Page 129 - CDM-Cyber-Warnings-March-2014
P. 129
(SCA) products. The company CTO, Maty Siman, presented some surprising findings about the low security standards of Wordpress websites in the RSA Studio Track. "It's a Jungle Out There: The Security State of CMS Platforms" captivated the attention of attending CISOs, InfoSec executives and officials. "We are seeing a growing number of large scale security breaches that start at the application layer," explains Checkmarx's CEO Emmanuel Benzaquen. "Organizations are looking to introduce application security testing as an integral part of their Software Development Lifecycle (SDLC) and identify vulnerabilities as early as possible. Checkmarx allows its customers to automate software security testing, fully integrated into the SDLC." The importance of having a safe SDLC was emphasized at the RSA by Mr.Yair Rovek, security specialist at Liveperson. A long-time customer of Checkmarx, Rovek showed how easy and effective it is to integrate the CxSuite and its variants into the Agile development environment. "How We Implemented Security in Agile for 20 SCRUMs – and Lived to Tell" showed the success Liveperson has had after adopting the SCA security methodology. Checkmarx has already penned deals with Fortune 1000 customers from the software, banking, and e-commerce, government and defense industries. Additionally, companies like Saleforce.com, the largest CRM Company in the world, has adopted the Checkmarx solution and integrated it into its application development environment. In addition, the team was pleased to tell me that Israel's leading technology publication, TheMarker.com, recently placed Checkmarx as one of the top 10 Israeli startups to watch out for in 2014. SunGard Availibility Services A handful of themes tend to dominate conference sessions and vendor sales pitches at each RSA conference. Among this year’s most prominent themes were security intelligence and Software-defined Security. These are not entirely new, but rather refinements of last year’s themes of big data security and security virtualization, respectively. Security intelligence is by far the more mature and concretely defined of the two. A fairly consistent vision for security intelligence was emerging at RSA; one combining analytics, correlation, threat data, packet capture and log retention, along with the associated operational processes. Vendors in this space typically have a background in one of these areas and are working to expand their core product with additional capabilities. SunGard Availability Services considers security intelligence to be an integral part of our overall security strategy. This team has been investing in this area for some time in terms of developing both technical capabilities and operational processes, and expect it to continue to be an area of focus in 2014 and beyond. Due to the popularity of Software-defined Networking (SDN) and Network Function Virtualization (NFV), Software-defined Security may have received as much attention at RSA as security intelligence, but for considerably less substance. The prefix “Software-defined” could be found in front of products ranging from firewalls to configuration management software to hardware network taps. Not surprisingly, the most mature entries at RSA came from large network device vendors typically positioned as part of a larger SDN/NFV strategy, with security functions such as firewall and IPS as simply another virtualized network function. SunGard " # % " $ " # ! !
