VMware and Trend Micro: Security for the Software Defined Datacenter – Trend Micro

Hello, I'm Steve Kwan[sp]. And I'm here with Adim Nahid[sp] And we're excited to do another year of a great partnership between VMware and Trend Micro. Over the last [xx] years our customer have been moving quickly to adopt cloud. And security is top of mind for them and I think the relationship has really …

Digital Security Software

SO, IF YOU AE THE PARENT OF A TEENAGER, YOUMIGHT WANT TO LISTEN UP.

I'M LISTENING BECAUSE I'VE GOT A PRE-TEEN.

MORE AND MORE TEENS ANDEVEN PRE-TEENS GO ONLINE AS WE KNOW.

THEY'RE USING THEIR CELL PHONES, THEIR LAPTOPS, THEIRTABLETS, MOMS AND DADS NEED TO BE EXTRA DILIGENT, 24/7 IN FACT TO KEEP THEM OUT OF DIGITAL HARMSWAY.

WITH US THIS MORNING TO DISCUSS HOW TO DO JUST THAT – HOW TO KEEP OUR CHILDREN SAFEIN AN ONLINE WORLD IS STACY CONNER, DIRECTOR OF WORLDWIDE RETAIL MARKETING FOR MCAFEE,HEY STACY, GOOD MORNING.

HI, GOOD MORNING DANIELLE.

TIMELY TOPIC, GIVEN THAT I DO HAVE A 12 YEAR-OLDIN MY HOUSE, RIGHT NOW, AND SO WHAT CAN YOU TELL US ABOUT KIDS ONLINE HABITS THAT WE ASPARENTS MIGHT NOT KNOW.

WELL, THE FIRST THING I WOULD SAY IS, THERE'SSOME GAPS, THERE'S SOME PRETTY BIG GAPS.

IT'S INTERESTING MCAFEE JUST DID A STUDY CALLEDTHE DIGTAL DECEPTION SURVEY, WHERE WE WENT OUT AND TALKED TO TWEENS AND TEENS ABOUT THEIRONLINE HABITS AND ABOUT THE DEVICES THAT THEY USE SUCH AS TABLETS AND SMART PHONES.

HERE'SWHAT WE LEARNED.

THE BIG THING? KIDS ARE ONLINE TWICE AS MUCH AS THE PARENTS THINK THEY ARE.

ALSO, THEIR TAKING MEASURES TO PUT VERY PERSONAL INFORMATION OUT ABOUT THEMSELVES ONLINE ANDALSO TAKING PROACTIVE MEASURES TO KEEP PARENTS IN THE DARK ABOUT WHAT THEY'RE DOING.

SO, THEIR BEING SLICK AND YRYING TO FOOL US IS WHAT YOU'RE SAYING (LAUGHS).

THAT'S A TEEN FOR YOU, RIGHT? UM, BUT THE OTHER THING THE MOST CONCERNINGTHING THAT I FOUND FROM THE STUDY WAS THE FACT THAT THESE TEENS AND TWEENS ALREADY AREHAVING NEGATIVE ONLINE EXPERIENCES IN THE FORM OF CYBER BULLYING OR OTHER CYBER THREATSAND THINGS LIKE THAT, AND YOU KNOW, ALL OF THIS DATA LED MCAFEE TO CREATE A NEW PRODUCTTHAT WE CALL MCAFEE LIVE SAFE.

I THINK I LOVE THAT BECAUSE ONE OF THE THINGSFOR ME AS A PARENT I WILL DO ANY AND EVERYTHING TO PROTECT MY CHILDREN IN THE PHYSICAL WORLD.

YES.

IT'S A LITTLE MORE DIFFICULT TO DO IN THECYBER WORLD, WHAT CAN WE DO TO PROTECT OUR FAMILY?WELL, I THINK TWO THINGS COME TO MIND, THE FIRST IS HAVE CONVERSATIONS WITH YOUR TWEENSAND TEENS, MAKE SURE YOU START THAT DIALOGUE AND AS A PARENT MAKE SURE THAT YOU'VE GOTTHAT AWARENESS AS FAR AS HOW YOUR TEENS ARE ENGAGING ONLINE AND WHAT TECHNOLOGIES THEY'REREALLY USING.

