KEMBAR78
Unified application security analyser | PDF
Tim Youm, profile picture
Uploaded byTim Youm
PDF, PPTX228 views

Unified application security analyser

The document discusses the importance of application security in protecting organizations from cyber threats, highlighting significant financial losses resulting from mobile data breaches and the prevalence of mobile malware. It emphasizes the need for comprehensive application security practices, such as continuous testing throughout the software development lifecycle, to mitigate risks exacerbated by the rush to release applications and the complexity of modern software. IBM's application security solutions, including AppScan and cloud-based services, are presented as effective means to identify and address vulnerabilities in applications before deployment.

Mobile
Related topics:
Web Development
Download as PDF, PPTX
Tim Youm unifiedmobility@au1.ibm.com +61 416 176 573 Unified Application (Mobile, Web & PC) Security Analyser
Security status 2
Security status § Average losses from cyberattacks is over 2.6M for Australian companies2 and $400K for Australian SMBs3 § More than 20% companies had mobile data breaches due to mobile malware/rogue WiFi hotspots1 § Nearly 40% don’t have visibility on their mobile security status whether they have been impacted1 § Every day, there are 12,000+ new mobile malware/ransomware4 § Mobile Data usage is expected to grow more than 7x by 20203 § Source 1: Online survey responses from LinkedIn group , Source 2 Source: Webroot SMB Threat Report 2015, Source 3: Cisco Visual Network Index Report, 2016 Source 4: AVAST , 2016 5. Ponemon Institute, June 2016 : 20161 Cost of Data Breach Study: Australia (26 Australian companies participated the survey) 3
MaaS360 Mobility Management UMM( MDM/EMM/MEM/MTP/UEM/MIM/AI) Integrated IT StackBI Bluemix Mobile First Apps, Maximo, Form Builder MobileFirst Foundation AppScan QRadar Verse App Horizontal apps Vertical apps Mobile app development Tools App Security Analyser SIEM IaaS/PaaS HW WatsonAnalytics/AI 4
Business Problem: Security teams are often responsible for the security of thousands of applications; but don’t have enough security experts on staff to handle the workload. It was a problem that Cisco faced several years ago. With a small security team and an application portfolio of nearly 2,500 applications, security staff worried they were becoming a “bottleneck” in application security. Solution: Using IBM® Security AppScan® Enterprise, Cisco empowered developers and QA personnel to test applications and address security issues before deployment. Benefits: Drove a 33 percent decrease in number of security issues found, reduced post-deployment remediation costs significantly, freed security experts to focus on deep application vulnerability assessments. Featured Security Offering: IBM® Security AppScan® Enterprise Link to Case Study: Cisco Case Study “AppScan helped us create a self-service model. We could take the product and put it in the hands of the developers and QA testers so they could identify and fix security vulnerabilities before production.” Sujata Ramamoorthy Director, Information Security Cisco Cisco empowered developers and QA personnel to test applications and address security issues prior to deployment, with IBM® Security AppScan® 5
6 Concur https://www.youtube.com/watch?v=gXDU7VbjNic&t=2s Bank of East Asia http://asianbankingandfinance.net/banking-technology/more-news/bank-east-asia- partners-ibm-launch-iportfolio-analyzer Overview: https://www.youtube.com/watch?v=PCoM042wBnM Mobile App: https://www.youtube.com/watch?v=zPynCmQATpw Concur & Bank of East Asia empowered developers and QA personnel to test applications and address security issues prior to deployment, with IBM® Security AppScan®
7 Starting at $569.21 AUD per month (charged per application) Purchased scans can be executed in conjunction with detailed vulnerability reporting, at a predictable cost. Starting at $278.52 AUD per scan Starting at $16,445.00 AUD per user per year Floating user single install Licensed for a pool of unnamed users, but can only be installed on one system. Priced by number of users.+$13,305.50 On-Premise SaaS AppScan Commercial RRP Start a Free Trial: https://lnkd.in/gacAEa5
Why is application security vital? You’ve probably done a lot to encourage data security—but could the applications you run be the equivalent of a front door to your enterprise that’s been left wide open? The security of the data in your organisation’s hands depends on a lot more than just locking down individual files and records. You need to tighten security at the application level, too, because applications can control access to your data—and even to your organisation’s Internet of Things (IoT) infrastructure. Many notorious security breaches have occurred not because of poor data security practices, but because of vulnerable applications. Deploying application security helps prevent rogue or vulnerable software from allowing cybercriminals to siphon data that you thought wassecure. Even so, application security remains an often-neglected area of cybersecurity,1 and breaches continue tooccur. Why? In part, because locking down applications is more complicated than encrypting files or safeguarding networks with firewalls. Applications have also grown in number and type, with the advent of app stores and specialised applications that access cloud-basedinfrastructure. Meanwhile, widespread adoption of bring-your-own-device (BYOD) policies has resulted in an increase in unvetted applications, and application-connected IoT data sources proliferate rapidly. Application security is vitalto: • Prevent reputational damage • Maintain customertrust • Avoid remediationcosts • Detect and respond to security risks before they cause damage Watch a demo of what IBM Application Security on Cloud can accomplish for you. 1 “How to Make Application Security a Strategically Managed Discipline,” Ponemon Institute, March 2016. 