SlideShare ist ein Scribd-Unternehmen logo

Moving beyond Vulnerability Testing

Capgemini
Capgemini

Most organizations have started to include either static or dynamic application security testing as part of their overall test strategy. This additional test effort is due in large part to the cyber security risks that are emerging. These risks create an urgent need to move beyond testing and to institutionalize security as part of every organization’s software development/acquisition culture. This presentation covers real-life examples of how to enable this type of behavioral change in your organization. First presented at HP Discover Barlceona 2014 by Gopal Padinjaruveetil, Chief Application Security and Compliance Architect, Capgemini

Technologie
1 von 33
Downloaden Sie, um offline zu lesen
Moving beyond Vulnerability Testing Gopal Padinjaruveetil CISA, CISM,CRISC, CGEIT, TOGAF9 Chief Application Security and Compliance Architect December 04 2014 #HPdiscover @pkgopala
Let’s take a closer look at where we are today iwnniotvha tyinog u
I am tired of catching up.. I need resilience “A fever is a symptom. There's an underlying disease that causes it. Giving you a fever (sitting in a sauna) doesn't make you sick, and getting rid of the fever (in a cold bath, for example) doesn't always get rid of the illness… Spending time and money gaming symptoms and effects is common and urgent, but it's often true that you'd be better off focusing on the disease (the cause) instead. ” – Seth Godin Security vulnerability is a symptom, The root cause is always something else HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 3
“You can fix it on the drawing board with an eraser or you can fix it on the site with a sledgehammer" - Frank Lloyd Wright HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 4
The Internet as it is today .. And this picture is changing fast HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 5 Source: Shodan
Technology growing at an exponential rate If technology is growing at exponential rate and if we do nothing, the security threats too would rise exponentially.. IPV4= 4 Billion devices(size of postage stamp) IPV6 = 340 Trillion Trillion Trillion (Undecilion) devices (Size of Solar system) 50 billion Connected Devices by 2020 9.9 Trillion market Value Over 80 trillion email spam messages a year Connected Cars, Connected cities, Connected Devices 2025? Connected Bodies (BYBN ) 2035? Finally Singularity* in 2045? * According to Ray Kurzweil, by the year 2045, “human intelligence will enhance a billion-fold thanks to high-tech brain extensions” to a phenomenon as the “singularity,” a point at which humans and computers will merge into one. This sort of “one in two” will create serious challenges for security and in the allocation of moral accountability between the two… HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 6 263 = 18,446,744,073,709,551,615
HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 7 Deep web How deep? If we do nothing we have to assume the deep web would expand on a logarithmic scale ! Deep Web is currently 400 to 550 times larger than the commonly defined World Wide Web. ! The deep Web contains 7,500 terabytes of information compared to 19 terabytes of information in the surface Web. ! The deep Web contains nearly 550 billion individual documents compared to the 1 billion of the surface Web. ! $ 45 Billion industry - Yankee Group ! Google Number of Systems: 500,000 ! Bandwidth = 1500 Gps ! Botnets: Number of systems: 6,400,000 ! Bandwidth: 28 Terabits What will the numbers be in 2020?
Do we realize the seriousness of the problem? Denial is not an option There are only two types of companies: Those that have been hacked, and those that will be. Even that is merging into one category: Those that have been hacked and will be again. Maintaining a code of silence will not serve us in the long run. HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 8 FBI Director Robert Mueller
“ Now, here, you see, it takes all the running you can do, to keep in the same place. If you want to get somewhere else, you must run at least twice as fast as that!” - The Red Queen, to Alice, in Lewis Carroll’s Through the Looking Glass HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 9 A real lesson from a kids fantasy tale The adversary is constantly advancing its capabilities.. Can we overtake them at the current pace?
“Unless we change our direction, we are likely to end up where we are headed” - unknown HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 10
We need to build Trust in Information Technology HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 11 " Trust in People, " Trust in Organizations " Trust in Governments " Trust in Devices " Trust in Data " Trust in Systems and Applications " Trust in communication networks (Internet)
HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 12 What can we do? 1 Secure by Design, not Chance 2 Adapt, Evolve and Mutate 3 Change Behaviors 4 Collaborate
wgitrohw yinog u Secure by Design, Not Chance
The natural world is a good example of an Intelligent Design for Security ! The Central Nervous system ! The Blood Brain Barrier ! The Immune system ! The Camouflage ! The Reflex Action ! The Adrenaline ! Many More.. Survival of the fittest (Resilience)requires design as a "way of thinking” HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 14
How will an intelligent Secure by Design in IT look like? HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 15 # Secure at Design Time $ Prevention as the overarching design principle % Digital Identity and Access – Humans and Things % Protect sensitive information in transit and rest (structured and unstructured) % Protect your end points (including human end points) % Optimize your attack surface % Every component must protect itself - (There are no more boundaries) # Secure at Run Time $ Detect and Respond in Real Time as the overarching design principle % Capability to scan the environment and be vigilant for threats all the time (internal and external) % Reflex- How fast can you respond to threats % Is the response context aware % Continuous evaluation of the defense % Defense to be automated as much as possible
acwceilethra tyinog u Adapt, Evolve and Mutate
Preys and Predators – The natural world is a hostile place Even the best intelligent design will not protect you 100%.. HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 17 Same in the World of Information Technology