I ALSO LIKE TO REMIND PARENTS, THOUGH, THAT YOU HAVE TO HAVE SECURITY ONEVERY SINGLE DEVICE THAT THEY'RE GOING TO USE.

IF IT'S A TABLET, IF IT'S A SMART PHONE,WHETHER THEY'RE USING IT FOR FIVE MINUTES A DAY, OR FIVE HOURS A DAY, IT ABSOLUTELYHAS TO HAVE SUCURITY.

THE THING AS ADULTS THAT WE KNOW IS WE ALL HAVE GOT DIGITAL FOOTPRINTS,EVERY TIME WE PUT SOMETHING OUT OR PUT A POST ON FACEBOOK OR TWITTER OR ENGAGE WITH THEINTERNET IN ANY WAY, OUR DIGITAL FOOTPRINT GROWS.

BUT GUESS WHAT? OUR TWEENS AND TEENSARE ALSO STARTING THEIR DIGITAL FOOTPRINTS AND IT'S REALLY IMPORTNAT TO PROTECT THATFOOTPRINT FROM EARLY ON.

I THINK IT'S INTERESTING BECAUSE THEY DON'TKNOW WHAT WE KNOW ABOUT THAT DIGITAL FOOTPRINT, SO WE MAY BE MORE CAREFUL IN TERMS OF WHATWE PUT ONLINE THAT MAY BE TWEENAGERS AND TEENAGERS DO WHO DON'T KNOW.

SO, WHEN IT COMES TO SECURITYSOFTWARE, THEN WHAT FEATURES ARE MOST IMPORTANT? WELL, THE FIRST THING IS A SECURITY FEATURETHAT ALLOWS YOU TO PUT SECURITY ON EVERY DEVIE THATS IN YOUR HOUSEHOLD.

WE CALL THAT UNLIMITEDDEVICE COVERAGE.

WHEN YOU BRING A NEW DEVICE INTO YOUR HOME, YOU DON'T WANT TO HAVE TOWORRY ABOUT GOING OUT AND BUYING A NEW SOFTWARE SECURITY PACKAGE TO PUT ON IT, YOU JUST WANTA SECURITY PROGRAM THAT YOU CAN DEPLOY TO THAT DEVICE AS SOON AS YOU BRING IT IN THEHOME.

NOW, FOR OUR KIDS AND OUR TWEENS, ONE OF THE MOST IMPORTANT FEATURES THAT YOU CANHAVE IS SOMETHING CALLED PARENTAL CONTROLS.

OKAY.

THIS IS GOING TO ALLOW YOU TO TRACK INTERNET USAGE, MONITOR THE SITES THEY GO ON AND IT'SALSO GOING TO ALLOW THOSE TWEENS AND KIDS TO KNOW IF THEY'RE ABOUT TO GO TO A GOOD SITEOR MAYBE A NOT SO GOOD SITE.

FOR OUR TEEN SET, THE BIG THING IS A COUPLE OF THINGS;OUR TEENS ARE USING TABLETS AND SMART PHONES MORE AND MORE, AND GUESS WHAT? THEY GET LOST,THEY GET STOLEN.

UM HMM.

SO, HAVING A FEATURE THAT ENABLES YOU TO LOCATE, LOCK AND WIPE THE DEVICE, SHOULD IT BECOMELOST OR STOLEN, IS ABSOLUTELY CRITICAL.

SO STACY, IN ALL HONESTY, IS THERE A WAY THATWE AS PARENTS CAN KIND OF BE THAT SOFTWARE EXPERT AND TRULY PROTECT OURSELVES AND OURFAMILIES? THE ANSWER, DANIELLE, IS NO.

PARENTS DON'TNEED TO BE SOFTWARE EXPERTS, MCAFFEE IS THE SOFTWARE EXPERT.

LET US DELIVER THAT EXPERTISETO YOU, BUT IT IS ABSOLUTELY POSSIBLE FOR YOU TO PROTECT YOUR FAMILY WITH A GREAT PRODUCTWITH EASY TO USE FEATURES AND THAT'S MACAFEE LIVE SAFE.

