Make  Security  a  Competitive  Advantage

Mordecai  (Mo)  Rosen  

SECURITY

SECURITY

General  Manager,  SecurityCA  Technologies

General  ManagerCA  Veracode

Sam  King

2 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS

Eliminate  Barriers  Between  Ideas  and  Outcomes

CREATE  AN  AGILE  BUSINESS

BUILD  BETTER      APPS  FASTER

MAKE  SECURITY  A  COMPETITIVE  ADVANTAGE

MAXIMIZE  APPLICATION  PERFORMANCE

3 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS

HOME  AUTOMATION

PHYSICAL  SECURITY

EHEALTH  DEVICES

WEARABLES

SMART  METERS

SHIPPING  LOGISTICS

PROPERTY  MANAGEMENT  

ECOLOGY

FACTORY  AUTOMATION

SMART  PHONES

TABLETS

CAMERAS

PHONES

TELEVISIONS

AUTOMOBILES

THERMOSTATS

WWW

CHAT  &  IM

APISERVICES

CLOUDSERVICES

First  a  Brief  History  ofTHE  EXPANDING  DIGITAL  EXPERIENCE  

4 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS

THE  DIGITAL  EXPERIENCE  Is  Between  Users  and  Applications

HOME  AUTOMATION

PHYSICAL  SECURITY

EHEALTH  DEVICES

WEARABLES

SMART  METERS

SHIPPING  LOGISTICS

PROPERTY  MANAGEMENT  

ECOLOGY

FACTORY  AUTOMATION

SMART  PHONES

TABLETS

CAMERAS

PHONES

TELEVISIONS

AUTOMOBILES

THERMOSTATS

WWW

CHAT  &  IM

APISERVICES

CLOUDSERVICES

5 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS

MAKES  EVERY  COMPANY  A  SOFTWARE  COMPANYAPPLICATIONEXPLOSION

CONSUMERIZEDIT

CONNECTEDENTERPRISESDIGITAL

MARKETPLACES

DIGITALWORKPLACES

CONNECTEDIOT

The  Application  Economy

6 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS

The  Application  EconomyREQUIRES  NEW  THINKING  ON  SECURITY

FIREWALLIDS/IPS

WEB  PROXYANTI-­VIRUS

ANTI-­MALWARE

100%INEFFECTIVE

USERS  &  APPSUNDER  ATTACK

SHADOW  IT30% Of  all  attacks  will  be  in  

shadow  IT  resources

APP  DEFECTS90% Of  breaches caused  

by  application  defects

3RD  PARTY  RISK70% Of  attacks  targeted a  

secondary  source  

IDENTITY  FRAUD80% Of  breaches  used  lost  

stolen  &  weak  credentials

CREDIT  FRAUD42% Of  all  data  stolen  is

credit  card  data  FireEye  Study  of  6  Months  of  Penetration  Testing  

7 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS

A QUESTION OF TRUST

USERS

INTERACTIONS

APPLICATIONS

Security  Becomes

8 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS

CA  Security  Strategy  To  SECURING  THE  APPLICATION  ECONOMY

TRUSTEDUSERS  &

APPLICATIONS  

PREVENTATIVE  DETECTION  &RESPONSIVE

INSIGHT  ANALYTICS  &INTELLIGENCE

FRICTIONLESS  SECURITY  &EXPERIENCE

CORE  PRINCIPLES  

9 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS

IDENTITY  &ACCESS  

APPLICATIONSECURITY

APISECRUITY

PAYMENTSECURITY

PRODUCT  PORTFOLIO

CA  Security  Strategy  To  SECURING  THE  APPLICATION  ECONOMY

10 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS

LINES  OF  CODE  SCANNED6  TRILLION

1400  CUSTOMERS 400KAPPLICATION  SECURITY  ADVISORY  HOURS

35.5M SECURITY  FLAWS  FIXED

4X GARTNERMQ  LEADER

24 LANGUAGES77 FRAMEWORKS

APPLICATIONSECURITY

CA  VERACODE

11 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS

EnsuringGREAT  SOFTWARE  IS  SECURE  SOFTWARE

EMPOWERDEVELOPERS  TO  SECURE  CODE

INTEGRATED  INTOCONTINUOUS  DELIVERY

EARLY  DETECTTO  REDUCE  COST

AUTOMATED  TO  REDUCE  MTTR

12 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS

CODE\COMMIT BUILD

TEST

RELEASE OPERATE

SECURITY  INTO  CONTINUOUS  DELIVERY  

TEST TEST

DevSecOps

SECURE  SOFTWARE  DEVELOPENT

SECURITY  ASSURANCE

OPERATIONAL  APPLICATION  SECURITY

Merging

13 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS

CODE\COMMIT BUILD

TEST

RELEASE OPERATE

SECURE  SOFTWARE  DEVELOPENT

SECURITY  ASSURANCE

OPERATIONAL  APPLICATION  SECURITY

DevSecOps

TEST TEST

CA  Veracode  Greenlight CA  Veracode  Static  Analysis

CA  Veracode  Web  Application  Scanning

CA  Veracode  Runtime  Protection

CA  Veracode  Software  Composition  Analysis

CA  Veracode  Integrations,  APIs

CA  Veracode  eLearning

14 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS

Securing  Applications  With  NEXT  GENERATION  IDENTITY  MANAGEMENT

80%of  all  data  breaches  exploit  lost,  stolen  &  weak  credentials

HYBRIDCLOUD

DEVELOPERAPIs

BEHAVIORANALYTICS

15 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS

API  ENABLED

HIGH  SCALE  APPLIANCE

HYBRIDCLOUD

SECURE  CONTINUOUSDELIVERY    

PRIVILEGEDGOVERNANCE

Central  Authentication

Credential  Vault

Policy  Enforcement

Role  -­ Based  Access

Federated  Identity Session  Recording

CA  Privileged  Access  Manager

PROTECTING PRIVILEGED IDENTITY

