Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.
September 2016
BREAKING THE VULNERABILITY CYCLE
KEY FINDINGS FROM 100 CISOS
2
JASON HADDIX
HEAD OF TRUST
AND SECURITY
BRAD ARKIN
CISO
ADOBE SYSTEMS
SPEAKERS
KIM GREEN
CISO
ZEPHYR HEALTH
AGENDA
• Dissect each component of the Vulnerability Cycle
• Explore top CISO challenges and opportunities for 2017
• Secu...
TOP CISO CHALLENGES
IN APPSEC
4
WHAT ISSUES ARE WE
ADDRESSING?
5
Ballooning
attack surface
Cybersecurity
resource
shortage
Broken
status-quo
Active, effic...
ACTIVE AND EFFICIENT ADVERSARIES
6
Hacking is overwhelmingly the leading cause of data breaches
0%
10%
20%
30%
40%
50%
60%...
BALLOONING ATTACK SURFACE
7
Application security becoming increasingly important
STAFFING AND RESOURCING CHALLENGES
8
The cybersecurity job gap is at an all time high
September 2016 9
POLL
SECURITY TOOLS AND
BEST PRACTICES
10
SECURITY TOOLS AND PRACTICES IN USE
11
AND STILL, WE’RE LEFT VULNERABLE
12
Time
Automation
Pen
Test
Zone of
Vulnerability
Blindness
Zone of
Vulnerability
Blindne...
BUG BOUNTY DELIVERS CONTINUOUS VULNERABILITY ASSESSMENT
13
Code
Release
Code
Release
Vulnerability
Awareness
VARIATIONS OF BUG BOUNTY PROGRAMS
14
Private ongoing
program
Public ongoing
program
Point-in-time “On-Demand” programs
Pub...
BUG BOUNTIES MEET SECURITY NEEDS
15
• Addresses staffing and
resourcing challenges
• Works within appsec budgeting
constra...
16
Only crazy tech
companies run
bug bounty
programs
Bug bounties
don’t attract
talented testers
or results
They’re too
ha...
Financial Services Consumer Tech Retail & Ecommerce Infrastructure Technology
Automotive Security Technology Other
WIDE AD...
A RADICAL CYBER SECURITY
ADVANTAGE:
Enterprise Bug Bounty Solutions & Hackers On-Demand
• 300+ Programs run
• Every progra...
19
JASON HADDIX
HEAD OF TRUST AND
SECURITY
BRAD ARKIN
CISO
ADOBE SYSTEMS
Q&A
KIM GREEN
CISO
ZEPHYR HEALTH
@JHADDIX @KIM1GR...
GET THE FULL DATA SET
FROM THIS SESSION
20
Ha terminado este documento.
Descárguela y léala sin conexión.
Próximo SlideShare
If You Can't Beat 'Em, Join 'Em
Siguiente
Próximo SlideShare
If You Can't Beat 'Em, Join 'Em
Siguiente
Descargar para leer sin conexión y ver en pantalla completa.

Compartir

Breaking the Vulnerability Cycle—Key Findings from 100 CISOs

Descargar para leer sin conexión

We surveyed 100 CISOs and security decision makers and found that today’s application security teams are facing 3 distinct issues that lead to vulnerability:
1. Active and efficient adversaries
2. A ballooning attack surface
3. Cybersecurity resource shortage

When combined, these adverse conditions form a ‘vulnerability cycle’ – leaving organizations susceptible to a breach or worse.

Attend this webinar and you will:
- Get plans to combat these 3 issues in 2017
- Learn how to dissect each component of the vulnerability cycle
- Discover security tools and best practices
- Find out top CISO investments for 2017