2 “The State of Mobile Application Insecurity,” Ponemon Institute, February 2015. In one study, 77% of respondingdevelopers say applications are vulnerable because pressure to release applications quickly prevents adequate testing.2 APPLICATION SECURITY A COMPLETE SOLUTION CASE STUDIES FOR MORE INFORMATION COMPLEX TASKS APPLICATION CHALLENGES BEST PRACTICES 8
Why do organisations struggle to achieve application security success? Application security is complicated by factors that span developers, IT staff and end users. In combination, these factors can make organisations susceptible to vulnerabilities. Rush torelease A pervasive “rush to release” atmosphere means developers are often short of testing resources. But application security doesn’t just rest with developers. There’s a parallel rush to install applications quickly, as users seek the efficiencies that new software can deliver. Complexapplications Software varies wildly in scope, data requirements, language and platform. A compromised application with a direct line to company data can be as risky as a misplaced laptop loaded with similar data— perhaps worse, if the gap goes unnoticed. An insecure or malicious application could expose your data, whether it has been exploited by a security vulnerability or because it began life insecure. Application security not apriority Application-layer vulnerabilities are often viewed as low priorities, and organisations typically do not rank applications by importance for protection. And applications are often dispersed throughout an organisation—along with accountability for their security—withlittle visibility into which ones are in use or which ones are most vulnerable. Lack ofstandards Users can’t devote time to security testing—and don’t know how to test effectively. There are few universal application securitystandards, so guidance and on-site expertise can be difficult to assess or employ. 1 “How to Make Application Security a Strategically Managed Discipline,” Ponemon Institute, March 2016. Learn more about risk-based application securitymanagement. A recent Ponemon Institute study foundthat 47% of respondents said mobile application risk in their organisations was increasing or significantly increasing.1 APPLICATION SECURITY A COMPLETE SOLUTION CASE STUDIES FOR MORE INFORMATION COMPLEX TASKS APPLICATION CHALLENGES BEST PRACTICES 9
Effective application security practices confirm that security should be viewed as a process, not as a series of items to check off a list. As such, application security testing must be comprehensive and ongoing. For developers, the application security testing process should be embedded in the software development lifecycle, with ongoing source code analysis. For end-user organisations, the process continues, with vetting of all new software that’s deployed, as well as re- testing applications on which the organisation alreadyrelies. Comprehensive application security shouldinvolve: • Discovering and cataloging applications thatare currently inuse • Static testing—scanning application source code for vulnerabilities is the most direct way to find the actual code behind a particular securityvulnerability • Dynamic testing—evaluating what the software does when it’s deployed (for instance, is it vulnerable to potential cross-site scripting and SQL injectionattacks?) • Mobile application security testing, due to the proliferation of new mobile applications in themarket • Deployment of new software only after it’s been vetted Applications should be re-evaluated regularly, and this evaluation should be informed by sources such as the Open Web Application Security Project (OWASP)Top Tenlist1—new threats can putformerly safe applications atrisk. What is effective application security? 1 Paul Ionescu, “The 10 Most Common Application Attacks in Action,” IBM Security Intelligence, April 8, 2015. 2 “Number of apps available in leading app stores as of June 2016,” Statista, June 2016. 3 “Number of Android Applications,” AppBrain, Accessed October 13, 2016. Learn more about the risks that make application security vital. As of September 2016, there were 2 million Apple iOS applications available for download,2 and morethan 2.4 million Google Android applications.3 APPLICATION SECURITY A COMPLETE SOLUTION CASE STUDIES FOR MORE INFORMATION COMPLEX TASKS APPLICATION CHALLENGES BEST PRACTICES 10