JUST ABOUT TEN SECONDS LEFT, WHAT ARE THE MOST IMPORTANT THINGS THAT WE NEED TO REMEMBERWHEN IT COMES TO OUR KIDS ONLINE SAFETY? HAVE THE CONVERSATION AND BE AWARE ABOUT WHATYOUR TWEENS AND TEENS ANRE DOING ONLINE, HAVE SOME SECURITY ON EVERY SINGLE DEVICE THATTHEY MIGHT BE USING AND MAKE SURE THAT IT'S GOT THOSE CRITICAL FEATURES LIKE PARENTALCONTROLS AND AVAILABILITY TO LOCATE, LOCK AND WIPE, AND I JUST WANT TO POINT OUT THATOUR MCAFEE LIVE SAFE PRODUCT HAS ALL OF THAT.

AND YOU KNOW THEY'LL HATE US NOW BUT THEY'LLTHANK US LATER.

ABSOLUTELY.

I TELL MY KID THAT ALL THE TIME (LAUGHS).

THANK YOU SO MUCH STACY FOR COMING BY, GREATINFORMATION.

THANK YOU.

AND IF YOU'D LIKE TO PROTECT YOUR FAMILY VISIT THE FOLKS OVER AT MCAFEE BY GOING TO LIVESAFE.

COM,THAT'S LIVE, L-I-V-E SAFE DOT COM.

OH, AND DON'T FORGET TO VISIT US ON FACEBOOK, SHARENY OF YOUR INTERNET STORIES OR DIGITAL CONCERNS.

THATS FACEBOOKBALANCINGACTFANS.

Source: Youtube

Eagle Investment Systems: Ensuring Software Quality & Security with Coverity

Eagle Investment Systems is a financial servicestechnology firm.

Our objective is to help our customers to grow their assets efficiently.

We provide data management, accounting and performance solutions to a global client baseand as a result of being wholly owned by BN MELLON? we can offer a number of differentservices from either an on premise solution to a secure private cloud one to a full businessoutsourcing capability.

We wanted to take a holistic view of our SDLC,of our software development lifecycle.

We wanted to work with vendors that were industryexperts, best of breed technologists in their spaces.

Piece those together to really enhancea quality program around how we release software to the marketplace.

And we felt some of thecapabilities and checkers that Coverity provided gave us that.

Working with Coverity duringthat proof of concept, we were very, very impressed by the comprehensive and in-depthnumber of checkers that were available to us for our C++ code.

We were also really impressedby the access to some of the senior engineers that would work with us on a one on one basisto understand how the tool worked and how we can use it to drive our efficiency.

It was a tool built by developers, for developers.

So what that really meant was that we couldcontinue to maintain a good, healthy environment around development but at the same time ensurethat the developers were managing their own quality defects.

One of the things that wereally liked about the Coverity application was its alignment to the CWE, the Common WeaknessEnumeration library.

It helped us in terms of explaining the types of defects to notjust our engineering staff, but our services and support teams.

We have two implementation strategies for how we leverage Coverity.

The first is reallyensuring that there are no new defects in the application.

So as we're doing daily builds,our engineers are getting informed of defects or software coding flaws as early on in thecycle as possible.

The second piece is really around managing defect density and managingtechnical debt.

So if there's an error in our application where we feel we need to focusattention on, we shift resources into that area and drive down the defect density onthat particular subject.

Application security is a key discipline within a software developmentlifecycle, especially as we deliver our software through Eagle Access, our secure private cloud.

A recent extension of our use of Coverity has included checks on the C# code.

And whatthat allows us to do it help our engineers understand common vulnerabilities using theCWE libraries, as well as the OWASP libraries.

So Eagle's an Agile R&D shop.

A couple ofthings that we do and how plug Coverity into them is we build our software at least oncea day.

So what that means is as our engineers get Coverity defect feedback every morning,so whether it's the offshore guys or the onshore team, they're able to evaluate any flaws thatthey may have introduced into the previous day's development.

Quality is crucial to our business.

Our clients rely on our solutions every single day topower their investment decisions.

