Security for a Smarter Planet. 2011 IBM Corporation All Rights Reserved.



Similar documents
Web application security Executive brief Managing a growing threat: an executive s guide to Web application security.

and Security in the Era of Cloud

IBM Innovate AppScan: Introducin g Security, a first. Bobby Walters Consultant, ATSC bwalters@atsc.com Application Security & Compliance

Security Intelligence

El costo oculto de las aplicaciones Vulnerables. Faustino Sanchez. WW Security Sales Enablement. IBM Canada

Staying a step ahead of the hackers: the importance of identifying critical Web application vulnerabilities.

Web application security: automated scanning versus manual penetration testing.

IBM QRadar Security Intelligence April 2013

IBM Rational AppScan: enhancing Web application security and regulatory compliance.

Addressing Security for Hybrid Cloud

Protecting against cyber threats and security breaches

Rational Asset Manager 7.2 Editions and Licensing

Application Security from IBM Karl Snider, Market Segment Manager March 2012

Securing the Cloud infrastructure with IBM Dynamic Cloud Security

Introduction to PCI DSS

Mobile Security. Luther Knight Mobility Management Technical Specialist, Europe IOT IBM Security April 28, 2015.

IBM Advanced Threat Protection Solution

IBM Rational AppScan: Application security and risk management

Data Security: Fight Insider Threats & Protect Your Sensitive Data

IBM Security Intelligence Strategy

Mobile, Cloud, Advanced Threats: A Unified Approach to Security

Leveraging Rational Team Concert's build capabilities for Continuous Integration

Four keys to effectively monitor and control secure file transfer

Three significant risks of FTP use and how to overcome them

IBM Security QRadar Risk Manager

Under the Hood of the IBM Threat Protection System

IBM Rational DOORS Next Generation

Best Practices with IBM Cognos Framework Manager & the SAP Business Warehouse Agnes Chau Cognos SAP Solution Specialist

Breaking down silos of protection: An integrated approach to managing application security

Security strategies to stay off the Børsen front page

How To Protect Your Cloud From Attack

Protecting What Matters Most. Bartosz Kryński Senior Consultant, Clico

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

Five Steps to Achieve Risk-Based Application Security Management Make application security a strategically managed discipline

IBM Security QRadar Risk Manager

How To Test For Security On A Network Without Being Hacked

The Current State of Cyber Security

The Business Case for Security Information Management

Introducing IBM s Advanced Threat Protection Platform

Privilege Gone Wild: The State of Privileged Account Management in 2015

Tivoli Automation for Proactive Integrated Service Management

10 Things Every Web Application Firewall Should Provide Share this ebook

Continuous integration using Rational Team Concert

Cutting the Cost of Application Security

Network Test Labs (NTL) Software Testing Services for igaming

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

IBM Security IBM Corporation IBM Corporation

Let s talk about assets in QRadar

Everything You Wanted to Know about DISA STIGs but were Afraid to Ask

HP Application Security Center

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan

Risk-based solutions for managing application security

IBM Endpoint Manager for Mobile Devices

SecurityMetrics Vision whitepaper

IT Security & Compliance. On Time. On Budget. On Demand.

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

The Top Web Application Attacks: Are you vulnerable?

Developing in the Cloud Environment. Rosalind Radcliffe IBM Distinguished Engineer, IBM Academy of Technology

IBM SECURITY QRADAR INCIDENT FORENSICS

Security Intelligence Solutions

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

Streamlining Web and Security

Privilege Gone Wild: The State of Privileged Account Management in 2015

Bringing Continuous Security to the Global Enterprise

Lunch and Learn: BlueMix to Mainframe making development accessible in the

Leveraging Privileged Identity Governance to Improve Security Posture

Maintaining PCI-DSS compliance. Daniele Bertolotti Antonio Ricci

Reference Architecture: Enterprise Security For The Cloud

2010 Data Breach Investigations Report

Penetration Testing in Romania

IBM Rational Software

Integrated Threat & Security Management.

Rational AppScan & Ounce Products

Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.