In vetting applications for security risks, organisations operate under constraints that range from limited budgets to heavy workloads of their security and IT staffs. But such constraints cannot get in the way of improving security protection. Instead, your organisation should employ best practices thatinclude: • Oversight—Planned, automated testing delivers morethorough and reliable results than ad-hoctesting • Continuity—Applications should be built and tested forsecurity and re- tested to keep up with vulnerabilities • Prioritisation—Ranking application security issues based on severity and potential business impact permits problems to be tackled in the order that makes the most business sense • Flexibility—Avoiding restrictive implementation requirements is critical to evaluate the full range of applications deployed by your organisation • Adaptability—Threats change over time; a flexible approach results in fewer changes to remain in control of application security • Timeliness—To avoid disrupting—or redoing—development processes, applications should be tested throughout all stages of the development lifecycle An integrated application security solution such as IBM®Application Security on Cloud can help you minimise security gaps and identify potential vulnerabilities. Integration with other securityproducts and practices makes risk mitigation for applications part of a comprehensive security program, not anafterthought. Leverage our time-tested application security best practices See how IBM Application Security on Cloud identifies and remediates vulnerabilities. 58% of organisations say security concerns inhibit full deployment of a mobile security strategy.1 1 “2016 Mobile Security & Business Transformation Study,” Information Security Media Group, Sponsored by IBM Corp., 2016. APPLICATION SECURITY A COMPLETE SOLUTION CASE STUDIES FOR MORE INFORMATION COMPLEX TASKS APPLICATION CHALLENGES BEST PRACTICES 11
Bolster your application-security risk management byimplementing an integrated solution, rather than relying on disparate tools. IBM Application Security on Cloud is a comprehensive, cost-effective, user-friendly and easy-to-deploy cloud- based solution forweb and mobile applications that unites all phases of application security testing. Our cloud-based offering is based on years of IBM experience in on-premises security testing, and interoperates with other security tools to facilitate comprehensive cyber-defense protection. IBM Application Security on Cloud is a complete, subscription- based solution that permits you to test applications and improve security protection by providing actionable data. With IBMApplication Security on Cloud, you can quickly assess application risk ratings, so you can focus remediation efforts on your most significant vulnerabilities. Register for a trial version of IBM Application Security on Cloud, or download an on-premises IBM Security AppScan® trial. Comprehensive, cloud-based application security testing CASE STUDIESA COMPLETE SOLUTIONAPPLICATION SECURITY Youcan perform static security testing of application code written in a wide number of programming languages, conduct dynamic analysis for pre-production and in-production software webapplications; and test Android and iOS applications, prior to their deployment. IBM Application Security on Cloud identifies and reports security issues, ranks them according to exposure and criticality, and recommends remediation steps. All of the results can be integrated into a number of DevOps systems and integrated development environments(IDEs). A full range of companion consulting services is also available, enabling your security team to take full advantage of the capabilities IBM Security has tooffer. FOR MORE INFORMATION The IBM ApplicationSecurity on Cloud dashboardview. Click image to enlarge. Click again for original size. 12
Organisations that deploy application security solutions from IBM realise the value of integration and automation as part of their overall security strategies, whether they’re creating applications,or deploying them. Protecting code throughout the software developmentlifecycle • Concur Technologies of Bellevue, Washington specialises in corporate expense management, so it manages confidential financial information on an everyday basis. Protecting that information is paramount, but also difficult to achieve. As an organisation with a large mobile presence, including its own mobile applications, Concur deployed AppScan with the same vulnerability testing technology that powers IBM Application Security on Cloud. With AppScan, Concur can test its applications for security risks as they’re developed and conveniently analyse production code. Managing risk in a fast-growingenterprise • Migros, a Turkish retail giant that’s experiencing break-neck growth at home and abroad, has a large-scale infrastructure to protect, with applications transmitting inventory and payment information over a network that encompasses nearly 1,500 stores and more than 100,000 Internet-connected endpoint devices. In orchestrating its growth, the company faced challenges in moving operations to the cloud as it implemented a BYOD policy. By leveraging IBM application security solutions, Migros has been able toscale its business while minimising risk. Real-world IBM Application Security on Cloud use cases CASE STUDIESA COMPLETE SOLUTIONAPPLICATION SECURITY IBM offers a complete portfolio of application security testing tools, used by leadingcompanies in fields as diverse as manufacturing1 and financial services2 to help protect applications, devices anddata. Sign up for a complimentary trial plan of IBM Application Security on Cloud. 1 “Large global automaker: Protecting the Connected Car Ecosystem,” IBM Corp., July 2016. 2 “Progressive Insurance: Proactively Protecting Data by Creating Appropriate Controls,” IBM Corp., May 2016. FOR MORE INFORMATION 13
Unified Application (Mobile, Web & PC) Security Analyser Start a free trial: https://lnkd.in/gacAEa5 Tim Youm unifiedmobility@au1.ibm.com +61 416 176 573

