Hi [[ session.user.profile.firstName ]]

Medical Device Security: An Industry Under Attack and Unprepared to Defend

A recent survey commissioned by Synopsys was designed to understand the risks to clinicians and patients due to insecure medical devices. The resulting report identified some expected findings, but others were extremely surprising. For instance, 67% of medical device manufacturers and 56% of healthcare delivery organizations believe an attack on a medical device built or in use by their organization is likely to occur over the next 12 months. Join Larry Ponemon of the Ponemon Institute and Mike Ahmadi of Synopsys as they discuss report highlights. They will also provide insight and predictions regarding the future of security in the medical device and healthcare industries.
Recorded Jun 21 2017 49 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Larry Ponemon, Chairman of Ponemon Institute & Mike Ahmadi, Director of Critical Systems Security of Synopsys
Presentation preview: Medical Device Security: An Industry Under Attack and Unprepared to Defend

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Fuzz Testing From Synopsys Recorded: Nov 2 2017 2 mins
    Synopsys
    What if you could test software for unknowns? You can with fuzz testing. Fuzz testing manipulates input data to send until the malformed input causes the software to crash. Our fuzzing solution provides pre-built test suites that eases the burden of manual black box test creation. And our fuzz testing solution runs on any VM or Windows or Linux computer to produce a detailed remediation package that helps identify and fix software issues fast.
  • Software Composition Analysis from Synopsys Recorded: Nov 2 2017 2 mins
    Synopsys
    Wouldn’t it be great to minimize the risks of 3rd party code? Introducing software composition analysis – or SCA -- from Synopsys. Our SCA solution quickly and accurately scans virtually any software package. It produces a bill of materials listing third-party components, their versions, and their location. And our SCA solution runs on either source code or binary, either as a managed service, or as an on premise virtual appliance, so that you always know for certain what’s in your software.
  • Synopsys is Software Security Recorded: Nov 2 2017 2 mins
    Synopsys
    As the world's 16th largest software company, Synopsys has a history of being a global leader and was recognized by Gartner as a leader in software quality and security solutions. At Synopsys, we offer the most comprehensive solution for integrating security and quality into your SDLC and supply chain and work with over 1,500 industry-leading companies across all sectors including: 17 of the top 20 commercial banks 9 of the top 10 software companies 4 of top 5 managed healthcare firms 3 of top 4 US wireless providers By injecting software quality and security at the right time, at the right depth within your development environment, our software integrity platform promotes productivity and efficiency that empowers customers to develop secure, high-quality software. Our testing solutions improve the accuracy of findings, speeds up the delivery of results, and reduces the level of noise faced by developers.
  • Software Architecture & Design from Synopsys Recorded: Nov 2 2017 2 mins
    Synopsys
    How well do your security controls align with industry best practices? Software design flaws account for up to 50 percent of security vulnerabilities. If you are only checking for bugs in your code or running fuzz tests against your system you might still miss up to half of the security vulnerabilities in your software. Auditing controls, authorizations, and component updates are essential strategies to help reduce security flaws and lower your risk of a breach. But how do you know whether they are implemented correctly? Introducing Software Architecture and Design from Synopsys. Our experts evaluate the design of your key security controls against industry best practices to determine if any are misconfigured, weak, misused, or missing.
  • Red Teaming from Synopsys Recorded: Nov 2 2017 2 mins
    Synopsys
    Do you know how well your organization's people, processes, and technologies can withstand a real-life cyberattack? What level of access and information that an attacker might gain? Personal Identifying Information, Personal Account Number, or corporate intellectual property. What damage might a severe data breach cause? What harm such an attack might bring to the organization’s brand and reputation? Introducing Red Teaming from Synopsys. Red Teaming simulates an attack on the client’s organization to measure how well their people, process, and technologies can withstand a real-life attack situation.
  • Building Security In Maturity Model or BSIMM from Synopsys Recorded: Nov 2 2017 2 mins
    Synopsys
    Your company spends a certain amount of money and time on its software security initiative but serious security initiative questions remain. Are we spending enough in Processes? Technology? People? Do the security efforts we have in place today even make sense? And, more critically, what are the other guys doing? Wouldn't it be great if you could compare your security model to others? You can. Introducing Building Security In Maturity Model or BSIMM from Synopsys. It's an analytical process that compares observations of your own software security initiative with that of others.
  • Managed Services from Synopsys Recorded: Nov 2 2017 2 mins
    Synopsys
    Really good security experts are difficult to find and expensive to hire. On top of that, you may not have a consistent need for their skill set. Wouldn't it be great to pay only for what you need, only when you need it? Introducing Managed Services from Synopsys, a security-as-a-service (SaaS) for all your software security needs.
  • Silver Bullet Podcast #139 with Matias Madou Recorded: Oct 31 2017 26 mins
    Gary McGraw
    Matias Madou is a co-founder and the CTO of Secure Code Warrior, where he provides the company’s technology vision and oversees the engineering team. He has over 15 years of hands-on software security experience. Matias was a researcher at HP Fortify and a founder of Sensei Security. He also holds 10 patents and has been very active in technology transfer from the lab to commercial products. He’s a sought-after speaker as well, and we’re proud of his presence at the 2017 BSIMM Community Conference. Matias holds a Ph.D. in computer engineering from Ghent University and currently lives in Belgium with his family.