Change is inevitable.. Adaptation is Optional HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 18
Evolutionary Design- Embraces the fact of an evolving system understanding, and helps system’s design evolve Evolving and adapting through Mutation the only way to survive in a hostile world HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 19
How does this concept translate to CyberSecurity ? HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 20 Protection against Opportunistic attacks – Easy % Protect your perimeter % Protect your end points % Patch your systems % Protect against Phishing attacks % Protect against Zero Day attacks Protection against Targeted attacks – Difficult % Digital evidence is often left behind that can reveal the attacker’s intent, skill level, and knowledge of the target % Develop capability to detect and respond to an attack at near real time % Correlation of discrete and disparate events to provide an early warning system % Big Data and Predictive Data Analytics with Machine Learning (“Learn” from Data) % Organizational Awareness and behavior change can go along way
iwnniotvha tyinog u Changing Behavior and Culture
The Big Conundrum The Risk Tolerance should be reflected in the Organization Culture and policies HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 22 The Digital Transformation is Driving sky high Business Ambition.. VS The double sided squeeze: The Bad guys on one side and Government Regulations and penalties on the other side is driving enterprises to almost Zero Risk Tolerance Finding the right balance is key..
Consider all layers (Both the visible and invisible realms) HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 23 10 Government ( Regulations/ Politics) 9 Organizations (Culture/ Politics) User (PICNIC – ID 10T Error) 8 7 Application 6 Presentation 5 Session 4 Transport 3 Network “If you know the enemy and know yourself, you need not fear the result of a hundred battles. 2 Data Link 1 Physical The Human Layer The Technology Layer If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” Sun Tzu – The Art of war
A few change considerations to think about.. ! Cyber Security as a Strategic Driver. ! Cyber Security is not an IT problem – It is an organizational problem. • Cyber Security weakness an organization weakness , not an IT weakness ! Security is everybody’s business – Not just the CISOs and CIOs. ! Culture in Context – Societal , Organizational , People. ! Finding Inhibitors to a Culture of Security and removing or addressing them ! Is Security Funding in line with the enterprise security risk tolerance levels • Some bad actors are extremely well funded.. Is your defense well funded? ! Enterprises should regard cyber attack as a certainty not a probability. ! Risk from extended enterprise (vendors, suppliers, contractors ..) HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 24 People + Process+ Technology + PERCEPTION
To bring behavior changes in Cyber Security, we need to understand how Human Brain, Cognition and Awareness works – addressing root cause vs symptom HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 25
collwabiothra tyinog u HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 26 Collaboration
If Penguins are collaborating.. Why can’t we humans? For more on collaborative systems present in nature watch: http://www.youtube.com/watch?v=IzS7CRaCEtU#t=424 HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 27
The Bad People are Collaborating.. So why not the good people? “Offense must Inform Defense..” Maintaining a code of silence will not serve us in the long run. HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 28
We need collaboration not just within and between people but.. " Trusted Collaboration within and between Governments " Trusted Collaboration within and between Organizations " Trusted Collaboration within and between Devices " Trusted Collaboration within and between Systems and Applications " Trusted Collaboration within and between Communication Networks HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 29
HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 30 Let’s Build Windmills – Together..
Gracias Spain HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 31 Thank You Russia Danke Germany Grazie Italy Dank u Belgium Bedankt Netherlands Dankschen Austria Arigato Japan Takk Norway Tak Denmark Jag tackar Finland Dziekuje Poland Tack Sweden Toda Israel Engraziel Switzerland Tesekkür ederim Turkey Dakujem Slovakia Obrigado Portugal Thank You United Kingdom Merci France Thanks United States Hindi Tamil Malayalam
HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 32 Presenter Contact Information Gopal Padinjaruveetil CISA, CISM, CRISC, CGEIT, TOGAF9 Chief Application Security and Compliance Architect gopal.padinjaruveetil@capgemini.com Insert contact picture Gopal Padinjaruveetil is Chief Capgemini Application Security and Compliance Architect based out of Capgemini Detroit. He is a certified Enterprise Architect and a certified Governance, Risk and Compliance (GRC) Architect and has led Enterprise Architecture and GRC work at Fortune 50 global companies. Gopal believes that the 21st enterprises are at a crossroads in Information Technology, where extracting value from the growing information chaos, spurred by disruptive innovative technologies is creating an exponentially increasing risk and threat landscape, solving this requires enterprises to have a new perspective based on design thinking and applying good IT Governance, Risk and Compliance practices Gopal has these professional certifications to his credit - CISA, CISM, CRISC, CGEIT, IAF, TOGAF 9,. Contact Gopal via: http://www.capgemini.com/experts/security/gopal-padinjaruveetil
www.capgemini.com The information contained in this presentation is proprietary. © 2012 Capgemini – Internal use only. All rights reserved. Rightshore® is a trademark belonging to Capgemini. About Capgemini With around 120,000 people in 40 countries, Capgemini is one of the world's foremost providers of consulting, technology and outsourcing services. The Group reported 2011 global revenues of EUR 9.7 billion. Together with its clients, Capgemini creates and delivers business and technology solutions that fit their needs and drive the results they want. A deeply multicultural organization, Capgemini has developed its own way of working, the Collaborative Business Experience™, and draws on Rightshore®, its worldwide delivery model.

