SlashdotMedia AdOps Asset Management

Outrunning the Bear: 5 critical ways to take a more collaborative approach to IT security

Studies show the average time to resolve a security breach once detected is more than 45 days, and companies lose more than $1.6 million during that time. The obstacles to faster response include lack of resources and an inability to effectively communicate and collaborate among the multiple teams and tools larger enterprises rely on for protection.

This white paper examines the "outrun the bear" approach prevalent in IT security: you don't have to outrun the hackers; you just have to outrun other companies. It examines the challenges inhibiting faster response, and it offers five critical steps an organization can take to turn security intelligence into action.

Breach Response: How to Prepare for the Inevitable

To avoid being breached, you have to get it right every single time. To breach you, hackers only have to get it right once. Experts advise breaches are inevitable. And according to Ponemon Institute, the average time to resolve a cyber attack is 45 days, with an average cost of $35,647 per day. The key to minimizing damage is preparation.

This white paper tells you what you need to know to be prepared for a breach. Read it to understand:

• The right breach mindset
• Response team composition
• Communication needs with employees and customers
• Legal notification requirements
• The technologies that can help

Software Supply Chain Management with BOMtotal

BOMtotal is a free service that generates a bill of materials from any executable code.

Anyone who uses software has a right to know what's inside it. Just as you can examine any piece of food in a supermarket to see its ingredients, you should be able to know what's inside software that you use or might use.

Enabling anyone to generate a bill of materials (list of ingredients) for any piece of software results in a better world for all of us. Buyers gain visibility into software during their procurement cycles by requesting bills of materials from builders. Builders examine bills of materials for their own products to make sure they have no surprises. Ordinary people benefit because when builders and buyers effectively manage their software supply chains, the entire ecosystem becomes safer, more reliable, and more secure.

Software Supply Chain Management with BOMtotal

BOMtotal is a free service that generates a bill of materials from any executable code.

Anyone who uses software has a right to know what's inside it. Just as you can examine any piece of food in a supermarket to see its ingredients, you should be able to know what's inside software that you use or might use.

Enabling anyone to generate a bill of materials (list of ingredients) for any piece of software results in a better world for all of us. Buyers gain visibility into software during their procurement cycles by requesting bills of materials from builders. Builders examine bills of materials for their own products to make sure they have no surprises. Ordinary people benefit because when builders and buyers effectively manage their software supply chains, the entire ecosystem becomes safer, more reliable, and more secure.

Fuzz Testing Maturity Model

Fuzz testing is an industry-standard technique for locating unknown vulnerabilities in software. Fuzz testing is mandatory portion of many modern secure software development life cycles (SDLCs), such as those used at Adobe, Cisco Systems and Microsoft. This document provides a framework to assess the maturity of your processes, software, systems and devices. At the heart of this document is a vendor-agnostic maturity model for fuzz testing that maps metrics and procedures of effective fuzz testing to maturity levels. The maturity model is a lingua franca for talking about fuzzing, allowing different organizations to communicate effectively about fuzzing without being tied to specific tools.

The Fuzz Testing Maturity Model (FTMM) gives builders and buyers a set of standard levels for communicating about fuzz testing.

Synopsys solutions help deliver a more comprehensive security offering for the SDLC by adding black box testing capabilities, including the Codenomicon Defensics® tool for file and protocol fuzz testing, and the Codenomicon AppCheck™ tool for software composition analysis and vulnerability assessment.

Understanding Verification, Validation and Certification

Cybersecurity and communication robustness have become increasingly bigger concerns as technology has continued to improve and systems have become more complex. Each attempt to expand the networking and communication capabilities of devices have brought new features and convenient solutions for end users, along with new security and robustness challenges.

Synopsys solutions help deliver a more comprehensive security offering for the SDLC by adding black box testing capabilities, including the Codenomicon Defensics® tool for file and protocol fuzz testing, and the Codenomicon AppCheck™ tool for software composition analysis and vulnerability assessment.

