With most of an organization’s security spend allocated to perimeter defense, hackers have had to look for other ways in. The network is secure, so how else can they break into an enterprise to steal sensitive data? The answer—software. Vulnerabilities in software code are like big “welcome!” signs
With most of an organization’s security spend allocated to perimeter defense, hackers have had to look for other ways in. The network is secure, so how else can they break into an enterprise to steal sensitive data? The answer—software. Vulnerabilities in software code are like big “welcome!” signs to cyber criminals, and fixing those vulnerabilities generally requires a committed investment in the people, the process and the technology necessary to secure both internally-developed and externally-acquired applications. Why and how should organizations like yours get started in addressing application security as a critical component of your security strategy? This session will share results from hundreds of application assessments across multiple industries and answer some critical questions related to evaluating risk and determining next steps that fit your organization’s needs.
RecordedJun 9 201161 mins
Your place is confirmed, we'll send you email reminders
Join Keyaan Williams, Senior Executive, C|CISO Programs at EC-Council for his Corporate Governance for CISOs webinar series! The second webinar in the series will cover the topic of Board Presentations from an IS executive perspective. This session focuses on reporting the right metrics to the right people. What metrics should the CISO collect? Where do these metrics exist? What are the best ways to present this information to the board of directors and other organizational leaders?
You should assume that during 2016 your data will be subject to an attack from Cyber Criminals. Therefore you need to ask yourself… Where are you most vulnerable? What door has been left open?
We launched on February 18th our Webinar Series entitled Assumption of Attack, demonstrating how our market leading Smart Protection Suite delivers multi-layered protection for your business.
Our fifth webinar will look behind Door 5, Central Management. How can you centrally manage threat and data policies across your IT infrastructure? What are the benefits of a user-centric visibility across your environment?
The proliferation of Ransomware has ushered in a new wave of extortionware and a new generation of malware attacks. While these types of attacks are not new, they have become more insidious and sophisticated, growing in popularity in concert with the expansion of electronic payment systems such as bitcoin. In April, the US and Canada both issued formal warnings and suggestions, but how much that is reported about this new malware is true? Are we being naïve in our efforts to block these Ransomware attacks?
Attend this webcast to learn not only the truth behind Ransomware attacks, but also how to protect your organization utilizing a holistic and unifying visibility into your network and endpoints. Secureworks Security Analysis Senior Consultant, Harlan Carvey will answer vital questions about the nature of Ransomware and provide more insight into the actors, their methods, and their motivations:
- What is Ransomware?
- How does it proliferate?
- How do I detect and block it?
- How do I know what systems are compromised or how the attacker got in?
- Do I pay the ransom if I am attacked?
- How do I ensure that I don’t become a victim (again)?
Despite increasing cloud adoption in IT departments, many organizations are still concerned with data security. Those concerns are amplified by the loss of physical control over data and the potential for mismanagement of those assets when migrating to the cloud. As a result, this is often the top barrier to cloud deployment. However, with cloud innovations growing exponentially, the new wave of security solutions is breaking down those barriers.
In this webinar, Alert Logic cyber security evangelist, Paul Fletcher, will provide you with insight on how to get over hybrid cloud security hurdles and discuss:
• Common misconceptions surrounding hybrid cloud security
• Key strategies to secure a hybrid cloud environment
• Solutions to security threats within multiple hybrid cloud environments
As organizations migrate to services like Google Apps and Office 365, there is a growing need to secure data both in the cloud and across mobile devices. With CASB, IT administrators can distinguish between managed and unmanaged mobile devices without invasive agents, yet are able to limit access to sensitive data using granular policy controls. CASBs even enable control over data once downloaded to an end-user's device. Join Bitglass and (ISC)2 on May 5, 2016 at 1:00PM Eastern for the final part of our three-part webinar series, where we discuss the drawbacks of existing mobile security solutions and the ease of deploying a CASB to secure BYOD without hassles.
The first rule of data analytics for fast-growing companies? Measure all things. When putting in place a robust data analytics strategy to go from measurement to insight, you’ve got lots of options for tools -- from databases and data warehouse options to new “big data” tools such as Hadoop, Spark, and their related components. But tools are nothing if you don’t know how to put them to use.
We’re going to get some real talk from practitioners in the trenches and learn how people are bringing together new big data technologies in the cloud to deliver a truly world class data analytics solution. One such practitioner is Celtra, a fast-growing provider of creative technology for data-driven digital display advertising. We’re going to sit down with the Director of Engineering, Analytics at Celtra to learn how they built a high-performance data processing pipeline using Spark + a cloud data warehouse, enabling them to process over 2 billion analytics events per day in support of dashboards, applications, and ad hoc analytics.