Empfohlen

5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013
5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 20135 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013
5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013Rafal Los
 
Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...
Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...
Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...Rafal Los
 
Losing battles, winning wars
Losing battles, winning warsLosing battles, winning wars
Losing battles, winning warsRafal Los
 
The One oracle Project: Shared Services with Oracle E-Business Suite and BI A...
The One oracle Project: Shared Services with Oracle E-Business Suite and BI A...The One oracle Project: Shared Services with Oracle E-Business Suite and BI A...
The One oracle Project: Shared Services with Oracle E-Business Suite and BI A...Capgemini
 
Failing and Failing Fast in AppDev – How Do We Keep up in AppSec?
Failing and Failing Fast in AppDev – How Do We Keep up in AppSec?Failing and Failing Fast in AppDev – How Do We Keep up in AppSec?
Failing and Failing Fast in AppDev – How Do We Keep up in AppSec?Capgemini
 
CSF18 - Guarding Against the Unknown - Rafael Narezzi
CSF18 - Guarding Against the Unknown - Rafael NarezziCSF18 - Guarding Against the Unknown - Rafael Narezzi
CSF18 - Guarding Against the Unknown - Rafael NarezziNCCOMMS
 
How Data Loss Prevention End-Point Agents Use HPE IDOL’s Comprehensive Data C...
How Data Loss Prevention End-Point Agents Use HPE IDOL’s Comprehensive Data C...How Data Loss Prevention End-Point Agents Use HPE IDOL’s Comprehensive Data C...
How Data Loss Prevention End-Point Agents Use HPE IDOL’s Comprehensive Data C...Dana Gardner
 
Art Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat PreventionArt Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat Preventioncentralohioissa
 

Empfohlen

5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013
5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 20135 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013
5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013Rafal Los
 
Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...
Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...
Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...Rafal Los
 
Losing battles, winning wars
Losing battles, winning warsLosing battles, winning wars
Losing battles, winning warsRafal Los
 
The One oracle Project: Shared Services with Oracle E-Business Suite and BI A...
The One oracle Project: Shared Services with Oracle E-Business Suite and BI A...The One oracle Project: Shared Services with Oracle E-Business Suite and BI A...
The One oracle Project: Shared Services with Oracle E-Business Suite and BI A...Capgemini
 
Failing and Failing Fast in AppDev – How Do We Keep up in AppSec?
Failing and Failing Fast in AppDev – How Do We Keep up in AppSec?Failing and Failing Fast in AppDev – How Do We Keep up in AppSec?
Failing and Failing Fast in AppDev – How Do We Keep up in AppSec?Capgemini
 
CSF18 - Guarding Against the Unknown - Rafael Narezzi
CSF18 - Guarding Against the Unknown - Rafael NarezziCSF18 - Guarding Against the Unknown - Rafael Narezzi
CSF18 - Guarding Against the Unknown - Rafael NarezziNCCOMMS
 
How Data Loss Prevention End-Point Agents Use HPE IDOL’s Comprehensive Data C...
How Data Loss Prevention End-Point Agents Use HPE IDOL’s Comprehensive Data C...How Data Loss Prevention End-Point Agents Use HPE IDOL’s Comprehensive Data C...
How Data Loss Prevention End-Point Agents Use HPE IDOL’s Comprehensive Data C...Dana Gardner
 
Art Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat PreventionArt Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat Preventioncentralohioissa
 
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018Panda Security
 
[DSC Europe 23] Shahab Anbarjafari - Generative AI: Impact of Responsible AI
[DSC Europe 23] Shahab Anbarjafari - Generative AI: Impact of Responsible AI[DSC Europe 23] Shahab Anbarjafari - Generative AI: Impact of Responsible AI
[DSC Europe 23] Shahab Anbarjafari - Generative AI: Impact of Responsible AIDataScienceConferenc1
 
Cloud migration risk
Cloud migration riskCloud migration risk
Cloud migration riskEdgevalue
 
Fru 2022 | Tech Trends, Themes, Thoughts, Perspectives and Predictions
Fru 2022 | Tech Trends, Themes, Thoughts, Perspectives and PredictionsFru 2022 | Tech Trends, Themes, Thoughts, Perspectives and Predictions
Fru 2022 | Tech Trends, Themes, Thoughts, Perspectives and PredictionsFru Louis
 
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powellCWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powellCapgemini
 
TrustUX: balancing personalisation and privacy to create understanding and tr...
TrustUX: balancing personalisation and privacy to create understanding and tr...TrustUX: balancing personalisation and privacy to create understanding and tr...
TrustUX: balancing personalisation and privacy to create understanding and tr...Ann Wuyts
 
APD Presents Best of the Next
APD Presents Best of the Next APD Presents Best of the Next
APD Presents Best of the Next dgmAustralia
 
Whitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityWhitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityGopiRajan4
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of securityMatthew Pascucci
 