Really the ROI for us was being able to identify issuesearlier in the lifecycle.

It's fairly well known that the longer that a defect continuesdown that software development lifecycle and literally ends up into production, the morecostly it is for a firm.

What we wanted to do was identify as many of those issues aspossible, as early in the process as possible, so that we can continue to drive efficienciesand continue to deliver quality to our customers.

Source: Youtube

SolarWinds Security Software – Log & Event Manager

Hello, I'm Rob Johnson, Sales Engineer here at SolarWinds and today I'd like to introduce you to an important product in SolarWinds' security portfolio: SolarWinds Log & Event Manager or LEM.

Log & Event Manager is a Security Information & Event Management (or SIEM) product designed to make monitoring log data for security easy.

SIEM solutions, like LEM, are built on the principle that centralizing your log data, analyzing it in real-time, and providing you actionable intelligence is critical to keeping your business secure.

Core features of SIEM solutions include: Log & event data centralization, Event correlation historical analysis or search and reporting.

Log & Event Manager has these features and more.

The heart of any SIEM tool is data collection.

Collecting this data is the core of your ability to track, audit, and correlate critical security events.

LEM supports data collection from hundreds of different devices out-of-the-box.

These devices and logs generate messages that include things like authentication, network and security activity, system changes, and more.

Correlation is an important feature of true SIEM tools, and LEM provides real-time event correlation as your events are collected.

Correlation rules can be as simple as "any logon failure" to the more complex "alert on logon failures to my servers from remote desktop.

" Also, time and frequency correlations like "alert me when you see 5 logon failures from the same IP address to my servers from remote desktop" to multiple event correlations like "alert me when you see multiple logon failures followed by a successful logon from the same account.

" LEM also ships with hundreds of predefined correlation rules out-of-the-box to solve your most critical log & event monitoring needs quickly.

Beyond correlation, LEM has the ability to automate remediation steps with dozens of built-in active responses.

Within a correlation rule or manually from your LEM console, if you spot suspicious activity yourself , you can instantly perform actions like disabling a domain user account after repeat suspicious activity, removing a user from a privileged group like local admins, or blocking an attacking IP address.

LEM's visibility extends beyond servers and network devices into endpoint activity as well.

With USB-Defender, you can monitor systems for usage of USB mass storage devices, including what files and processes are being launched.

If you see something you don't like you can detach the USB device or build correlation rules to detach automatically based on what should be allowed.

If you need to extend your USB device policy to laptops that might be regularly disconnected or isolated, USB-Defender includes local policies that will be enforced as if they were.

Once you've started collecting log & event data, it's critical to have extended historical analysis, search, and reporting capabilities as well.

Troubleshoot or perform some basic forensic analysis with LEM's historical search functionality, which includes visual tools to help spot potential issues without combing through text of log records.

Report on historical data to create audit trails using our hundreds of pre-built report templates.

Last but not least, compliance initiatives all but spell out that a SIEM system is critical in establishing and maintaining compliance with requirements like PCI, HIPAA, Sarbanes-Oxley and others, not to mention countless internal audit requirements.

LEM includes content categorized specifically for compliance, making it easy to find various rules and reports applicable to a range of industries.

To learn more or to download a fully-functional 30-day trial of LEM, go to www.

Solarwinds.

Com.

Source: Youtube

How to delete incompatible software with Kaspersky Small Office Security 3

Before you install the Kaspersky SmallOffice Security 3, it is recommended to delete previouslyinstalled Kaspersky Lab products or other anti-virus programs.

If any other anti-virus software remains onyour PC before the installation, it will be found by the setup wizard andremoved automatically.

If the wizard is unable to remove itautomatically it will ask you to remove such software manually How to remove an incompatible program onWindows 8: right click on the blank space on thehome screen click all apps button on the bar thatwill appear in the bottom left corner of the screen in the app's list find the program andright click on it click Remove on the app bar that appearsnext select the program in the programs andfeatures window double click on the name of the program the on installation wizard will start wait until the process is finished.