In this webinar you’ll:
* Build a simpler, faster solution to support your data analytics
* Support diverse reporting and ad hoc analytics in one system
* Take advantage of the cloud for flexibility, scaling, and simplicity
* Evan Schuman, Moderator, VentureBeat
* Grega Kešpret, Director of Engineering, Analytics, Celtra
* Jon Bock, VP of Marketing and Products, Snowflake
Register today and learn how the top SaaS strategies can streamline your business.
Customers expect a seamless experience across services and devices, critical to ensure successful conversions and renewals in e-commerce. At the same time, the impact of disconnected user experience on employee productivity can have significant financial implications. Big egos, politics, a shortage of skilled talent, legacy systems and complexity can also conspire to undermine the success of your IAM program unless you plan for and take massive action today. Join Steve Tout as he presents Identity Coherence, a blueprint for creating massive value and success with IAM in a multi-vendor, multi-cloud environment.
As the Internet of Things encourages businesses to embrace big data, IT professionals turn to online resources to house and manage applications. However, cyber attacks are increasingly becoming a matter of “when,” not “if,” leading IT professionals to seek robust security solutions. Still on the fence about whether your small to medium sized enterprise really needs that much protection? Join Tricia Pattee, Product Manager at HOSTING, for a 30 minute webinar about scary facts about online security you need to know. Bring your questions – we’ll host a Q&A at the end of the presentation.
Secure clouds don't exist in a vacuum. The very nature of a secure cloud relies on effective standardized, interoperable, and scalable Internet security. As the cloud metaphor displaces the concept of proprietary point-to-point networked servers, the key to its value can be found in the interoperability of service protocols. Securing these connections requires understanding and deploying standards such as TLS HSTS, CT, CSP, DMARC, and FIDO. Each protocol addresses specific security concerns encountered when you extend your security perimeter to include external cloud services. Developing and deploying technologies like these requires a holistic view of the security landscape, and working within a robust Internet security ecosystem.
Key Talking Points:
- Cloud security relies on standardized Internet security protocols.
- Developing Internet security protocols requires multistakeholder involvement.
- Key areas of focus include securing: transport, content, communication, and authentication.
- Case studies presented in developing CT, CSP, DMARC, FIDO, and TLS 1.3
- Internet security is constantly evolving; adapt or perish.
Application Defender can provide consistent and centralized logging of application use and abuse to SOCs or others tasked with Security Monitoring. Learn about the Application Logging categories and use cases that will enable you to gain visibility into application activity across the whole enterprise without changing source or parsing logs.
While the value of your information is growing, security threats such as attacks or information theft are making headline news every day and becoming more serious. With SAP and HPE customers investing significantly in mobile solutions, web applications and customisations, it is critical now more than ever to invest in application security solutions.
Did you know?
43% of companies had a data breach in the past 2 years
84% of breaches occur at the application layer
75% of mobile applications fail basic security tests
It is 30x more expensive to fix issues in production than while in project phase
Please join this webinar where our presenter will share the current application security vulnerability situation, common challenges and the approach SAP has taken to ensure application security of its software using HPE Fortify solution.
Coffee Talk with Michael Farnum, Practice Principle at Fortify on Demand
The number of applications has increased considerably and organizations are finding they do not have the time, let alone the expertise and resources, to manage an appsec program. In this Coffee Talk, we will make you aware of options available so you can ensure the applications your business depends on, are secure. HPE Security Fortify on Demand is a managed service that allows your organization to stay on top of security vulnerabilities and the latest threats, without the stressors of doing it all yourself.
Jonathan Griggs, Product Manager for HPE Security WebInspect
The world of web development has evolved and the tactics for securing it have advanced as well. Join Jonathan Griggs, the product manager for HPE Security WebInspect and WebInspect Enterprise, as he covers the concepts and practices around using a dynamic application security testing tool in a modern software security assurance program.
Dr. Larry Ponemon, chairman and founder of the Ponemon Institute
On average, the 58 United States companies participating in the 2015 Cost of Cyber Crime study lost $15 million due to cyber crime, an increase of 19 percent from $12.7 million in last year's study. And other countries are close behind. These are results from the recently completed Ponemon Institute 2015 Cost of Cyber Crime study. You know the risks, but you need the data to plan your defenses and demonstrate the cost of inaction.