Stephane Nappo. January 2023. Top Cyber News MAGAZINE.pdf
Stephane Nappo. January 2023. Top Cyber News MAGAZINE.pdfStephane Nappo. January 2023. Top Cyber News MAGAZINE.pdf
Stephane Nappo. January 2023. Top Cyber News MAGAZINE.pdfStéphane Nappo
 
Integrated Security, Safety and Surveillance Solution i3S
Integrated Security, Safety and Surveillance Solution i3SIntegrated Security, Safety and Surveillance Solution i3S
Integrated Security, Safety and Surveillance Solution i3SEdgevalue
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyStephanie McVitty
 
Mind the gap
Mind the gapMind the gap
Mind the gapRoger Hagedorn
 
Security Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectiveSecurity Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectivePositive Hack Days
 
Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchersvicenteDiaz_KL
 
CWIN17 san francisco-rob vellinga - Interaction between AI and people
CWIN17 san francisco-rob vellinga - Interaction between AI and peopleCWIN17 san francisco-rob vellinga - Interaction between AI and people
CWIN17 san francisco-rob vellinga - Interaction between AI and peopleCapgemini
 
Outpost24 webinar - Improve your organizations security with red teaming
Outpost24 webinar - Improve your organizations security with red teamingOutpost24 webinar - Improve your organizations security with red teaming
Outpost24 webinar - Improve your organizations security with red teamingOutpost24
 
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...Dana Gardner
 
Privacy by Design Seminar - Jan 22, 2015
Privacy by Design Seminar - Jan 22, 2015Privacy by Design Seminar - Jan 22, 2015
Privacy by Design Seminar - Jan 22, 2015Dr. Ann Cavoukian
 
Fontys Eric van Tol
Fontys Eric van TolFontys Eric van Tol
Fontys Eric van TolTalentEvent
 
Top Healthcare Trends 2022
Top Healthcare Trends 2022Top Healthcare Trends 2022
Top Healthcare Trends 2022Capgemini
 
Top P&C Insurance Trends 2022
Top P&C Insurance Trends 2022Top P&C Insurance Trends 2022
Top P&C Insurance Trends 2022Capgemini
 

Weitere ähnliche Inhalte

Ähnlich wie Moving beyond Vulnerability Testing

PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018Panda Security
 
[DSC Europe 23] Shahab Anbarjafari - Generative AI: Impact of Responsible AI
[DSC Europe 23] Shahab Anbarjafari - Generative AI: Impact of Responsible AI[DSC Europe 23] Shahab Anbarjafari - Generative AI: Impact of Responsible AI
[DSC Europe 23] Shahab Anbarjafari - Generative AI: Impact of Responsible AIDataScienceConferenc1
 
Cloud migration risk
Cloud migration riskCloud migration risk
Cloud migration riskEdgevalue
 
Fru 2022 | Tech Trends, Themes, Thoughts, Perspectives and Predictions
Fru 2022 | Tech Trends, Themes, Thoughts, Perspectives and PredictionsFru 2022 | Tech Trends, Themes, Thoughts, Perspectives and Predictions
Fru 2022 | Tech Trends, Themes, Thoughts, Perspectives and PredictionsFru Louis
 
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powellCWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powellCapgemini
 
TrustUX: balancing personalisation and privacy to create understanding and tr...
TrustUX: balancing personalisation and privacy to create understanding and tr...TrustUX: balancing personalisation and privacy to create understanding and tr...
TrustUX: balancing personalisation and privacy to create understanding and tr...Ann Wuyts
 
APD Presents Best of the Next
APD Presents Best of the Next APD Presents Best of the Next
APD Presents Best of the Next dgmAustralia
 
Whitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityWhitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityGopiRajan4
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of securityMatthew Pascucci
 
Stephane Nappo. January 2023. Top Cyber News MAGAZINE.pdf
Stephane Nappo. January 2023. Top Cyber News MAGAZINE.pdfStephane Nappo. January 2023. Top Cyber News MAGAZINE.pdf
Stephane Nappo. January 2023. Top Cyber News MAGAZINE.pdfStéphane Nappo
 
Integrated Security, Safety and Surveillance Solution i3S
Integrated Security, Safety and Surveillance Solution i3SIntegrated Security, Safety and Surveillance Solution i3S
Integrated Security, Safety and Surveillance Solution i3SEdgevalue
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyStephanie McVitty
 
Security Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectiveSecurity Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectivePositive Hack Days
 
Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchersvicenteDiaz_KL
 
CWIN17 san francisco-rob vellinga - Interaction between AI and people
CWIN17 san francisco-rob vellinga - Interaction between AI and peopleCWIN17 san francisco-rob vellinga - Interaction between AI and people
CWIN17 san francisco-rob vellinga - Interaction between AI and peopleCapgemini
 
Outpost24 webinar - Improve your organizations security with red teaming
Outpost24 webinar - Improve your organizations security with red teamingOutpost24 webinar - Improve your organizations security with red teaming
Outpost24 webinar - Improve your organizations security with red teamingOutpost24
 
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...Dana Gardner
 
Privacy by Design Seminar - Jan 22, 2015
Privacy by Design Seminar - Jan 22, 2015Privacy by Design Seminar - Jan 22, 2015
Privacy by Design Seminar - Jan 22, 2015Dr. Ann Cavoukian
 