More Related Content

PDF
Actionable insights
byTim Youm
 
PDF
Thinking of choosing Trend Micro?
bySymantec
 
PDF
Mobile Vision 2020
byIBM Security
 
PDF
Recent ECB/ EBA regulations how they will impact European banks in 2016
byIBM Security
 
PPTX
The ROI on Intrusion Prevention: Protecting Both Your Network & Investment
byIBM Security
 
PDF
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
byIBM Security
 
PDF
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
byIBM Security
 
PDF
Retail Mobility, Productivity and Security
byIBM Security
 
Actionable insights
byTim Youm
 
Thinking of choosing Trend Micro?
bySymantec
 
Mobile Vision 2020
byIBM Security
 
Recent ECB/ EBA regulations how they will impact European banks in 2016
byIBM Security
 
The ROI on Intrusion Prevention: Protecting Both Your Network & Investment
byIBM Security
 
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
byIBM Security
 
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
byIBM Security
 
Retail Mobility, Productivity and Security
byIBM Security
 

What's hot

PPTX
Tolly Report: Stopping Attacks You Can't See
byIBM Security
 
PDF
Infographic: Mobile is growing and so are security threats
byIBM Security
 
PPTX
QRadar & XGS: Stopping Attacks with a Click of the Mouse
byIBM Security
 
PDF
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
byIBM Security
 
PDF
Infographic: 5 Tips for Cloud Success
byIBM Security
 
PDF
Malware on Smartphones and Tablets: The Inconvenient Truth
byIBM Security
 
PPTX
Mojave Networks Webinar: A Three-Pronged Approach to Mobile Security
byMojave Networks
 
PDF
Securing Office 365
bySymantec
 
PPTX
Compete To Win: Don’t Just Be Compliant – Be Secure!
byIBM Security
 
PDF
IBM MaaS360 with watson
byPrime Infoserv
 
PDF
Orchestrate Your Security Defenses; Protect Against Insider Threats
byIBM Security
 
PDF
Accelerating SOC Transformation with IBM Resilient and Carbon Black
byIBM Security
 
PPTX
IBM QRadar UBA
byIBM Security
 
PDF
What are top 7 cyber security trends for 2020
byTestingXperts
 
PDF
2015 Mobile Security Trends: Are You Ready?
byIBM Security
 
PPTX
See How You Measure Up With MaaS360 Mobile Metrics
byIBM Security
 
PPTX
Top 2016 Mobile Security Threats and your Employees
byNeil Kemp
 
PPTX
Uncover What's Inside the Mind of a Hacker
byIBM Security
 
PPTX
How to Improve Threat Detection & Simplify Security Operations
byIBM Security
 
PDF
Ibm security products portfolio
byPatrick Bouillaud
 
Tolly Report: Stopping Attacks You Can't See
byIBM Security
 
Infographic: Mobile is growing and so are security threats
byIBM Security
 
QRadar & XGS: Stopping Attacks with a Click of the Mouse
byIBM Security
 
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
byIBM Security
 
Infographic: 5 Tips for Cloud Success
byIBM Security
 
Malware on Smartphones and Tablets: The Inconvenient Truth
byIBM Security
 
Mojave Networks Webinar: A Three-Pronged Approach to Mobile Security
byMojave Networks
 
Securing Office 365
bySymantec
 
Compete To Win: Don’t Just Be Compliant – Be Secure!
byIBM Security
 
IBM MaaS360 with watson
byPrime Infoserv
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
byIBM Security
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
byIBM Security
 