  • Sé el primero en recomendar esto

Breaking the Vulnerability Cycle—Key Findings from 100 CISOs

  1. 1. September 2016 BREAKING THE VULNERABILITY CYCLE KEY FINDINGS FROM 100 CISOS
  2. 2. 2 JASON HADDIX HEAD OF TRUST AND SECURITY BRAD ARKIN CISO ADOBE SYSTEMS SPEAKERS KIM GREEN CISO ZEPHYR HEALTH
  3. 3. AGENDA • Dissect each component of the Vulnerability Cycle • Explore top CISO challenges and opportunities for 2017 • Security tools and best practices 3
  4. 4. TOP CISO CHALLENGES IN APPSEC 4
  5. 5. WHAT ISSUES ARE WE ADDRESSING? 5 Ballooning attack surface Cybersecurity resource shortage Broken status-quo Active, efficient adversaries Breaking the status quo Active Efficient Adversaries Ballooning Attack Surface Cybersecurity Resource Shortage
  6. 6. ACTIVE AND EFFICIENT ADVERSARIES 6 Hacking is overwhelmingly the leading cause of data breaches 0% 10% 20% 30% 40% 50% 60% 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 AxisTitle Insider Theft Hacking / Skimming / Phishing Data on the Move Accidental Email/ Internet Exposure Subcontractor / 3rd Party / Business Associate Employee Error / Negligence / Improper Disposal / Loss Physical Theft
  7. 7. BALLOONING ATTACK SURFACE 7 Application security becoming increasingly important
  8. 8. STAFFING AND RESOURCING CHALLENGES 8 The cybersecurity job gap is at an all time high
  9. 9. September 2016 9 POLL
  10. 10. SECURITY TOOLS AND BEST PRACTICES 10
  11. 11. SECURITY TOOLS AND PRACTICES IN USE 11
  12. 12. AND STILL, WE’RE LEFT VULNERABLE 12 Time Automation Pen Test Zone of Vulnerability Blindness Zone of Vulnerability Blindness Code Release Code Release Vulnerability Awareness Pen Test
  13. 13. BUG BOUNTY DELIVERS CONTINUOUS VULNERABILITY ASSESSMENT 13 Code Release Code Release Vulnerability Awareness
  14. 14. VARIATIONS OF BUG BOUNTY PROGRAMS 14 Private ongoing program Public ongoing program Point-in-time “On-Demand” programs Public Private
  15. 15. BUG BOUNTIES MEET SECURITY NEEDS 15 • Addresses staffing and resourcing challenges • Works within appsec budgeting constraints • Improves internal security culture and supports training initiatives
  16. 16. 16 Only crazy tech companies run bug bounty programs Bug bounties don’t attract talented testers or results They’re too hard to manage and too expensive Running a bounty program is too risky PERCEIVED CHALLENGES IN RUNNING A BOUNTY PROGRAM
  17. 17. Financial Services Consumer Tech Retail & Ecommerce Infrastructure Technology Automotive Security Technology Other WIDE ADOPTION OF CROWDSOURCED SECURITY 17
  18. 18. A RADICAL CYBER SECURITY ADVANTAGE: Enterprise Bug Bounty Solutions & Hackers On-Demand • 300+ Programs run • Every program is managed by Bugcrowd • Deep researcher engagement and support • No confusing pricing models and no bounty commissions • 50,000+ researchers 18 Curated Crowd that Thinks like an Adversary but acts as an ally to Find Vulnerabilities A Platform That Simplifies Connecting Researchers to Organizations, Saving You Time and Money Security Expertise To Design, Support, and Manage Crowd Security Programs
  19. 19. 19 JASON HADDIX HEAD OF TRUST AND SECURITY BRAD ARKIN CISO ADOBE SYSTEMS Q&A KIM GREEN CISO ZEPHYR HEALTH @JHADDIX @KIM1GREEN @BRADARKIN
  20. 20. GET THE FULL DATA SET FROM THIS SESSION 20

We surveyed 100 CISOs and security decision makers and found that today’s application security teams are facing 3 distinct issues that lead to vulnerability: 1. Active and efficient adversaries 2. A ballooning attack surface 3. Cybersecurity resource shortage When combined, these adverse conditions form a ‘vulnerability cycle’ – leaving organizations susceptible to a breach or worse. Attend this webinar and you will: - Get plans to combat these 3 issues in 2017 - Learn how to dissect each component of the vulnerability cycle - Discover security tools and best practices - Find out top CISO investments for 2017

Vistas

Total de vistas

529

En Slideshare

0

De embebidos

0

Número de embebidos

1

Acciones

Descargas

16

Compartidos

0

Comentarios

0

Me gusta

0

×