What is Fuzzing: The Poet, the Courier, and The Oracle

Fuzzing is well established as an excellent technique for locating vulnerabilities in software. The basic premise is to deliver intentionally malformed input to target software and detect failure. A complete fuzzer has three components. A poet creates the malformed inputs or test cases. A courier delivers test cases to the target software. Finally, an oracle detects if a failure has occurred in the target. Fuzzing is a crucial tool in software vulnerability management, both for organizations that build software as well as organizations that use software.

Synopsys solutions help deliver a more comprehensive security offering for the SDLC by adding black box testing capabilities, including the Codenomicon Defensics® tool for file and protocol fuzz testing, and the Codenomicon AppCheck™ tool for software composition analysis and vulnerability assessment.

Securing Cloud Computing

As the business case for Software-as-a-Service (SaaS) and other cloud computing models solidifi es, more and more companies are incorporating cloud computing into their IT programs. The implication is that an ever-increasing amount of critical information is living “in the cloud.”

Content is the New Perimeter

Controlling access to digital assets has always been an issue for some organizations, but an increasing amount of regulation and controls have now made this a problem for a much wider range of companies. In addition, evolving business needs and technology advances have changed the traditional boundaries of the organization, making it more difficult for the IT department to manage access to digital assets. Historically, the firewall was regarded as the perimeter of the organization. Employees were predominantly office-based, working on shared drives or PCs, with all data remaining within the company. Any interactions with external parties were conducted by either emailing the relevant data to the external party or allowing limited access to the required data within the application that generated it.

The Critical Need for Enterprise-Grade File Sync and Share Solutions

Consumer-focused file sync and share (CFSS) solutions have become one of the most popular categories of applications used in the workplace over the past few years. Led by Dropbox – as well as various freemium and paid offerings from companies like Microsoft, Google, Apple and at least 80 other vendors – these tools allow users automatically to synchronize their files across all of their desktop, laptop, smartphone and tablet platforms. Users implement these tools for a variety of good reasons: to have access to all of their files when working after hours or while traveling, in support of formal or informal telework programs, or to share large files more efficiently or when the corporate email system will not support sharing of files over a certain size

Does the cloud put data sovereignty compliance out of reach?

A decade ago, these two words together would have resulted in many blank stares in the majority of boardrooms. Today, speak these two words to Fortune 500 CIOs and CISOs, and they will most likely end up with their head in their hands. Data sovereignty is a critical emerging topic. It addresses the legal and regulatory jurisdictions governing particular digital information and how vendors, customers, and users can manage these overlapping jurisdictions.

Buyer’s Guide to Enterprise Collaboration Solutions

The nature of work keeps evolving. Once, work meant being in the office interacting with colleagues, face-to-face, from 9 a.m. until 5 p.m. Now work happens across corporate boundaries — anywhere, anytime, with people around the world. In the past, work tools comprised only a desk, phone, and computer. Now, work tools include multiple computers and mobile devices — both your own and the ones your company provides. Users don’t just use their own devices for work purposes, they are also turning to Software-as-a-Service (SaaS) providers to fill in functional gaps and boost their productivity.

A Guide to Data Privacy for Business and IT Executives

Do you lie awake at night wondering if your company is doing all it can regarding data privacy? You probably should. Almost daily, the news media reports another privacy breach, and it’s hard to escape it as a persistent problem in our information economy. Stories about the privacy foibles of major companies grace the covers of newspapers and magazines. We witness a continuous stream of regulatory fine and sanction announcements and breach notifications. We see organizations singled out in news stories and blog posts and on talk shows for bad privacy practices.

“Shift Left” for higher quality at greater speed – PoV

An IBM focus on optimizing testing and deployment supports “Shift Left” practices that test both earlier than in standard practice and continuously to eliminate long back-end test cycles, increase quality and reduce the possibility of unpleasant surprises at the end of the cycle.

Five Levels of Embedded BI for your SaaS Application

The expanding role of data in business management promises smarter operational applications that manage and automate better processes. This new breed of intelligent applications, called analytic applications, is transforming how organizations and other applications consume information to drive improved business performance and competitive advantage.