1 / 17

Application Security-as-a-Service

Application Security-as-a-Service. Changing Landscape of Enterprise Security. <1 %. 70 %. The application layer has become the attack surface of choice. IT spend on application security as a part of total security budget. Gartner estimate 2013. $ 7.2 Million.

bond
Download Presentation

Application Security-as-a-Service

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Application Security-as-a-Service

  2. Changing Landscape of Enterprise Security <1% 70% The application layer has become the attack surface of choice IT spend on application security as a part of total security budget Gartner estimate 2013 $7.2 Million Average cost ofcybercrime incident Ponemon Institute 2013 2

  3. Application Environment Cloud, Web Services, Partner Apps, SAML Users External Data Services Mobile & Multi-device User Generated Content Firewall incl. WAFs VPN External Employees Dynamic Database Built in-house & externally Internal Employees Distributed 3

  4. The problem with WAFs Network security products including WAFs deliver false positives and cannot provide true application security Option 1: Highest WAF Setting 4

  5. The problem with WAFs Network security products including WAFs deliver false positives and cannot provide true application security Option 2: Lowest WAF Setting 5

  6. Application Security and the SDLC When a zero day attack occurs: - the application is unprotected - no intelligence on attack exists - past definitions need to be updated - application needs to be remediated - process starts again… SCA, DAST and home-grown security processes offer no protection from sophisticated attacks 6

  7. Introducing Prevoty Prevoty operates in-app, leveraging our contextual and behavioral engine to automatically secure users, content and queries in real-time Cloud, Web Services, Partner Apps, SAML Users External Data Services Mobile & Multi-device User Generated Content Firewall incl. WAFs VPN External Employees Dynamic Database Built in-house & externally Internal Employees Distributed 7

  8. Prevoty Enterprise A fully integrated suite of products to address the topapplication security threats Trusted Content Protects web applications from injection attacks contained in content created by external & internal users, as well as web services. Trusted Query Prevents SQL injections by detecting & blocking malicious queries. Trusted Token Prevents session theft and cross-site request forgery (CSRF) while identifying malicious users tampering with tokens. 8

  9. Prevoty delivers real-time active defense and intelligence acmeinvesting.com 9

  10. With Prevoty, your applications protect themselves… • No dependence on past definitions • Easily added to new and existing applications • No exposure to zero days for XSS, SQL injection & CSRF • Avoids costly application remediation • Real-time application intelligence to an SEIM 10

  11. 360 input validation Injections & spam “We trust Prevoty to sanitize all content flowing through our CMS and help us run our business securely and present a safe experience on our website.” Chief Architect, Sony Pictures Entertainment “We stay ahead of the curve by partnering with the most advanced security vendors. Before Prevoty, we were remediating - today, we’re preventing.” Boris Sverdlik, Head of Platform Security at Tagged “We partnered with Prevoty because it is able to remove malicious code injections while identifying spam and profanity more effectively and with better success than what we've previously seen in the market.” CTO, Bleacher Report (Turner Group) User input validation Injections, spam & phishing CMS Injections & session theft Customer Examples ( CMS, comments, profiles, etc. ) 11

  12. Technical Overview and Demo

  13. Trusted Content Protects web applications from injection attacks contained in content created by external & internal users, as well as web services. 13

  14. Trusted Query Prevents SQL injections by detecting & blocking malicious queries. 14

  15. 7 Trusted Token Prevents session theft and cross-site request forgery (CSRF) while identifying malicious users tampering with tokens. 15

  16. Management Dashboard • Real-time dashboard featuring analytics across attack types • Supports multi-tenant management • Point-and-click configuration management as well as granular setup • Automatically push data into your data stores (e.g. Splunk) 16

  17. Learn more at prevoty.com If you could have your Applicationsprotect themselves, why wouldn’t you?

More Related