To remove an incompatible program onWindows Vista, Windows 7, click the start button in the bottomleft corner of the screen select control panel in the menu select programs in the control panelwindow select programs and components in theprogram's window find and select the program that must beremoved in the programs and components window click Yes in the programs and componentswindow.

The computer will start to removeantivirus software, wait until the process is finished.

If you cannot remove the program bymeans of Windows use the corresponding uninstall utilityprogram.

Source: Youtube

Digital Security Software

FIRST IT WAS DESKTOPS, THENLAPTOPS AND NOW TABLETS AND SMARTPHONES ARE TAKING THE WORLDBY STORM.

IN FACT BY LATE 2014 TABLETS AREPREDICTED TO OUTSELL LAPTOPS FOR THE FIRST TIME EVER.

AND THIS YEAR SMARTPHONES WILL OUTSELL NON SMARTPHONES WILL 6BILLION MOBILE DEVICES IN USE WORLDWIDE.

THAT BLOWS MY MIND.

WELL, HERE TO DISCUSS CYBERTHREATS ON DIGITAL DEVICES THAT ORGANIZE AND MANAGE OUR LIVES.

IS STACEY CONNER.

DIRECTOR OF WORLDWIDE MARKETINGAT MACAFEE.

WELCOME BACK.

IT IS ALWAYS SO GREAT TO HAVE YOU HERE.

IT'S GREAT TO BE BACK.

THANK YOU.

NOW, MOST OF US ARE FAMILIAR WITH SOFTWARE PROTECTION ON OURHOME COMPUTERS.

WE KNOW THAT.

BUT WHAT ABOUT WITH ALL THESE NEW SMARTPHONES AND TABLETS.

JULIE QUITE SIMPLY CONSUMERS AREN'T PROTECTING THESE MOBILEDEVICES.

THE TABLETS AND SMARTPHONES AREJUST NOT GETTING PROTECTED AND I THINK WE SEE THIS A LOT.

YOU KNOW WHEN PEOPLE START TO ENGAGE WITH NEW TECHNOLOGY FORTHE FIRST TIME THEY START TO USE THE BASIC FEATURE AND THEY USEIT A LITTLE MORE AND LITTLE MORE.

AND BEFORE YOU KNOW IT, IT'S AS CRITICAL TO YOU AS YOUR WALLETAND CAR KEYS.

WHAT'S FUNNY IS THAT MACAFEERECENTLY COMPLETELY DIGITAL ASSET SURVEY.

AND WE ASKED FOLKS, WHAT IS THE VALUE OF THE ASSETS THAT ARE ONYOUR DIGITAL DEVICES.

AND WHAT WE'VE FOUND.

$35,000.

WHAT?$35,000! UNPROTECTED!UNPROTECTED! WHAT WE'RE FINDING IS THAT WHILEPEOPLE THINK THAT THIS $35,000 WORTH OF ASSETS AREIRREPLACEABLE YET 75% DON'T HAVE ANY KIND OF SOFTWARE TO PROTECTIT.

NOW, TABLETS AND SMARTPHONES VS.

LAPTOPS AND COMPUTERS.

HOW DO THE THREATS DIFFER?THEY REALLY DIFFER IN 2 VERY BIG DIFFERENT WAYS.

THE FIRST FROM A PHYSICAL STANDPOINT.

THE COMPACT NATURE AND FOOTPRINT OFTHESE MOBILE DEVICES MAKE THEM ALITTLE MORE SUSCEPTIBLE TO BEING LOST OR STOLEN.

THE SECOND WAY THAT THEY REALLY DIFFER IS FROM A CYBER POINT OFVIEW.

SO, FROM A PHYSICAL STANDPOINT,IN THAT MOMENT THAT YOU LOSE OR YOUR DEVICE IS STOLEN.

WHAT YOU WANT TO HAVE IS A FEATURE THAT WILL LOCATE, LOCKAND WIPE THAT DEVICE.

WOW.

IF IT'S JUST GONE.

FROM A CYBER PERSPECTIVE.

THE THREATS REALLY MANIFEST THEMSELVES IN THE FORM OF THEAPPLICATIONS THAT WE'RE ALL DOWNLOADING AND USING.