IBM QRadar UBA
byIBM Security
 
What are top 7 cyber security trends for 2020
byTestingXperts
 
2015 Mobile Security Trends: Are You Ready?
byIBM Security
 
See How You Measure Up With MaaS360 Mobile Metrics
byIBM Security
 
Top 2016 Mobile Security Threats and your Employees
byNeil Kemp
 
Uncover What's Inside the Mind of a Hacker
byIBM Security
 
How to Improve Threat Detection & Simplify Security Operations
byIBM Security
 
Ibm security products portfolio
byPatrick Bouillaud
 

Similar to Unified application security analyser

PPTX
Rational application-security-071411
byScott Althouse
 
PDF
application-security-fallacies-and-realities-veracode
bysciccone
 
PDF
Case Closed with IBM Application Security on Cloud infographic
byIBM Security
 
PDF
ultimate-guide-to-getting-started-with-appsec-veracode
bySean Varga
 
PDF
Selling Your Organization on Application Security
byVeracode
 
PDF
Ultimate_Guide_to_getting_started_with_AppSec
byJessica Lavery Pozerski
 
PPTX
Best Practices for a Mature Application Security Program Webinar - February 2016
bySecurity Innovation
 
PPTX
Protecting Mission-Critical Source Code from Application Security Vulnerabili...
byIBM Security
 
PPTX
Digital Product Security
bySoftServe
 
PDF
How to Build Secure Mobile Apps.pdf
byvenkatprasadvadla1
 
PDF
Mobile Application Security by Design
byDMI
 
PDF
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
byDenim Group
 
PDF
Top 6 Web Application Security Best Practices.pdf
bySolviosTechnology
 
PDF
Application Security - Making It Work
byIANS
 
PPTX
Application Hackers Have A Handbook. Why Shouldn't You?
byLondon School of Cyber Security
 
PDF
Re-Thinking BYOD Policy.pptx
bytmbainjr131
 
PPTX
Forget cyber, it's all about AppSec
byAdrien de Beaupre
 
PPTX
Mobile App Security: Enterprise Checklist
byJignesh Solanki
 
PDF
Web Application Security - Everything You Should Know
byNarola Infotech
 
PPTX
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
bylior mazor
 
Rational application-security-071411
byScott Althouse
 
application-security-fallacies-and-realities-veracode
bysciccone
 
Case Closed with IBM Application Security on Cloud infographic
byIBM Security
 
ultimate-guide-to-getting-started-with-appsec-veracode
bySean Varga
 
Selling Your Organization on Application Security
byVeracode
 
Ultimate_Guide_to_getting_started_with_AppSec
byJessica Lavery Pozerski
 
Best Practices for a Mature Application Security Program Webinar - February 2016
bySecurity Innovation
 
Protecting Mission-Critical Source Code from Application Security Vulnerabili...
byIBM Security
 
Digital Product Security
bySoftServe
 
How to Build Secure Mobile Apps.pdf
byvenkatprasadvadla1
 
Mobile Application Security by Design
byDMI
 
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
byDenim Group
 
Top 6 Web Application Security Best Practices.pdf
bySolviosTechnology
 
Application Security - Making It Work
byIANS
 
Application Hackers Have A Handbook. Why Shouldn't You?
byLondon School of Cyber Security
 
