© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Improving your business through applications that you can trustEduardo Vianna de Camargo Neves, CISSPSales Manager, Enterprise Accounts Brazil

HP Protect 2014 – Washington, DC

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.2

1996 1998 2001 2013 2014

IT Network Security Consultant

CISO Fortify Specialist

Sales Manager

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Let´s talk about trust.

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Track history is only one component of a complex equation.

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Threats can emerge from unlikely places.

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

But if you can figure out when a threat is coming…

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

You can plan an apply an effective defense system.

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

But to work, we need to rethink what we learned about trust.

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.9

U$ 7,22 millions per yearis the average investment per company to solve issues generated by cybercrime

Source: 2013 Cost of Cyber Crime Study: Global Report, Sponsored by HP Enterprise Security

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.10

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Something must change if we want to succeed.

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Understanding the current attack surface.

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.15

Making U$ 92 millions in five simple steps

1

1Find a software security defect.

2

2Inject a malware on the system.

3

3Hide your presence from current defenses.

4

4Extract all credit card data you want.

5 Sell the data for a large and hungry customer base.

5

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.165X

84%

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.17

The root-cause analysis for software security

0.40

Design Build Test Deploy

1.752.25

Architecture Definition Software Build Test Scoping

System Integration

Source: Jones, Casper. “Software Defect Origins and Removal Methods”. December, 2012

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.18

What we can expect for a near future

Hybrid Models RisksBig Data

Local ITLocal + Cloud

+ ?Megabytes Zetabytes Localized Contextualized

• More complexity• Less visibility and

control• New threats may be

unknown

• More analysis requirements

• Structured x Non-structured

• Decision taking

• Compliance requirements

• Distributed attack surface

• Holistic Risk Management

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.19

HP Fortify as a enabler for trustful software

ApplicationProtection

Software Security Assurance

Application Assessment

Find FixFortif

y

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.20

HP Fortify on the Software Development Lifecycle

HP Fortify SCA

HP WebInspect

Design Build Test Deploy

HP Fortify RTA

HP ApplicationView

HP Fortify SSC

HP Fortify on Demand

HP FortifyIDE Plug-Ins

Training Sessions

ProfessionalServices

HP Application Defender

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.21

Secure software can generate measurable benefits for the entire organization

Working with trusted software

Rational money allocation

Strategic and measurable

results

Pro active compliance measures

Integrated approach to

control the attack surface

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.22

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

”

“Change is the law of life. And those who look only to the past or present are certain to miss the future.John F.

Kennedy

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Thank you.