WHAT WE DON'T KNOW SOMETIMES IS THAT THESE APPS THAT DOWNLOADAND USE ARE ACTUALLY COLLECTING A LITTLE BIT MORE INFORMATIONABOUT US THAN WE MIGHT THINK.

OH NO.

YEAH.

YEAH.

AND IT SEEMS THAT SMARTPHONES AND TABLETS ARE GETTING CHEAPERAND CHEAPER.

AND WE CAN JUST REPLACE THEM.

WHY SHOULD WE PROTECT THEM? BECAUSE IT'S REALLY NOT ABOUTPROTECTING THAT DEVICE THAT'S GETTING CHEAPER AND CHEAPER.

IT'S ABOUT PROTECTING THE INFORMATION THAT YOU'RE PUTTINOUT.

THAT'S GETTING MORE AND MOREVALUABLE.

NOW, MANY MOMS AND DADS GIVETHEIR KIDS THEIR OLD LAPTOPS, TABLETS, PHONES.

I AM SO GUILTY OF THIS.

HOW CAN WE BE SURE THAT THOSEARE PROTECTED.

WELL, I'M GUILTY OF IT TOO.

SO THAT'S WHY I UNDERSTAND THIS ONE.

OK.

I WOULD SAY THE FIRST THING ISMAKE SURE THE DEVICE THAT YOU'RE GIVING YOUR CHILD OR TEEN ORTWEEN HAS THE APPROPRIATE COMPREHENSIVE SECURITY ON THEDEVICE.

YOU WANT TO MAKE SURE IT HASFEATURES LIKE PARENTAL CONTROLS AND INTERNET SEARCH FILTERS.

THE ABILITY FOR THE KIDS TO UNDERSTAND THAT IF THEY AREABOUT TO HIT A GOOD SITE, OR A BAD ONE.

YOU KNOW, AS ADULTS WE KIND OF HAVE THAT 6TH SENSE.

RIGHT.

IF SOMETHING JUST FEELS RIGHT.

BUT OUR KIDS JUST HAVEN'T DEVELOPED THAT YET.

AND SO THAT'S WHY IT'S SO IMPORTANT TO HAVE A TECHNOLOGYTHAT'S GOT THEIR BACK.

TO MAKE SURE THEY ARE SURFINGTHE INTERNET AND ENGAGING WITH TECHNOLOGY IN THE ABSOLUTESAFEST WAY POSSIBLE.

AND BEST THING ABOUT THATMACAFEE LIVE SAFE PRODUCT THAT WE'VE JUST BROUGHT TO MARKET.

IT DOES ALL OF THAT.

OH WELL THAT'S GREAT.

WHAT'S YOUR ONE BIG TAKE AWAY? WHAT'S THE MOST IMPORTANT THINGIS YOU COULD SAY ONE THING? IF I COULD SAY ONE THING, ITWOULD BE HAVE PROTECTION ON THE MOBILE DEVICES.

THEY CONNECT TO THE SAME INTERNET THAT YOUR PC DOES ANDTHEY ARE ABSOLUTELY AS VULNERABLE TO SAME KINDS OFTHREATS TO HAVING MOBILE PROTECTION ON ALL OF THOSEDEVICES ABSOLUTELY CRITICAL.

MACAFEE LIVE SAFE IS THE PERFECTPRODUCT TO DO THAT.

CAN YOU JUST COME OVER AND LOOKTHROUGH MY HOUSE.

I'D BE HAPPY TO.

STACEY IT'S ALWAYS TO GREAT TO HAVE YOU HERE.

WHAT A GREAT WAY TO WRAP UP OUR WHOLE SERIES ON SECURITY ANDDIGITAL SECURITY.

THANK YOU SO MUCH FOR JOININGUS.

I ENJOYED IT.

THANK YOU.

THANKS.

AND IT YOU'D LIKE TO FIND OUT MORE ABOUT PROTECTING YOURTABLETS, MOBILE DEVICES, AND OTHER DIGITAL SERVICES PLEASEVISIT LIVESAFE.

COM THAT'S LIVESAFE.