Fontys Eric van Tol
Fontys Eric van TolFontys Eric van Tol
Fontys Eric van TolTalentEvent
 

Ähnlich wie Moving beyond Vulnerability Testing (20)

PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
 
[DSC Europe 23] Shahab Anbarjafari - Generative AI: Impact of Responsible AI
[DSC Europe 23] Shahab Anbarjafari - Generative AI: Impact of Responsible AI[DSC Europe 23] Shahab Anbarjafari - Generative AI: Impact of Responsible AI
[DSC Europe 23] Shahab Anbarjafari - Generative AI: Impact of Responsible AI
 
Cloud migration risk
Cloud migration riskCloud migration risk
Cloud migration risk
 
Fru 2022 | Tech Trends, Themes, Thoughts, Perspectives and Predictions
Fru 2022 | Tech Trends, Themes, Thoughts, Perspectives and PredictionsFru 2022 | Tech Trends, Themes, Thoughts, Perspectives and Predictions
Fru 2022 | Tech Trends, Themes, Thoughts, Perspectives and Predictions
 
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powellCWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell
 
TrustUX: balancing personalisation and privacy to create understanding and tr...
TrustUX: balancing personalisation and privacy to create understanding and tr...TrustUX: balancing personalisation and privacy to create understanding and tr...
TrustUX: balancing personalisation and privacy to create understanding and tr...
 
APD Presents Best of the Next
APD Presents Best of the Next APD Presents Best of the Next
APD Presents Best of the Next
 
Whitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityWhitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber security
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security
 
Stephane Nappo. January 2023. Top Cyber News MAGAZINE.pdf
Stephane Nappo. January 2023. Top Cyber News MAGAZINE.pdfStephane Nappo. January 2023. Top Cyber News MAGAZINE.pdf
Stephane Nappo. January 2023. Top Cyber News MAGAZINE.pdf
 
Integrated Security, Safety and Surveillance Solution i3S
Integrated Security, Safety and Surveillance Solution i3SIntegrated Security, Safety and Surveillance Solution i3S
Integrated Security, Safety and Surveillance Solution i3S
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
 
Mind the gap
Mind the gapMind the gap
Mind the gap
 
Security Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectiveSecurity Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC Perspective
 
Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchers
 
CWIN17 san francisco-rob vellinga - Interaction between AI and people
CWIN17 san francisco-rob vellinga - Interaction between AI and peopleCWIN17 san francisco-rob vellinga - Interaction between AI and people
CWIN17 san francisco-rob vellinga - Interaction between AI and people
 
Outpost24 webinar - Improve your organizations security with red teaming
Outpost24 webinar - Improve your organizations security with red teamingOutpost24 webinar - Improve your organizations security with red teaming
Outpost24 webinar - Improve your organizations security with red teaming
 
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
 
Privacy by Design Seminar - Jan 22, 2015
Privacy by Design Seminar - Jan 22, 2015Privacy by Design Seminar - Jan 22, 2015
Privacy by Design Seminar - Jan 22, 2015
 
Fontys Eric van Tol
Fontys Eric van TolFontys Eric van Tol
Fontys Eric van Tol
 

Mehr von Capgemini

Top Healthcare Trends 2022
Top Healthcare Trends 2022Top Healthcare Trends 2022
Top Healthcare Trends 2022Capgemini
 
Top P&C Insurance Trends 2022
Top P&C Insurance Trends 2022Top P&C Insurance Trends 2022
Top P&C Insurance Trends 2022Capgemini
 
Commercial Banking Trends book 2022
Commercial Banking Trends book 2022Commercial Banking Trends book 2022
Commercial Banking Trends book 2022Capgemini
 
Top Trends in Payments 2022
Top Trends in Payments 2022Top Trends in Payments 2022
Top Trends in Payments 2022Capgemini
 
Top Trends in Wealth Management 2022
Top Trends in Wealth Management 2022Top Trends in Wealth Management 2022
Top Trends in Wealth Management 2022Capgemini
 
Retail Banking Trends book 2022
Retail Banking Trends book 2022Retail Banking Trends book 2022
Retail Banking Trends book 2022Capgemini
 
Top Life Insurance Trends 2022
Top Life Insurance Trends 2022Top Life Insurance Trends 2022
Top Life Insurance Trends 2022Capgemini
 
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーです
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーですキャップジェミニ、あなたの『RISE WITH SAP』のパートナーです
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーですCapgemini
 
Property & Casualty Insurance Top Trends 2021
Property & Casualty Insurance Top Trends 2021Property & Casualty Insurance Top Trends 2021
Property & Casualty Insurance Top Trends 2021Capgemini
 
Life Insurance Top Trends 2021
Life Insurance Top Trends 2021Life Insurance Top Trends 2021
Life Insurance Top Trends 2021Capgemini
 
Top Trends in Commercial Banking: 2021
Top Trends in Commercial Banking: 2021Top Trends in Commercial Banking: 2021
Top Trends in Commercial Banking: 2021Capgemini
 
Top Trends in Wealth Management: 2021
Top Trends in Wealth Management: 2021Top Trends in Wealth Management: 2021
Top Trends in Wealth Management: 2021Capgemini
 