Re-Thinking BYOD Policy.pptx
bytmbainjr131
 
Forget cyber, it's all about AppSec
byAdrien de Beaupre
 
Mobile App Security: Enterprise Checklist
byJignesh Solanki
 
Web Application Security - Everything You Should Know
byNarola Infotech
 
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
bylior mazor
 

More from Tim Youm

PDF
11 best practices for mobility management
byTim Youm
 
PDF
Unified Cloud with Watson Overview
byTim Youm
 
PDF
Unified Mobility in Schools
byTim Youm
 
PDF
Unified Mobility in the Industrial Sector
byTim Youm
 
PDF
Unified Mobility in Healthcare
byTim Youm
 
PDF
2017 Mobility industry trends
byTim Youm
 
11 best practices for mobility management
byTim Youm
 
Unified Cloud with Watson Overview
byTim Youm
 
Unified Mobility in Schools
byTim Youm
 
Unified Mobility in the Industrial Sector
byTim Youm
 
Unified Mobility in Healthcare
byTim Youm
 
2017 Mobility industry trends
byTim Youm
 

Unified application security analyser

  • 1.
    Tim Youm unifiedmobility@au1.ibm.com +61 416176 573 Unified Application (Mobile, Web & PC) Security Analyser
  • 2.
  • 3.
    Security status § Averagelosses from cyberattacks is over 2.6M for Australian companies2 and $400K for Australian SMBs3 § More than 20% companies had mobile data breaches due to mobile malware/rogue WiFi hotspots1 § Nearly 40% don’t have visibility on their mobile security status whether they have been impacted1 § Every day, there are 12,000+ new mobile malware/ransomware4 § Mobile Data usage is expected to grow more than 7x by 20203 § Source 1: Online survey responses from LinkedIn group , Source 2 Source: Webroot SMB Threat Report 2015, Source 3: Cisco Visual Network Index Report, 2016 Source 4: AVAST , 2016 5. Ponemon Institute, June 2016 : 20161 Cost of Data Breach Study: Australia (26 Australian companies participated the survey) 3
  • 4.
    MaaS360 Mobility Management UMM( MDM/EMM/MEM/MTP/UEM/MIM/AI) Integrated ITStackBI Bluemix Mobile First Apps, Maximo, Form Builder MobileFirst Foundation AppScan QRadar Verse App Horizontal apps Vertical apps Mobile app development Tools App Security Analyser SIEM IaaS/PaaS HW WatsonAnalytics/AI 4
  • 5.
    Business Problem: Securityteams are often responsible for the security of thousands of applications; but don’t have enough security experts on staff to handle the workload. It was a problem that Cisco faced several years ago. With a small security team and an application portfolio of nearly 2,500 applications, security staff worried they were becoming a “bottleneck” in application security. Solution: Using IBM® Security AppScan® Enterprise, Cisco empowered developers and QA personnel to test applications and address security issues before deployment. Benefits: Drove a 33 percent decrease in number of security issues found, reduced post-deployment remediation costs significantly, freed security experts to focus on deep application vulnerability assessments. Featured Security Offering: IBM® Security AppScan® Enterprise Link to Case Study: Cisco Case Study “AppScan helped us create a self-service model. We could take the product and put it in the hands of the developers and QA testers so they could identify and fix security vulnerabilities before production.” Sujata Ramamoorthy Director, Information Security Cisco Cisco empowered developers and QA personnel to test applications and address security issues prior to deployment, with IBM® Security AppScan® 5
  • 6.
    6 Concur https://www.youtube.com/watch?v=gXDU7VbjNic&t=2s Bank of EastAsia http://asianbankingandfinance.net/banking-technology/more-news/bank-east-asia- partners-ibm-launch-iportfolio-analyzer Overview: https://www.youtube.com/watch?v=PCoM042wBnM Mobile App: https://www.youtube.com/watch?v=zPynCmQATpw Concur & Bank of East Asia empowered developers and QA personnel to test applications and address security issues prior to deployment, with IBM® Security AppScan®
  • 7.
    7 Starting at $569.21 AUDper month (charged per application) Purchased scans can be executed in conjunction with detailed vulnerability reporting, at a predictable cost. Starting at $278.52 AUD per scan Starting at $16,445.00 AUD per user per year Floating user single install Licensed for a pool of unnamed users, but can only be installed on one system. Priced by number of users.+$13,305.50 On-Premise SaaS AppScan Commercial RRP Start a Free Trial: https://lnkd.in/gacAEa5
  • 8.
    Why is applicationsecurity vital? You’ve probably done a lot to encourage data security—but could the applications you run be the equivalent of a front door to your enterprise that’s been left wide open? The security of the data in your organisation’s hands depends on a lot more than just locking down individual files and records. You need to tighten security at the application level, too, because applications can control access to your data—and even to your organisation’s Internet of Things (IoT) infrastructure. Many notorious security breaches have occurred not because of poor data security practices, but because of vulnerable applications. Deploying application security helps prevent rogue or vulnerable software from allowing cybercriminals to siphon data that you thought wassecure. Even so, application security remains an often-neglected area of cybersecurity,1 and breaches continue tooccur. Why? In part, because locking down applications is more complicated than encrypting files or safeguarding networks with firewalls. Applications have also grown in number and type, with the advent of app stores and specialised applications that access cloud-basedinfrastructure. Meanwhile, widespread adoption of bring-your-own-device (BYOD) policies has resulted in an increase in unvetted applications, and application-connected IoT data sources proliferate rapidly. Application security is vitalto: • Prevent reputational damage • Maintain customertrust • Avoid remediationcosts • Detect and respond to security risks before they cause damage Watch a demo of what IBM Application Security on Cloud can accomplish for you. 1 “How to Make Application Security a Strategically Managed Discipline,” Ponemon Institute, March 2016. 