COMAND SHARE YOUR SECURITY CONCERNS WITH US ONFACEBOOK AT BALANCINGACTFANS.

Source: Youtube

antivirus windows firewall software windows security center can’t be started

Hi Windows security system can’t be started Do you face this problem? Click start then select control panel System and security then click action center Notice windows security center service (important) In red color it means important action needed Click on turn on now Action center massage appear The Windows security system can’t be started How to solve it?Click on windows start write service on search box On search result right click on service Select run as administrator Browse service local and select security center We can enlarge the description pan that explain the function Select security center and double click Security center properties pop up Or you can right click on security center and select properties On security center properties pop up go to startup type You discover it is disable select automatic from the drop down list Then click apply and click start and press ok and close the service local Click on windows start select control panel System and security then click action center Now window firewall is turned off or setup incorrectly Click on turn on now Then click turn on manually update firewall click use recommended setting Windows firewall error code massage pop up Click on windows start write service on search box On search result right click on service Select run as administrator Browse service local and select firewall it was disabled Double click firewall properties pop up On firewall properties pop up go to startup type You discover it is disable select automatic from the drop down list Then click apply and click start and press ok and close the service local And now network firewall is on Windows firewall is actively protecting your computer That’s it Thank you for watching fawziacademy please subscribe.

Source: Youtube

The difference between software quality and security defects

Both quality and security defects are bugs,right.

They’re software defects at the end of the day.

It’s really the effect of thosedefects, and who can exploit them and in what way that makes them a quality or securityproblem.

Now, I think developers tend to be less well trained on security as a group.

Quality problems, they tend to be able to recognize better and be able to fix better.

But ultimately these are code level problems and as such, I don’t think there’s reallya clear line between the two.

If you look at many programs, and many programming languages,the exact same bug could be both quality problem and security problem.

And I that that blurringis not necessarily a bad thing, it’s a good thing, because it makes developers realizethat they need to look at the quality and the security of the software together, inorder to get it right.

Source: Youtube

Coverity and Synopsys: Providing Software Quality and Security

So as you heard Aart talk about in his keynote,about a month ago we signed an agreement to acquire Coverity that enters for us the SoftwareQuality and Analysis measurement market.

You can see this is a large market.

It’s about500 million dollars today according to IDC and growing pretty rapidly, about 20 percentper year.

The good news is that with this announcement, we enter this market as theleader.

So why is this market growing so rapidly.

Well I think it’s obvious to everyone that the role of software in the world is justdramatically exploding.

We see in our traditional customer base, and among the companies thatare here at SNUG, many many companies are hiring more software engineers than hardwareengineers today.

And then you look outside of the companies that are attending SNUG today,and many many industries are basically based on software.

Their main differentiation ison software.

They are essentially software companies, whether they are energy companiesor retail companies or telecommunications companies or oil and gas companies.

It’sall built on a software infrastructure.

And if you think about software, it has reallychanged, how we’ve developed software, very much over the last 20 years.

Software is stilldeveloped more or less like cars were developed a hundred years ago.

We write the software.

We get in it, we drive it along and we wait for a wheel to fall off.

And when that happens,we figure out why the wheel fell off, slap it back on, get back in the car and go a littlebit further down the road, and figure out why that wheel came off, etc.

etc.

So this is great but it is really not going to work moving forward.

You see all the timethe cost of software defects exploding.

As a matter of fact, this is probably one ofthe major items in the nightly news.

Now it has always been a problem.

All the way backin 1962, software was destroying space crafts but back then, it was probably a yearly occurrence.

Now you can’t turn on the tv without learning about some major corporation that’s beenembarrassed or practically destroyed or lost 10 percent of their revenue or lost a bunchof their market cap or lost 500 million dollars in just a few minutes because of some defectin software.

So it’s hard to say exactly how much thisis really costing the world but there have been a couple of attempts.

Back in 2002, theNational Institute of Standards estimated that software defects were costing the U.

S.

Economy about 60 billion dollars at that time.

More recently Cambridge University, in 2011,came out with a study in 2012, saying that software defects cost the world economy somethingover 300 billion dollars.

So the scary part isn’t so much what happens now, the 300billion dollars that we’re spending on software defects now.