Top Trends in Payments: 2021
Top Trends in Payments: 2021Top Trends in Payments: 2021
Top Trends in Payments: 2021Capgemini
 
Health Insurance Top Trends 2021
Health Insurance Top Trends 2021Health Insurance Top Trends 2021
Health Insurance Top Trends 2021Capgemini
 
Top Trends in Retail Banking: 2021
Top Trends in Retail Banking: 2021Top Trends in Retail Banking: 2021
Top Trends in Retail Banking: 2021Capgemini
 
Capgemini’s Connected Autonomous Planning
Capgemini’s Connected Autonomous PlanningCapgemini’s Connected Autonomous Planning
Capgemini’s Connected Autonomous PlanningCapgemini
 
Top Trends in Retail Banking: 2020
Top Trends in Retail Banking: 2020Top Trends in Retail Banking: 2020
Top Trends in Retail Banking: 2020Capgemini
 
Top Trends in Life Insurance: 2020
Top Trends in Life Insurance: 2020Top Trends in Life Insurance: 2020
Top Trends in Life Insurance: 2020Capgemini
 
Top Trends in Health Insurance: 2020
Top Trends in Health Insurance: 2020Top Trends in Health Insurance: 2020
Top Trends in Health Insurance: 2020Capgemini
 
Top Trends in Payments: 2020
Top Trends in Payments: 2020Top Trends in Payments: 2020
Top Trends in Payments: 2020Capgemini
 

Mehr von Capgemini (20)

Top Healthcare Trends 2022
Top Healthcare Trends 2022Top Healthcare Trends 2022
Top Healthcare Trends 2022
 
Top P&C Insurance Trends 2022
Top P&C Insurance Trends 2022Top P&C Insurance Trends 2022
Top P&C Insurance Trends 2022
 
Commercial Banking Trends book 2022
Commercial Banking Trends book 2022Commercial Banking Trends book 2022
Commercial Banking Trends book 2022
 
Top Trends in Payments 2022
Top Trends in Payments 2022Top Trends in Payments 2022
Top Trends in Payments 2022
 
Top Trends in Wealth Management 2022
Top Trends in Wealth Management 2022Top Trends in Wealth Management 2022
Top Trends in Wealth Management 2022
 
Retail Banking Trends book 2022
Retail Banking Trends book 2022Retail Banking Trends book 2022
Retail Banking Trends book 2022
 
Top Life Insurance Trends 2022
Top Life Insurance Trends 2022Top Life Insurance Trends 2022
Top Life Insurance Trends 2022
 
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーです
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーですキャップジェミニ、あなたの『RISE WITH SAP』のパートナーです
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーです
 
Property & Casualty Insurance Top Trends 2021
Property & Casualty Insurance Top Trends 2021Property & Casualty Insurance Top Trends 2021
Property & Casualty Insurance Top Trends 2021
 
Life Insurance Top Trends 2021
Life Insurance Top Trends 2021Life Insurance Top Trends 2021
Life Insurance Top Trends 2021
 
Top Trends in Commercial Banking: 2021
Top Trends in Commercial Banking: 2021Top Trends in Commercial Banking: 2021
Top Trends in Commercial Banking: 2021
 
Top Trends in Wealth Management: 2021
Top Trends in Wealth Management: 2021Top Trends in Wealth Management: 2021
Top Trends in Wealth Management: 2021
 
Top Trends in Payments: 2021
Top Trends in Payments: 2021Top Trends in Payments: 2021
Top Trends in Payments: 2021
 
Health Insurance Top Trends 2021
Health Insurance Top Trends 2021Health Insurance Top Trends 2021
Health Insurance Top Trends 2021
 
Top Trends in Retail Banking: 2021
Top Trends in Retail Banking: 2021Top Trends in Retail Banking: 2021
Top Trends in Retail Banking: 2021
 
Capgemini’s Connected Autonomous Planning
Capgemini’s Connected Autonomous PlanningCapgemini’s Connected Autonomous Planning
Capgemini’s Connected Autonomous Planning
 
Top Trends in Retail Banking: 2020
Top Trends in Retail Banking: 2020Top Trends in Retail Banking: 2020
Top Trends in Retail Banking: 2020
 
Top Trends in Life Insurance: 2020
Top Trends in Life Insurance: 2020Top Trends in Life Insurance: 2020
Top Trends in Life Insurance: 2020
 
Top Trends in Health Insurance: 2020
Top Trends in Health Insurance: 2020Top Trends in Health Insurance: 2020
Top Trends in Health Insurance: 2020
 
Top Trends in Payments: 2020
Top Trends in Payments: 2020Top Trends in Payments: 2020
Top Trends in Payments: 2020
 

Kürzlich hochgeladen

Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessWSO2
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxAna-Maria Mihalceanu
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFMichael Gough
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...amber724300
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfAarwolf Industries LLC
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Karmanjay Verma
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 

Kürzlich hochgeladen (20)

Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with Platformless
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance Toolbox
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDF
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdf
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 

