on the client’s organization to measure how well their people, process, and technologies can withstand a real-life attack situation.

Red Teaming from Synopsys

Your company spends a certain amount of money and time on its software security initiative but serious security initiative questions remain. Are we spending enough in Processes? Technology? People? Do the security efforts we have in place today even make sense? And, more critically, what are the other guys doing? Wouldn't it be great if you could compare your security model to others? You can. Introducing Building Security In Maturity Model or BSIMM from Synopsys. It's an analytical process that compares observations of your own software security initiative with that of others.

Building Security In Maturity Model or BSIMM from Synopsys

Really good security experts are difficult to find and expensive to hire. On top of that, you may not have a consistent need for their skill set. Wouldn't it be great to pay only for what you need, only when you need it? Introducing Managed Services from Synopsys, a security-as-a-service (SaaS) for all your software security needs.

Managed Services from Synopsys

Matias Madou is a co-founder and the CTO of Secure Code Warrior, where he provides the company’s technology vision and oversees the engineering team. He has over 15 years of hands-on software security experience. Matias was a researcher at HP Fortify and a founder of Sensei Security. He also holds 10 patents and has been very active in technology transfer from the lab to commercial products. He’s a sought-after speaker as well, and we’re proud of his presence at the 2017 BSIMM Community Conference. Matias holds a Ph.D. in computer engineering from Ghent University and currently lives in Belgium with his family.

Listen as Gary and Matias talk about effective software security testing methods, security research, secure development training, and more.

Silver Bullet Podcast #139 with Matias Madou

Cybersecurity has become one of the areas where substantive diligence should be conducted not as an afterthought but as an integral part of the M&A process for any deal, particularly those that involve targets with any kind of online presence. The continued growth in the use of open source software underscores the importance of thorough software due diligence. This webinar examines key open source software-related issues and deal points in M&A, licensing and other transactions. Understanding these key legal and technical risks, as well as strategies for mitigating them, will help you speed and smooth negotiations, avoid protracted due diligence and get better deal terms.

Successfully Navigating Open Source Software Issues in M&A

The DevOps revolution continues to advance – and security must advance with it. Too often, however, approaches to application security remain stuck in the past. Throwing security assessment results over the fence to developers never really worked, and it certainly won’t survive the transition to DevOps and CI/CD, where agile techniques and automation set a demanding pace.

In this webinar, Scott Crawford, Research Director of Information Security with 451 Research, and Meera Subbarao with Synopsys, will highlight:

•The many points of opportunity DevOps present to engage in real collaboration across security, development and operations teams (it’s not just about testing!)
•How DevOps introduces opportunities to “shift left” with the security investment, and reduce the cost impact of security remediation and response
•Where and how security efforts can capitalize on automation and integration with DevOps toolsets
•Sourcing expertise: Security and development both require specialized expertise. Security in DevOps requires a unique mix of both. How can you find it?

Getting Application Security Up to Speed with DevOps

Nicole Perlroth covers cyber security for the New York Times. Before joining the San Francisco bureau in 2011, she was deputy editor at Forbes where she covered venture capital and web start-ups. Nicole is the recipient of several journalism awards for her reporting on efforts by the chinese government to steal military and industrial trade secrets. She is currently working on a cyber security book, This Is How They Tell Me the World Ends for Penguin/Portfolio (2017). She holds a B.A. in Politics and Near Eastern Studies from Princeton and a M.A. in Journalism from Stanford. She’s a native of the Bay Area where she still lives.

Listen as Gary and Nicole talk about life as a cyber security journalist, being a woman in the security industry, and playing up the sex appeal of cyber security.

Silver Bullet Podcast #138 with Nicole Perlroth

Wafaa Mamilli is Vice President, Chief Information Security Officer (CISO) at Eli Lilly and Company where she leads a global, enterprise-wide information and product security organization. She started her career consulting in Paris prior to joining Lilly France in 1995. Before being named CISO, Wafaa held several international leadership responsibilities across Lilly, including a stint as Information Officer of their diabetes division.

Silver Bullet Podcast #137 with Wafaa Mamilli

Today’s electronic systems are more intelligent, more connected, and more at risk than ever before. A single vulnerability can lead to widespread system-of-systems compromises. Organizations participating in security-critical industries like Aerospace and Defense (A&D) are especially at risk.

In this webinar, Christopher Rommel from VDC and Joe Jarzombek from Synopsys will discuss the results from a recent report highlighting issues facing these organizations. They will also identify what considerations need to be made for the security of software that enables and controls system functionality. 

This webinar will explore:
• The importance of quality and security in current projects
• The amount of code re-use from previous projects
• How automated quality and security testing tools can integrate into your current SDLC

Systems Failures Fuel Security-Focused Design Practices

A recent survey commissioned by Synopsys was designed to understand the risks to clinicians and patients due to insecure medical devices. The resulting report identified some expected findings, but others were extremely surprising. For instance, 67% of medical device manufacturers and 56% of healthcare delivery organizations believe an attack on a medical device built or in use by their organization is likely to occur over the next 12 months. Join Larry Ponemon of the Ponemon Institute and Mike Ahmadi of Synopsys as they discuss report highlights. They will also provide insight and predictions regarding the future of security in the medical device and healthcare industries.

Medical Device Security: An Industry Under Attack and Unprepared to Defend

security

software

Intellectual property law is crucial to ensuring that you or your organization have exclusive rights to that assets that you’ve created. The BrightTALK intellectual property community has thousands of professionals focused on learning and exchanging information about intellectual property management, intellectual property software and how to protect intellectual property. Join the community for access to free, interactive presentations or attend live webinars to have your questions answered by IP lawyers and industry experts.

Intellectual Property

The legal community on BrightTALK combines the fields of employment law, e-discovery, intellectual property and environmental law to create a thriving ecosystem of legal resources. Attend live and on-demand webinars dealing with employment contract law, e-discovery solutions, intellectual property software and sustainable development from leading lawyers and legal professionals to gain knowledge in a wide range of fields. Join the community and be part of the conversation by attending live legal webinars and connecting with industry thought leaders.

Legal

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Internal audit and compliance professionals are facing increasingly stringent regulatory requirements when it comes to compliance reporting and internal control procedures. Join the audit and compliance community to learn best practices from thought leaders on topics such as regulatory compliance, internal audit checklists and audit program strategies.

Audit and Compliance

Get powerful market trends insights that are shaping the M

Mergers and Acquisitions

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

Medical Device Security: An Industry Under Attack and Unprepared to Defend

Presented by

About this talk

More from this channel