But it’s really what happensfive and ten years from now if this problem doesn’t get solved.

Right now, softwareis… I think we’re ending the era of flat software.

I’ve talked to customers in thelast month that have 500 million lines of software.

But mostly, it’s just sittingthere and one piece of it is executing at a time.

Now we’re entering an era wherewe’re going to have software in our cars, interacting with navigation systems, drivingour cars for us or at least assisting us, getting much much more complicated.

Much muchmore interactive.

And we just can’t afford to continue forward and end up spending trillionsof dollars in the world working on software defects.

So what can we do about this.

I think it’s time to put some real engineering power behindthis.

You saw this slide that Aart talked about this morning.

This was essentially the‘what if’ slide that launched Synopsys.

And the idea here was, what if a developercan come up with a high level design description, run it through some Secret Technology X, andcome out with a correct schematic.

Wouldn’t that be wonderful.

And that’s really theinnovation that launched the digital revolution.

I mean, there were many.

But without logicsynthesis, we would not have the computers and the mobile technology etc.

that we havetoday, that is essentially driving everything.

So in software, is it possible to do somethingsimilar.

What if there was a software developer and instead of coming up with a concept fora chip, he was writing software.

He was writing C code and I’m sure most of you have alreadydiscerned the bug in that code there… That’s a little piece of bad code.

Unfortunately,the bug in there is one that is going to be intermittent and very hard to find becauseit’s not going to act the same way every time you find it.

But it’s an easy bug toadd.

We all do it, all the time.

In all my coding, every day, I do the same thing.

Whatif you were able to come up with a Technology Y that would go in and identify, without runningand waiting for the wheel to fall off, identify exactly what’s wrong with the code.

Goingback and telling the developer.

Maybe even eventually fixing it for him and allowingyou to spit out good code right after that.

That would be pretty important.

And that’sexactly what Coverity does.

Source: Youtube

More software security, not security software

Hi I'm Dan Raywood IT Security Guru Here with Jeremiah Grossman who is CEO and founder of WhiteHat Security How are you doing? I'm good.

How are you? I'm great thank you very much.

So we've had a conversation about software and security what's the analogy you've just given me? I like what we do.

We need more software security not security software So what you mean is we need software security.

Just explain what you mean exactly So instead of just going out and buying hardware and firewall or antivirus.

We need to make our software more secure.

You know the operating systems we buy the web servers that we buy, the word processors and everything in between.

Because when you really look at information security as far as what the bad guys are going after.

They're targeting exploiting software, so we need software to defend it's self rather than layers of insecure defending the things I think you said that people are buying boxes still trying to hope that that's going to save them and you see more of them move away from that.

I hope were gonna.

I think the world is in transition right now.

We're starting to see over and over again with all the breaches that more boxes more firewall more antivirus is not the answer.

We have to look at Information Security in a completely new way.

We have to get data focused and software security focused and then also drive up the cost of the bad guys.

We start using those three ideas and we'll start to make real improvements in the state of the security of our systems We've had in the last few months the Target breach, the HeartBleed vulnerability and literally at the time of filming we were just talking about this Zero Day.

Is it just that there's a problem in software with those three or two of those three software issues? And that's where the security needs to be more focused.

Yeah those are just the latest examples in a long line of examples of the last 15 years.

That are just you know.

These are software security problems that are not fixable by network security control or even more krpto for that matter even though we take it.

We need more secure software that again drives up the cost of the bad guy.

Unless we start addressing this as a software security problem not a network security control were gonna keep suffering the same rally.

We'll keep having these same discussions Yep And I would like to see things improve I think that's where the world is going Okay.

Well maybe in 12 months time we'll meet again we'll see what's changed.

But Do you think anything would have changed or do you think we're going to stay the same? Well you know there are examples out there you have Microsoft with DEP If you're not familiar with those technologies they're things to make software security harder to crack they assume properties that are harder to exploit We have to use more examples like these across the industry, more ways to make software just that much more secure that much harder to exploit Oh again we'll see where we are in a few month time.

Jeremiah thanks for your time.

Thank you.

Source: Youtube