Moving beyond Vulnerability Testing

  • 1. Moving beyond Vulnerability Testing Gopal Padinjaruveetil CISA, CISM,CRISC, CGEIT, TOGAF9 Chief Application Security and Compliance Architect December 04 2014 #HPdiscover @pkgopala
  • 2. Let’s take a closer look at where we are today iwnniotvha tyinog u
  • 3. I am tired of catching up.. I need resilience “A fever is a symptom. There's an underlying disease that causes it. Giving you a fever (sitting in a sauna) doesn't make you sick, and getting rid of the fever (in a cold bath, for example) doesn't always get rid of the illness… Spending time and money gaming symptoms and effects is common and urgent, but it's often true that you'd be better off focusing on the disease (the cause) instead. ” – Seth Godin Security vulnerability is a symptom, The root cause is always something else HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 3
  • 4. “You can fix it on the drawing board with an eraser or you can fix it on the site with a sledgehammer" - Frank Lloyd Wright HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 4
  • 5. The Internet as it is today .. And this picture is changing fast HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 5 Source: Shodan
  • 6. Technology growing at an exponential rate If technology is growing at exponential rate and if we do nothing, the security threats too would rise exponentially.. IPV4= 4 Billion devices(size of postage stamp) IPV6 = 340 Trillion Trillion Trillion (Undecilion) devices (Size of Solar system) 50 billion Connected Devices by 2020 9.9 Trillion market Value Over 80 trillion email spam messages a year Connected Cars, Connected cities, Connected Devices 2025? Connected Bodies (BYBN ) 2035? Finally Singularity* in 2045? * According to Ray Kurzweil, by the year 2045, “human intelligence will enhance a billion-fold thanks to high-tech brain extensions” to a phenomenon as the “singularity,” a point at which humans and computers will merge into one. This sort of “one in two” will create serious challenges for security and in the allocation of moral accountability between the two… HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 6 263 = 18,446,744,073,709,551,615
  • 7. HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 7 Deep web How deep? If we do nothing we have to assume the deep web would expand on a logarithmic scale ! Deep Web is currently 400 to 550 times larger than the commonly defined World Wide Web. ! The deep Web contains 7,500 terabytes of information compared to 19 terabytes of information in the surface Web. ! The deep Web contains nearly 550 billion individual documents compared to the 1 billion of the surface Web. ! $ 45 Billion industry - Yankee Group ! Google Number of Systems: 500,000 ! Bandwidth = 1500 Gps ! Botnets: Number of systems: 6,400,000 ! Bandwidth: 28 Terabits What will the numbers be in 2020?
  • 8. Do we realize the seriousness of the problem? Denial is not an option There are only two types of companies: Those that have been hacked, and those that will be. Even that is merging into one category: Those that have been hacked and will be again. Maintaining a code of silence will not serve us in the long run. HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 8 FBI Director Robert Mueller
  • 9. “ Now, here, you see, it takes all the running you can do, to keep in the same place. If you want to get somewhere else, you must run at least twice as fast as that!” - The Red Queen, to Alice, in Lewis Carroll’s Through the Looking Glass HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 9 A real lesson from a kids fantasy tale The adversary is constantly advancing its capabilities.. Can we overtake them at the current pace?
  • 10. “Unless we change our direction, we are likely to end up where we are headed” - unknown HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 10
  • 11. We need to build Trust in Information Technology HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 11 " Trust in People, " Trust in Organizations " Trust in Governments " Trust in Devices " Trust in Data " Trust in Systems and Applications " Trust in communication networks (Internet)
  • 12. HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 12 What can we do? 1 Secure by Design, not Chance 2 Adapt, Evolve and Mutate 3 Change Behaviors 4 Collaborate
  • 13. wgitrohw yinog u Secure by Design, Not Chance
  • 14. The natural world is a good example of an Intelligent Design for Security ! The Central Nervous system ! The Blood Brain Barrier ! The Immune system ! The Camouflage ! The Reflex Action ! The Adrenaline ! Many More.. Survival of the fittest (Resilience)requires design as a "way of thinking” HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 14
  • 15. How will an intelligent Secure by Design in IT look like? HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 15 # Secure at Design Time $ Prevention as the overarching design principle % Digital Identity and Access – Humans and Things % Protect sensitive information in transit and rest (structured and unstructured) % Protect your end points (including human end points) % Optimize your attack surface % Every component must protect itself - (There are no more boundaries) # Secure at Run Time $ Detect and Respond in Real Time as the overarching design principle % Capability to scan the environment and be vigilant for threats all the time (internal and external) % Reflex- How fast can you respond to threats % Is the response context aware % Continuous evaluation of the defense % Defense to be automated as much as possible
  • 16. acwceilethra tyinog u Adapt, Evolve and Mutate
  • 17. Preys and Predators – The natural world is a hostile place Even the best intelligent design will not protect you 100%.. HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 17 Same in the World of Information Technology
  • 18. Change is inevitable.. Adaptation is Optional HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 18
  • 19. Evolutionary Design- Embraces the fact of an evolving system understanding, and helps system’s design evolve Evolving and adapting through Mutation the only way to survive in a hostile world HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 19