    Listen as Gary and Matias talk about effective software security testing methods, security research, secure development training, and more.
  • Getting Application Security Up to Speed with DevOps Recorded: Oct 10 2017 58 mins
    Scott Crawford, Research Director of Information Security with 451 Research, Meera Subbarao with Synopsys,
    The DevOps revolution continues to advance – and security must advance with it. Too often, however, approaches to application security remain stuck in the past. Throwing security assessment results over the fence to developers never really worked, and it certainly won’t survive the transition to DevOps and CI/CD, where agile techniques and automation set a demanding pace.

    In this webinar, Scott Crawford, Research Director of Information Security with 451 Research, and Meera Subbarao with Synopsys, will highlight:

    •The many points of opportunity DevOps present to engage in real collaboration across security, development and operations teams (it’s not just about testing!)
    •How DevOps introduces opportunities to “shift left” with the security investment, and reduce the cost impact of security remediation and response
    •Where and how security efforts can capitalize on automation and integration with DevOps toolsets
    •Sourcing expertise: Security and development both require specialized expertise. Security in DevOps requires a unique mix of both. How can you find it?
  • Silver Bullet Podcast #138 with Nicole Perlroth Recorded: Sep 29 2017 32 mins
    Gary McGraw
    Nicole Perlroth covers cyber security for the New York Times. Before joining the San Francisco bureau in 2011, she was deputy editor at Forbes where she covered venture capital and web start-ups. Nicole is the recipient of several journalism awards for her reporting on efforts by the chinese government to steal military and industrial trade secrets. She is currently working on a cyber security book, This Is How They Tell Me the World Ends for Penguin/Portfolio (2017). She holds a B.A. in Politics and Near Eastern Studies from Princeton and a M.A. in Journalism from Stanford. She’s a native of the Bay Area where she still lives.

    Listen as Gary and Nicole talk about life as a cyber security journalist, being a woman in the security industry, and playing up the sex appeal of cyber security.
  • Silver Bullet Podcast #137 with Wafaa Mamilli Recorded: Aug 30 2017 32 mins
    Gary McGraw
    Wafaa Mamilli is Vice President, Chief Information Security Officer (CISO) at Eli Lilly and Company where she leads a global, enterprise-wide information and product security organization. She started her career consulting in Paris prior to joining Lilly France in 1995. Before being named CISO, Wafaa held several international leadership responsibilities across Lilly, including a stint as Information Officer of their diabetes division.
  • Systems Failures Fuel Security-Focused Design Practices Recorded: Aug 2 2017 47 mins
    Christopher Rommel, Executive Vice President, VDC Research and Joe Jarzombek,Security Strategist, Synopsys
    Today’s electronic systems are more intelligent, more connected, and more at risk than ever before. A single vulnerability can lead to widespread system-of-systems compromises. Organizations participating in security-critical industries like Aerospace and Defense (A&D) are especially at risk.