For a fuller look at these and other findings from the institute’s study, join Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, to learn:
-What cyber crimes are most common and most costly
-The hidden internal and external costs you incur
-What security defenses are most effective in reducing losses
-How businesses with a strong security posture drive down costs
With cyber crime becoming more frequent and sophisticated, Static Application Security Testing (SAST) is an increasingly vital activity for an organization. Web applications and software are prime targets for hackers. SAST can help organizations find and fix vulnerabilities in their applications not only at testing, but early in the development lifecycle. In this brief, I will discuss how an effective SAST program can not only reduce risk, but also scale and augment other security efforts, saving time and money in the long run.
Interested in runtime application self-protection (RASP) but not sure where to start? This webinar will share best practices to help you organize your evaluation project. We will cover topics such as:
•Objectives for your evaluation
•which apps to choose for a proof of concept?
•Where to begin – development, test, or production?
•what to measure, how to create a baseline and assess the delta
•questions to ask the vendors
Dr. Larry Ponemon, Chairman of the Ponemon Institue & Brett Wahlin, VP and CISO of HP
Cyber Crime cost US companies an average of $15 million in 2015 – a significant increase from a year earlier. It’s a troubling trend unearthed by the Ponemon Institute’s 2015 Cost of Cyber Crime study. You know the risks, but you need the data to plan your defenses and demonstrate the cost of inaction. In this Webinar Dr. Larry Ponemon and
HP CISO Brett Wahlin will explain how to craft an effective preemptive security strategy. You’ll learn:
-What cyber crimes are most common and most costly
-The hidden internal and external costs you incur
-What security defenses are most effective in reducing losses
-How businesses with a strong security posture drive down costs
Frank Mong, Vice President & General Manager of HP Security Solutions
The old school of cyber defense emphasized securing infrastructure and restricting data flows, but data needs to run freely to power our organizations. The new school of cyber defense calls for security that is agile and intelligent. It emphasizes protecting the interactions between our users, our applications, and our data.
The world has changed, and we must change the way we secure it. Join Frank Mong, VP & General Manager of Security Solutions, and hear why you need to secure your:
- Cloud services
- Data (wherever it is)
- Apps (wherever they run)
No one wants to end up as the next headline from a cyber security attack. But application security can be hard to do and takes time. Perhaps you failed an audit or swallowed the risk of vulnerabilities to get a new business app online. You need to CYA (cover your apps) fast!
Learn how runtime application self-protection can protect you in minutes when your applications:
• are too complex, too fragile, or ill supported to risk changing the code to remove security vulnerabilities
• have thousands of vulnerabilities – or that have never been tested – but are in production
• rely on code that is off-the-shelf, third party, or in the cloud - don’t be at the vendor’s mercy.
Learn how to identify and defend software vulnerabilities while the app is still being used. Quickly implement compensating controls to breeze past that next audit.
Bruce C. Jenkins, AppSec Program Strategist, HPSW Fortify
In today's world where applications are distributed through cloud and mobile platforms, the risks to vulnerable applications are multiplying. Application managers are looking for ways to consolidate controls around their disparate applications and assign the proper staff, leadership and workflow processes to do this.
Based on the 2014 Application Security Programs and Practices survey, application security is on the rise, with 83% of 488 respondents reporting some sort of application security program in place (up from 66% in SANS' 2013 survey). In the 2014 survey, respondents' primary focus for their security programs was around web applications.
This year's survey intends to find out how the rise of mobility and cloud applications is changing respondents' application security program efforts and to gather best practice advice for secure management of disparate applications throughout their lifecycle.
This second part of the webcast will focus on issues in application development.
Shuying Liang, phD - Software Engineer, Michael Right - Product Manager
Higher-order features such as lambdas exist ubiquitously in web applications and frameworks. They make development easier, but at a cost of added complexity and exposure to high risk vulns and attacks. However, statically ruling out such vulnerabilities is theoretical and practically challenging, especially when high-order functions and complex control-flow collide with opaque, dynamic data structures such as objects.
This talk aims to provide an easy-to-understand explanation of higher-order function and the difficulties involved in assessing it. We’ll include a brief report on the how HP Fortify Static Code Analyzer handles higher-order analysis and our plans for future improvements. Note: Content focused on a technical-level viewer.
Download the SCA Solution Brief in the attachments for further reference.
There are a lot of reasons why you should fortify your application security to protect your business from hackers. And there are probably many reasons why you're not doing as much as you might.