Application and Database Security with F5 BIG-IP ASM and IBM InfoSphere Guardium

Security of Cloud Computing for the Power Grid

Securing Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group

The webinar will begin shortly

SINGLE SIGNON FUNCTIONALITY IN HATS USING MICROSOFT SHAREPOINT PORTAL

Imperva Cloud WAF. How to Protect Your Website from Hackers. Hackers. *Bots. Legitimate. Your Websites. Scrapers. Comment Spammers

Trend Micro. Advanced Security Built for the Cloud

IBM Tivoli Provisioning Manager V 7.1

Feature. Log Management: A Pragmatic Approach to PCI DSS

eguide: Designing a Continuous Response Architecture Executive s Guide to Windows Server 2003 End of Life

Preemptive security solutions for healthcare

Powering Security and Easy Authentication in a Multi-Channel World

Transcription:

Security for a Smarter Planet

The Smarter Planet Our world is getting Instrumented Our world is getting Interconnected Our world is getting Intelligent

Growing Security Challenges on the Smarter Planet Key drivers Increasing Complexity Soon, there will be 1 trillion connected devices in the world, constituting an internet of things Increasing Exploits and Accidents 900+ Breaches reported 900+M records exposed Increasing Impact The cost of a US data breach increased to $214 per compromised customer record and $6.8M Million per breach Γ Sources http://searchcompliance.techtarget.com/news/article/0,289142,sid195_gci1375707,00.html 2010 Verizon Business / US Secret Service Data Breach Investigations Report Γ 2010 Ponemon Institute Data

The Costs from Security Breaches are Staggering Verizon 2010 Data Breach Investigations Report Ponemon 2010 Cost of a Data Breach Report

More Justification for Application Security Action 89% of records breached from hacks leveraged SQL Injection flaws 79% of breached organizations subject to PCI were found to be non-compliant 92% of compromised records were compromised using Web applications as the attack pathway Verizon 2010 data Breach Investigations Report Action: Adopt application security measures Address compliance mandates with industry regulations (such as PCI- DSS, GLBA, HIPAA, FISMA, NERC, etc)

Damage to Enterprise Sources of Breach Costs 1,000,000x Security Flaw Unbudgeted Costs: Customer notification / care Government fines Litigation Reputational damage Brand erosion Cost to repair 10x Functional Flaw 1x Development Test Deployment

Web App Vulnerabilities Continue to Dominate Nearly half (49%) of all vulnerabilities are Web application vulnerabilities. Cross-Site Scripting & SQL injection vulnerabilities continue to dominate.

IBM Security Framework A foundation for IT security PEOPLE AND IDENTITY Mitigate the risks associated with user access to corporate resources DATA AND INFORMATION Understand, deploy, and properly test controls for access to and usage of sensitive data APPLICATION AND PROCESS Keep applications secure, protected from malicious or fraudulent use, and hardened against failure NETWORK, SERVER AND END POINT Optimize service availability by mitigating risks to network components PHYSICAL INFRASTRUCTURE Provide actionable intelligence on the desired state of physical infrastructure security and make improvements Create & sustain security governance Manage risk Ensure compliance 8

IBM Application Security Web applications are the greatest source of risk for organizations IBM s Application Security enables organizations to address root cause of this risk Rational AppScan leverages a mix of technologies (static & dynamic) to enable the right use cases Rational AppScan is a key part of IBM Security s full solution view of security to enable Comprehensive Application Vulnerability Management

10

IBM Software Group Rational software Try the new Rational AppScan ROI calculator Use ROI calculator on a Web application testing solution. Discover how you can: Automate application security analysis. Detect exploitable vulnerabilities, protecting against the threat of cyberattack. Reduce the costs associated with manual vulnerability testing. Visit our Rational Application & Security Website and get the newest updates

IBM Software Group Rational software Free trial download of IBM Rational AppScan software Protect against the threat of attacks, and data breaches with Rational AppScan IBM Rational application security software helps IT and security professionals protect against the threat of attacks and data breaches. If you use applications to collect or exchange sensitive or personal data, your job as a security professional is harder now than ever before. Download it now at no charge!

IBM Software Group Rational software Join us at Black Hat USA July 30 August 4 Black Hat USA is the premier security event where members of the security industry gather to learn from elite security researchers in the field. This year s event will be hosted at Caesars Palace in Las Vegas, Nevada July 30-Aug 4 and offer over 50 multi-day training sessions, feature 7 Briefings tracks with the latest research, and 2 workshop tracks dedicated to practical application and demonstration of tools. Register today at: http://www.blackhat.com/html/bh-us-11/registration/bh-us-11- registration.html Receive a $250 discount off the Black Hat USA Briefings using the promo code: IBMBHUSA11 Be sure to stop by IBM s Booth #510

IBM Software Group Rational software Take Action Visit IBM Rational http://www.ibm.com/rational Copyright IBM Corporation 2009. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, the on-demand business logo, Rational, the Rational logo, and other IBM Rational products and services are trademarks or registered trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.