    In this webinar, Christopher Rommel from VDC and Joe Jarzombek from Synopsys will discuss the results from a recent report highlighting issues facing these organizations. They will also identify what considerations need to be made for the security of software that enables and controls system functionality.

    This webinar will explore:
    • The importance of quality and security in current projects
    • The amount of code re-use from previous projects
    • How automated quality and security testing tools can integrate into your current SDLC
  • Silver Bullet Podcast #136 with Pavi Ramamurthy Recorded: Jul 31 2017 32 mins
    Gary McGraw
    Pavi Ramamurthy manages the security ecosystem at LinkedIn as a Senior Information Security Manager. The Security Ecosystem team holds much of the responsibility for software security at the firm, including: software security training, awareness, bug herding, application vulnerability response, program management, and security positioning for partners and customers. Pavi has over 20 years of experience in software engineering and development, coupled with 10 years of hands on security experience. She has also worked in various capacities at VMware, Determina, Vitria Technology, and 3Com. Pavi holds an MS in Computer Engineering from Santa Clara University and she lives in Silicon Valley with her family.

    Listen as Pavi and Gary discuss whether a background in development makes you a better software security resource, CI/CD, security testing, the role that office hours play in software security awareness, and more.
  • The Side Effects of the Internet of Things Recorded: Jul 25 2017 43 mins
    Chenxi Wang, ITSPmagazine | Ted Harrington, ISE | Gary Hayslip, Webroot | Mike Ahmadi, Synopsys
    - Broadcast LIVE from Las Vegas during Black Hat 2017 -
    Innovation is moving so fast. Each day there's a new device or technological service to hit the market designed to make our lives easier, more convenient, and perhaps even healthier. They listen to us, watch us, learn about us. They help us make decisions. They “guess” our next move - our pending desire. They make decisions - even take action on our behalf. As a society we snatch up these new devices as quickly as they hit the shelves and use them with open arms, unknowingly putting our privacy and safety at risk.

    How many devices are there? What are they used for? In this session, we’ll focus on the side effects associated with devices used to run our countries, our cities, our homes, our lives - even our physical being.

    Ultimately, it’s about the lack of cybersecurity - because there is a lack of cybersecurity, there’s no conversation about it, and therefore there is no understanding (awareness) of what’s at risk for using these devices. It’s not necessarily a bad thing - but the fact we are making uninformed decisions as a society means we could be putting ourselves and our loved ones at risk without even knowing it.

    This panel is part 1 of 2 parts - it’s all about the lack of security and the side effects it has on us as individuals and as a society. What are we trading in exchange for using these devices to make our lives “better”? Bottom line... are you (we) surrendering to the technology?

    PANELISTS
    - Ted Harrington, Executive Partner at Independent Security Evaluators
    - Gary Hayslip, Vice President & CISO, Webroot
    - Mike Ahmadi, Director of Critical Systems Security, Synopsys Software Integrity Group

    MODERATOR
    - Chenxi Wang, Host of The New Factor on ITSPmagazine
  • State of Software Composition 2017 - What's in your app? Recorded: Jul 12 2017 34 mins
    Robert Vamosi, CISSP and Security Strategist at Synopsys
    So much of the software today is created using third-party code, and why not? After all, it’s quicker and cheaper than building from scratch. Using third-party software, however, isn’t without challenges as the recent report The State of Software Composition Analysis 2017 reveals. In this webinar, the presenters will not only share highlights from this report, but they’ll also explore:

    •The use of trusted repositories for open source software, preferably from the source.
    •The use of SCA to monitor the ongoing state of software decay.
    •The need to update third-party software libraries as appropriate throughout the lifecycle.
  • What You Need To Know About Petya/NotPetya & Cyber Attack Protection Recorded: Jul 11 2017 59 mins
    Eric Hanselman (451 Research), May Wang (ZingBox), Ted Harrington (ISE), Mike Ahmadi (Synopsys)
    Another widespread cyber attack in late June wreaked havoc across businesses, organizations, banks, government agencies, utility companies, shipping companies, and even power plants. Was this a ransomware attack or something more sinister?