In this video, HP and Slashdot Media detail the top 10 reasons you should enhance application security. And they go on to show you how HP Fortify static and dynamic application security testing products help you do it. Fortify uses the latest security intelligence to help you cut compliance testing time in half, find and fix vulnerabilities in hours, and enable the collaboration among development, testing, and security teams that make your applications and your business more secure.
Cindy Blake & Rob Putman, HPSW Enterprise Security Products
Greater than 80% of today’s breaches occur with application software, yet many companies continue to invest in ‘over the wire’ solutions that are not solving the problem. Runtime Application Self-Protection, or RASP, is an emerging market that promises to protect applications from the inside. Using the rich context of the application’s logic and associated core libraries, RASP identifies attacks in ‘real-time’ and stops them. Implementation is quick and requires no changes to your application’s code. Join us to learn more about what RASP can do for you.
•Why context from inside the application matters
•How easy it can be to use native capabilities of Java and .NET to protect your applications
•Use cases to get you started.
Help lead your enterprise to a stronger, more effective security program.
Jewel Timpe, Senior Manager- Threat Research, HP Security Research
In the world of information security, the past isn’t dead; it isn’t even the past. The 2015 edition of HP’s annual security-research analysis reveals a threat landscape still populated by old problems and known issues, even as the pace of new developments quickens. In 2014, well-known attacks and misconfigurations existed side-by-side with mobile and connected devices (the “Internet of Things”) that remained largely unsecured. As the global economy continues its recovery, enterprises continued to find inexpensive access to capital; unfortunately, network attackers did as well, some of whom launched remarkably determined and formidable attacks over the course of the year.
The 2015 edition of the HP Cyber Risk Report, drawn from innovative work by HP Security Research (HPSR), examines the nature of currently active vulnerabilities, how adversaries take advantage of them, and how defenders can prepare for what lies ahead. Jewel Timpe, HPSR’s senior manager of threat research, describes the report’s findings and explains how this intelligence can be used to better allocate security funds and personnel resources for enterprises looking toward tomorrow.
We all want our families and homes to be safe with the convenience of remote monitoring, but do these smart home security devices really make our families safer or put them at more risk by inviting easier access to our homes electronically via insecure Internet of Things? In a follow-up to HP’s 2014 report on the Internet of (Insecure) Things we explore the security of popular off-the-shelf connected Home Security Systems and discuss various testing techniques we used in our study along with recommendations for manufacturers, developers and consumers.
Art Gilliland, General Manager of HP Enterprise Security Products
Businesses are spending so much money on security -- almost $47 billion in 2013 -- and yet the number of breaches continues to increase. To mitigate the risks of increasingly sophisticated, innovative and persistent threats, we need to change the way we think about our security programs. In this webcast, Art Gilliland, General Manager of HP Enterprise Security Products, talks about the challenges all enterprises face from the bad guys -- and the critical steps businesses must take to defend against today's most advanced threats.
Jonathan Griggs, Brandon Spruth, Brooks Garrett, Jeremy Brooks
Dynamic scanning is a staple of the web application security community. The complex nature of scanning each site and the expertise required in running the tools and interpreting the results often limits the deployment models. Development teams usually do not contain a security expert and must rely on an external team to perform their dynamic audits. This means that dynamic scans are often only performed once or twice throughout the development lifecycle, usually near the end.
Security teams also wrestle with demand for dynamic scanning. Demand is not always consistent but hardware is expensive to purchase and maintain only to sit idle. What if there were a way to automate dynamic scanning after each build in a continuous build environment while not leaving servers idle during periods of inactivity.
In this talk we will explain how the new WebInspect API, introduced in the 10.20 release and expanded in the recent 10.30 release, can help security teams integrate dynamic scanning with WebInspect earlier in the Security Development Lifecycle (SDL) and add flexibility and scalability into your company’s Software Security Assurance program.
Jonathan Griggs – WebInspect Product Manager
Brandon Spruth – Security Solutions Architect, HP Fortify
Brooks Garrett – Manager Operations and Architecture, Fortify on Demand
Jeremy Brooks – Senior Engineer, WebInspect Engineering
Michael Farnum, Practice Principal, HP Fortify on Demand, Hewlett-Packard
Many organizations have been building client-server and web applications for some time, and quite a few have reached a good level of maturity in regards to building security into their SDLC. Yet that traditional model of securing applications can’t fully address the security challenges presented by mobile and cloud infrastructures and the applications built around them. The business benefits of ubiquitous and quick data access (that come with mobile and cloud) are obvious, but the security issues are very real.
Join this discussion to find out how internal development and security groups can update their software security assurance processes so that they are embracing AND securing mobile and cloud solutions.