2 “The State of Mobile Application Insecurity,” Ponemon Institute, February 2015. In one study, 77% of respondingdevelopers say applications are vulnerable because pressure to release applications quickly prevents adequate testing.2 APPLICATION SECURITY A COMPLETE SOLUTION CASE STUDIES FOR MORE INFORMATION COMPLEX TASKS APPLICATION CHALLENGES BEST PRACTICES 8
  • 9.
    Why do organisationsstruggle to achieve application security success? Application security is complicated by factors that span developers, IT staff and end users. In combination, these factors can make organisations susceptible to vulnerabilities. Rush torelease A pervasive “rush to release” atmosphere means developers are often short of testing resources. But application security doesn’t just rest with developers. There’s a parallel rush to install applications quickly, as users seek the efficiencies that new software can deliver. Complexapplications Software varies wildly in scope, data requirements, language and platform. A compromised application with a direct line to company data can be as risky as a misplaced laptop loaded with similar data— perhaps worse, if the gap goes unnoticed. An insecure or malicious application could expose your data, whether it has been exploited by a security vulnerability or because it began life insecure. Application security not apriority Application-layer vulnerabilities are often viewed as low priorities, and organisations typically do not rank applications by importance for protection. And applications are often dispersed throughout an organisation—along with accountability for their security—withlittle visibility into which ones are in use or which ones are most vulnerable. Lack ofstandards Users can’t devote time to security testing—and don’t know how to test effectively. There are few universal application securitystandards, so guidance and on-site expertise can be difficult to assess or employ. 1 “How to Make Application Security a Strategically Managed Discipline,” Ponemon Institute, March 2016. Learn more about risk-based application securitymanagement. A recent Ponemon Institute study foundthat 47% of respondents said mobile application risk in their organisations was increasing or significantly increasing.1 APPLICATION SECURITY A COMPLETE SOLUTION CASE STUDIES FOR MORE INFORMATION COMPLEX TASKS APPLICATION CHALLENGES BEST PRACTICES 9
  • 10.
    Effective application securitypractices confirm that security should be viewed as a process, not as a series of items to check off a list. As such, application security testing must be comprehensive and ongoing. For developers, the application security testing process should be embedded in the software development lifecycle, with ongoing source code analysis. For end-user organisations, the process continues, with vetting of all new software that’s deployed, as well as re- testing applications on which the organisation alreadyrelies. Comprehensive application security shouldinvolve: • Discovering and cataloging applications thatare currently inuse • Static testing—scanning application source code for vulnerabilities is the most direct way to find the actual code behind a particular securityvulnerability • Dynamic testing—evaluating what the software does when it’s deployed (for instance, is it vulnerable to potential cross-site scripting and SQL injectionattacks?) • Mobile application security testing, due to the proliferation of new mobile applications in themarket • Deployment of new software only after it’s been vetted Applications should be re-evaluated regularly, and this evaluation should be informed by sources such as the Open Web Application Security Project (OWASP)Top Tenlist1—new threats can putformerly safe applications atrisk. What is effective application security? 1 Paul Ionescu, “The 10 Most Common Application Attacks in Action,” IBM Security Intelligence, April 8, 2015. 2 “Number of apps available in leading app stores as of June 2016,” Statista, June 2016. 3 “Number of Android Applications,” AppBrain, Accessed October 13, 2016. Learn more about the risks that make application security vital. As of September 2016, there were 2 million Apple iOS applications available for download,2 and morethan 2.4 million Google Android applications.3 APPLICATION SECURITY A COMPLETE SOLUTION CASE STUDIES FOR MORE INFORMATION COMPLEX TASKS APPLICATION CHALLENGES BEST PRACTICES 10
  • 11.