    Join this panel of industry leaders and security experts for an interactive session on:
    - Why cybersecurity is a key focus for enterprises and organizations worldwide
    - Why ransomware protection is more crucial than ever
    - How to best prepare against future cyber attacks
    - Steps your organization should take today to ensure data security. Short term steps and long-term strategy

    Speakers:
    - May Wang, Co-founder & CTO of ZingBox
    - Ted Harrington, Executive Partner at Independent Security Evaluators
    - Mike Ahmadi, Director of Critical Systems Security, Synopsys Software Integrity Group

    Moderator:
    - Eric Hanselman, Chief Analyst at 451 Research
  • Silver Bullet Podcast #135 with Ksenia Dmitrieva-Peguero Recorded: Jun 29 2017 26 mins
    Gary McGraw
    Ksenia Dmitrieva-Peguero is a Principal Consultant within Synopsys’ Software Integrity Group. She is a subject matter expert in a variety of software security practices including static analysis tool design and execution, customization, and deployment. She is also an expert in the areas of penetration testing and threat modeling. Throughout her career as a consultant, Ksenia has established and evolved secure coding guidance and best practices for many different firms, and has delivered numerous software security training sessions. She speaks regularly at events around the world on topics such as HTML5, CSP, and JavaScript. Ksenia holds degrees in Education and Computer Science from Clemson University, and an MS in Computer Science from George Washington University. She lives in Virginia with her husband and newborn daughter.

    Listen as Gary and Ksenia discuss software security awareness, AngularJS, security conferences, and more.
  • Medical Device Security: An Industry Under Attack and Unprepared to Defend Recorded: Jun 21 2017 49 mins
    Larry Ponemon, Chairman of Ponemon Institute & Mike Ahmadi, Director of Critical Systems Security of Synopsys
    A recent survey commissioned by Synopsys was designed to understand the risks to clinicians and patients due to insecure medical devices. The resulting report identified some expected findings, but others were extremely surprising. For instance, 67% of medical device manufacturers and 56% of healthcare delivery organizations believe an attack on a medical device built or in use by their organization is likely to occur over the next 12 months. Join Larry Ponemon of the Ponemon Institute and Mike Ahmadi of Synopsys as they discuss report highlights. They will also provide insight and predictions regarding the future of security in the medical device and healthcare industries.
  • Don’t WannaCry? Here’s How to Stop Those Ransomware Blues Recorded: Jun 14 2017 22 mins
    Steve Cohen, Product Marketing Manager, Synopsys & Robert Vamosi, CISSP and Security Strategist, Synopsys
    After taking the world by storm, it’s time to dig into the WannaCry ransomware worm to learn how a decades-old technique is still catching us off-guard. We’ll also examine how to safeguard your organization in the future against this type of attack.

    In this webinar, our experts will discuss the benefits of securing your organization's software to keep the bad actors from pivoting from vulnerabilities in the network layer to those in the application layer. We'll show you how to shrink the time to value in the market without compromising quality and security via a secure SDLC.
  • Silver Bullet Podcast #134 with Kelly Jackson Higgins Recorded: May 24 2017 25 mins
    Gary McGraw
    Kelly Jackson Higgins is the Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with over 20 years of experience as a reporter and editor. Publications that Kelly has been associated with include Network Computing, Secure Enterprise Magazine, Communications Week, and more. Kelly’s coverage of computer (i.e., cyber) security has led her to be selected as one of the top 10 cybersecurity journalists in the U.S. She holds a BA from the College of William and Mary where she also played on the women’s soccer team. She currently lives near Charlottesville, VA.

    Listen as Gary and Kelly discuss how to separate fact from fiction when it comes to news in security, changes in security-focused journalism in recent years, social media, security politics, and more.
Application security is a journey.
We go beyond traditional application testing to empower you to build security into your software at every stage of your development process. We offer application testing and remediation expertise, guidance for structuring a software security initiative, training, and professional services for a proactive approach to application security.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Medical Device Security: An Industry Under Attack and Unprepared to Defend
  • Live at: Jun 21 2017 4:00 pm
  • Presented by: Larry Ponemon, Chairman of Ponemon Institute & Mike Ahmadi, Director of Critical Systems Security of Synopsys
  • From:
Your email has been sent.
or close