16 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS

ENABLINGAPP TO APPTRUST

User  &  App  Authentication  API

Mobile  Authentication  API

Secure  Server  Communications

Context  BasedRisk  Analysis

CA  Rapid  App  Security

Risk  Based  Analytics

17 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS

RISKANALYTICSWORKS

EMPIRICALLY

18 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD        #NOBARRIERS

Digital  Payments  Fraud

Directory

Identity  Management

Privileged  Access  Management

Single  Sign-­‐on

Identity  Governance

Risk  Based  Authentication

Orchestrating  Identity  &  AccessEmployees  &  

Administrators

Customers  &  Partners

Internet  of  Things

Developers

Cloud  Services

On  Premise  Apps

Mobile

Web

API

CA  Security  &  Identity  Management  Portfolio

19 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD        #NOBARRIERS

CONTROLLING  PRIVILEGED  ACCESS

IN  A  WORLD  ON  TIME

20 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD        #NOBARRIERS

CONTROLLING  PRIVILEGED  ACCESS

IN  A  WORLD  ON  TIME

21 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD        #NOBARRIERS

CONTROLLING  PRIVILEGED  ACCESS

IN  A  WORLD  ON  TIME

22 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD        #NOBARRIERS

CONTROLLING  PRIVILEGED  ACCESS

IN  A  WORLD  ON  TIME

23 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD        #NOBARRIERS

CONTROLLING  PRIVILEGED  ACCESS

IN  A  WORLD  ON  TIME

24 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS

APPLICATIONSECURITYTESTING

FRICTIONLESS  

25 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS

APPLICATIONSECURITYTESTING

FRICTIONLESS  

26 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS

APPLICATIONSECURITYTESTING

FRICTIONLESS  

27 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS

ARTHURWONG

Interview  With

SVP  &  GMDXC  Security  

28 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS

ARTHURWONG

Interview  With

SVP  &  GMDXC  Security  

29 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS

ARTHURWONG

Interview  With

SVP  &  GMDXC  Security  

30 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS

ARTHURWONG

Interview  With

SVP  &  GMDXC  Security  

31 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS

BREAKING BARRIERS AWARD

Mo  AhddoudFirst  UK  critical  infrastructure  company  running  100%  in  the  cloud  

Todd  OxfordEnabled  disaster  recovery  access  to  comply  with  FEMA  first  &  second  line  response  regulations

Mark  MerkowIntegrating  app  security  testing  into  SDLC  for  500+  developer  organization

32 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS

BREAKING BARRIERS AWARD

Mo  AhddoudFirst  UK  critical  infrastructure  company  running  100%  in  the  cloud  

Todd  OxfordEnabled  disaster  recovery  access  to  comply  with  FEMA  first  &  second  line  response  regulations

Mark  MerkowIntegrating  app  security  testing  into  SDLC  for  500+  developer  organization

33 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS

BREAKING BARRIERS AWARD

Mo  AhddoudFirst  UK  critical  infrastructure  company  running  100%  in  the  cloud  

Todd  OxfordEnabled  disaster  recovery  access  to  comply  with  FEMA  first  &  second  line  response  regulations

Mark  MerkowIntegrating  app  security  testing  into  SDLC  for  500+  developer  organization

34 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS

BREAKING BARRIERS AWARD

Mo  AhddoudFirst  UK  critical  infrastructure  company  running  100%  in  the  cloud  

Todd  OxfordEnabled  disaster  recovery  access  to  comply  with  FEMA  first  &  second  line  response  regulations

Mark  MerkowIntegrating  app  security  testing  into  SDLC  for  500+  developer  organization

35 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS

CA  World ’17

See  the  latest  innovation  in  the  demo  area  

Immerse  in  all  of  the  customer  case  studies  on  stage

Meet  with  our  product  teams  at  the  executive  center

36 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS

Thank  you.

Stay  connected  at  communities.ca.com

&  community.veracode.com

37 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS

Security  and  DevSecOps

For  more  information  on  Security,please  visit:  http://cainc.to/CAW17-­Security

For  more  information  on  DevSecOps,please  visit:  http://cainc.to/CAW17-­DevSecOps

For  more  information  on  Veracode,please  visit:  http://community.veracode.com