We surveyed 100 CISOs and security decision makers and found that today’s application security teams are facing 3 distinct issues that lead to vulnerability:
1. Active and efficient adversaries
2. A ballooning attack surface
3. Cybersecurity resource shortage
When combined, these adverse conditions form a ‘vulnerability cycle’ – leaving organizations susceptible to a breach or worse.
Attend this webinar and you will:
- Get plans to combat these 3 issues in 2017
- Learn how to dissect each component of the vulnerability cycle
- Discover security tools and best practices
- Find out top CISO investments for 2017
2. 2
JASON HADDIX
HEAD OF TRUST
AND SECURITY
BRAD ARKIN
CISO
ADOBE SYSTEMS
SPEAKERS
KIM GREEN
CISO
ZEPHYR HEALTH
3. AGENDA
• Dissect each component of the Vulnerability Cycle
• Explore top CISO challenges and opportunities for 2017
• Security tools and best practices
3
5. WHAT ISSUES ARE WE
ADDRESSING?
5
Ballooning
attack surface
Cybersecurity
resource
shortage
Broken
status-quo
Active, efficient
adversaries
Breaking the status quo
Active
Efficient
Adversaries
Ballooning
Attack
Surface
Cybersecurity
Resource
Shortage
6. ACTIVE AND EFFICIENT ADVERSARIES
6
Hacking is overwhelmingly the leading cause of data breaches
0%
10%
20%
30%
40%
50%
60%
2007 2008 2009 2010 2011 2012 2013 2014 2015 2016
AxisTitle
Insider Theft
Hacking / Skimming / Phishing
Data on the Move
Accidental Email/ Internet Exposure
Subcontractor / 3rd Party / Business
Associate
Employee Error / Negligence / Improper
Disposal / Loss
Physical Theft
12. AND STILL, WE’RE LEFT VULNERABLE
12
Time
Automation
Pen
Test
Zone of
Vulnerability
Blindness
Zone of
Vulnerability
Blindness
Code
Release
Code
Release
Vulnerability
Awareness
Pen
Test
14. VARIATIONS OF BUG BOUNTY PROGRAMS
14
Private ongoing
program
Public ongoing
program
Point-in-time “On-Demand” programs
Public
Private
15. BUG BOUNTIES MEET SECURITY NEEDS
15
• Addresses staffing and
resourcing challenges
• Works within appsec budgeting
constraints
• Improves internal security
culture and supports training
initiatives
16. 16
Only crazy tech
companies run
bug bounty
programs
Bug bounties
don’t attract
talented testers
or results
They’re too
hard to manage
and too
expensive
Running a
bounty program
is too risky
PERCEIVED CHALLENGES IN
RUNNING A BOUNTY
PROGRAM
17. Financial Services Consumer Tech Retail & Ecommerce Infrastructure Technology
Automotive Security Technology Other
WIDE ADOPTION OF CROWDSOURCED SECURITY
17
18. A RADICAL CYBER SECURITY
ADVANTAGE:
Enterprise Bug Bounty Solutions & Hackers On-Demand
• 300+ Programs run
• Every program is managed by Bugcrowd
• Deep researcher engagement and support
• No confusing pricing models and no bounty
commissions
• 50,000+ researchers
18
Curated Crowd that
Thinks like an
Adversary but acts as
an ally to Find
Vulnerabilities
A Platform That
Simplifies Connecting
Researchers to
Organizations, Saving
You Time and Money
Security Expertise To
Design, Support, and
Manage Crowd
Security Programs
19. 19
JASON HADDIX
HEAD OF TRUST AND
SECURITY
BRAD ARKIN
CISO
ADOBE SYSTEMS
Q&A
KIM GREEN
CISO
ZEPHYR HEALTH
@JHADDIX @KIM1GREEN @BRADARKIN