  • 20. How does this concept translate to CyberSecurity ? HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 20 Protection against Opportunistic attacks – Easy % Protect your perimeter % Protect your end points % Patch your systems % Protect against Phishing attacks % Protect against Zero Day attacks Protection against Targeted attacks – Difficult % Digital evidence is often left behind that can reveal the attacker’s intent, skill level, and knowledge of the target % Develop capability to detect and respond to an attack at near real time % Correlation of discrete and disparate events to provide an early warning system % Big Data and Predictive Data Analytics with Machine Learning (“Learn” from Data) % Organizational Awareness and behavior change can go along way
  • 21. iwnniotvha tyinog u Changing Behavior and Culture
  • 22. The Big Conundrum The Risk Tolerance should be reflected in the Organization Culture and policies HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 22 The Digital Transformation is Driving sky high Business Ambition.. VS The double sided squeeze: The Bad guys on one side and Government Regulations and penalties on the other side is driving enterprises to almost Zero Risk Tolerance Finding the right balance is key..
  • 23. Consider all layers (Both the visible and invisible realms) HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 23 10 Government ( Regulations/ Politics) 9 Organizations (Culture/ Politics) User (PICNIC – ID 10T Error) 8 7 Application 6 Presentation 5 Session 4 Transport 3 Network “If you know the enemy and know yourself, you need not fear the result of a hundred battles. 2 Data Link 1 Physical The Human Layer The Technology Layer If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” Sun Tzu – The Art of war
  • 24. A few change considerations to think about.. ! Cyber Security as a Strategic Driver. ! Cyber Security is not an IT problem – It is an organizational problem. • Cyber Security weakness an organization weakness , not an IT weakness ! Security is everybody’s business – Not just the CISOs and CIOs. ! Culture in Context – Societal , Organizational , People. ! Finding Inhibitors to a Culture of Security and removing or addressing them ! Is Security Funding in line with the enterprise security risk tolerance levels • Some bad actors are extremely well funded.. Is your defense well funded? ! Enterprises should regard cyber attack as a certainty not a probability. ! Risk from extended enterprise (vendors, suppliers, contractors ..) HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 24 People + Process+ Technology + PERCEPTION
  • 25. To bring behavior changes in Cyber Security, we need to understand how Human Brain, Cognition and Awareness works – addressing root cause vs symptom HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 25
  • 26. collwabiothra tyinog u HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 26 Collaboration
  • 27. If Penguins are collaborating.. Why can’t we humans? For more on collaborative systems present in nature watch: http://www.youtube.com/watch?v=IzS7CRaCEtU#t=424 HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 27
  • 28. The Bad People are Collaborating.. So why not the good people? “Offense must Inform Defense..” Maintaining a code of silence will not serve us in the long run. HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 28
  • 29. We need collaboration not just within and between people but.. " Trusted Collaboration within and between Governments " Trusted Collaboration within and between Organizations " Trusted Collaboration within and between Devices " Trusted Collaboration within and between Systems and Applications " Trusted Collaboration within and between Communication Networks HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 29
  • 30. HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 30 Let’s Build Windmills – Together..
  • 31. Gracias Spain HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 31 Thank You Russia Danke Germany Grazie Italy Dank u Belgium Bedankt Netherlands Dankschen Austria Arigato Japan Takk Norway Tak Denmark Jag tackar Finland Dziekuje Poland Tack Sweden Toda Israel Engraziel Switzerland Tesekkür ederim Turkey Dakujem Slovakia Obrigado Portugal Thank You United Kingdom Merci France Thanks United States Hindi Tamil Malayalam
  • 32. HP Discover 2014 | Gopal Padinjaruveetil | December 2014 Copyright © Capgemini 2014 – All Rights Reserved 32 Presenter Contact Information Gopal Padinjaruveetil CISA, CISM, CRISC, CGEIT, TOGAF9 Chief Application Security and Compliance Architect gopal.padinjaruveetil@capgemini.com Insert contact picture Gopal Padinjaruveetil is Chief Capgemini Application Security and Compliance Architect based out of Capgemini Detroit. He is a certified Enterprise Architect and a certified Governance, Risk and Compliance (GRC) Architect and has led Enterprise Architecture and GRC work at Fortune 50 global companies. Gopal believes that the 21st enterprises are at a crossroads in Information Technology, where extracting value from the growing information chaos, spurred by disruptive innovative technologies is creating an exponentially increasing risk and threat landscape, solving this requires enterprises to have a new perspective based on design thinking and applying good IT Governance, Risk and Compliance practices Gopal has these professional certifications to his credit - CISA, CISM, CRISC, CGEIT, IAF, TOGAF 9,. Contact Gopal via: http://www.capgemini.com/experts/security/gopal-padinjaruveetil
  • 33. www.capgemini.com The information contained in this presentation is proprietary. © 2012 Capgemini – Internal use only. All rights reserved. Rightshore® is a trademark belonging to Capgemini. About Capgemini With around 120,000 people in 40 countries, Capgemini is one of the world's foremost providers of consulting, technology and outsourcing services. The Group reported 2011 global revenues of EUR 9.7 billion. Together with its clients, Capgemini creates and delivers business and technology solutions that fit their needs and drive the results they want. A deeply multicultural organization, Capgemini has developed its own way of working, the Collaborative Business Experience™, and draws on Rightshore®, its worldwide delivery model.