    In vetting applicationsfor security risks, organisations operate under constraints that range from limited budgets to heavy workloads of their security and IT staffs. But such constraints cannot get in the way of improving security protection. Instead, your organisation should employ best practices thatinclude: • Oversight—Planned, automated testing delivers morethorough and reliable results than ad-hoctesting • Continuity—Applications should be built and tested forsecurity and re- tested to keep up with vulnerabilities • Prioritisation—Ranking application security issues based on severity and potential business impact permits problems to be tackled in the order that makes the most business sense • Flexibility—Avoiding restrictive implementation requirements is critical to evaluate the full range of applications deployed by your organisation • Adaptability—Threats change over time; a flexible approach results in fewer changes to remain in control of application security • Timeliness—To avoid disrupting—or redoing—development processes, applications should be tested throughout all stages of the development lifecycle An integrated application security solution such as IBM®Application Security on Cloud can help you minimise security gaps and identify potential vulnerabilities. Integration with other securityproducts and practices makes risk mitigation for applications part of a comprehensive security program, not anafterthought. Leverage our time-tested application security best practices See how IBM Application Security on Cloud identifies and remediates vulnerabilities. 58% of organisations say security concerns inhibit full deployment of a mobile security strategy.1 1 “2016 Mobile Security & Business Transformation Study,” Information Security Media Group, Sponsored by IBM Corp., 2016. APPLICATION SECURITY A COMPLETE SOLUTION CASE STUDIES FOR MORE INFORMATION COMPLEX TASKS APPLICATION CHALLENGES BEST PRACTICES 11
  • 12.
    Bolster your application-securityrisk management byimplementing an integrated solution, rather than relying on disparate tools. IBM Application Security on Cloud is a comprehensive, cost-effective, user-friendly and easy-to-deploy cloud- based solution forweb and mobile applications that unites all phases of application security testing. Our cloud-based offering is based on years of IBM experience in on-premises security testing, and interoperates with other security tools to facilitate comprehensive cyber-defense protection. IBM Application Security on Cloud is a complete, subscription- based solution that permits you to test applications and improve security protection by providing actionable data. With IBMApplication Security on Cloud, you can quickly assess application risk ratings, so you can focus remediation efforts on your most significant vulnerabilities. Register for a trial version of IBM Application Security on Cloud, or download an on-premises IBM Security AppScan® trial. Comprehensive, cloud-based application security testing CASE STUDIESA COMPLETE SOLUTIONAPPLICATION SECURITY Youcan perform static security testing of application code written in a wide number of programming languages, conduct dynamic analysis for pre-production and in-production software webapplications; and test Android and iOS applications, prior to their deployment. IBM Application Security on Cloud identifies and reports security issues, ranks them according to exposure and criticality, and recommends remediation steps. All of the results can be integrated into a number of DevOps systems and integrated development environments(IDEs). A full range of companion consulting services is also available, enabling your security team to take full advantage of the capabilities IBM Security has tooffer. FOR MORE INFORMATION The IBM ApplicationSecurity on Cloud dashboardview. Click image to enlarge. Click again for original size. 12
  • 13.
    Organisations that deployapplication security solutions from IBM realise the value of integration and automation as part of their overall security strategies, whether they’re creating applications,or deploying them. Protecting code throughout the software developmentlifecycle • Concur Technologies of Bellevue, Washington specialises in corporate expense management, so it manages confidential financial information on an everyday basis. Protecting that information is paramount, but also difficult to achieve. As an organisation with a large mobile presence, including its own mobile applications, Concur deployed AppScan with the same vulnerability testing technology that powers IBM Application Security on Cloud. With AppScan, Concur can test its applications for security risks as they’re developed and conveniently analyse production code. Managing risk in a fast-growingenterprise • Migros, a Turkish retail giant that’s experiencing break-neck growth at home and abroad, has a large-scale infrastructure to protect, with applications transmitting inventory and payment information over a network that encompasses nearly 1,500 stores and more than 100,000 Internet-connected endpoint devices. In orchestrating its growth, the company faced challenges in moving operations to the cloud as it implemented a BYOD policy. By leveraging IBM application security solutions, Migros has been able toscale its business while minimising risk. Real-world IBM Application Security on Cloud use cases CASE STUDIESA COMPLETE SOLUTIONAPPLICATION SECURITY IBM offers a complete portfolio of application security testing tools, used by leadingcompanies in fields as diverse as manufacturing1 and financial services2 to help protect applications, devices anddata. Sign up for a complimentary trial plan of IBM Application Security on Cloud. 1 “Large global automaker: Protecting the Connected Car Ecosystem,” IBM Corp., July 2016. 2 “Progressive Insurance: Proactively Protecting Data by Creating Appropriate Controls,” IBM Corp., May 2016. FOR MORE INFORMATION 13
  • 14.
    Unified Application (Mobile,Web & PC) Security Analyser Start a free trial: https://lnkd.in/gacAEa5 Tim Youm unifiedmobility@au1.ibm.com +61 416 176 573