SlideShare a Scribd company logo

Cap gemini pitch

N
Nicolas Consigny

Cryptography is essential for security in modern IT networks but crypto implementations are fragile and prone to defects that can lead to data breaches. Most crypto flaws occur in applications rather than crypto libraries due to misuse. Cryptosense helps enterprises discover, analyze, and fix crypto errors in their infrastructure through tracing of crypto calls and proprietary analysis to detect flaws and generate audit reports. It works to improve security and help monitor ongoing security.

Technology
1 of 11
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
SECURE CRYPTO, EVERYWHERE.
2 Cryptography is the essential technology for the security of the distributed, open IT networks needed for modern business. ATMs Payment Terminals Internet of things Blockchain Mobile Cloud ?
3 Crypto is fragile: a tiny defect can result in complete loss of security and a massive data breach.
4 of crypto bugs are in applications, not in cryptographic library code* crypto misuse vulnerabilities added to the Mitre CVE database 2013 - 20151806 83% of crypto flaws cannot be detected by the best performing static analysis tool**98.3% * Lazar et al, Why does Cryptographic software fail? APSys ’14 ** 2013 NIST SATE Evaluation
5 Cryptosense helps enterprise security teams to: 1. Discover crypto use in their IT infrastructure 2. Analyse its security 3. Fix any errors found 4. Automate audit reports 5. Monitor ongoing security
6 != != ! Application CryptoLibrary 1. Tracing 2. Analysis* 3. Remediation* * Either on-premise or in the cloud as SAAS Our Analyzer tool works by tracing all calls from an application to its crypto library at run time, then analyzing these with our proprietary algorithms to detect flaws.
7 Crypto Analysis Report Risks Each rule has detailed risk assessment information. Failed Rules Click on a rule for more information on risks and to see the instances. Debug View Links to stacktraces to identify where in the application the weaknesses are.Instances Specific cases of failed rules. Can be shared, dismissed, and starred. Categories Easily view rules for each category type. DEMO
8 SAST e.g. Fortify, Veracode What existing tools cover... ...what Cryptosense covers. Transport protocol configuration Key management flaws Insecure credential storage Application-level protocol attacks Weak Algorithms and Block Modes Weak randomness Bad nonce management Mis-configured crypto in libraries & frameworks Insecure interactions DAST e.g. SSL Labs, Appscan Poor data-at-rest protection
9 testmycrypto.com Try it for yourself
10 Current clients ABOUT Funding bodies Prizes Academic spin-off (2013) »» 3 of top 5 European Banks »» 2 SIFIs (Financial Services Infrastructure Providers) »» US and French government agencies Global Finalist Future of Finance 2015 Winner Graham Steel, PhD CEO & Founder
11 Richard HornePhilippe LangloisRicardo FocardiGraham Steel Cryptosense is based in Paris where we profit from a talented pool of French-educated engineers. Co-founder of Qualys, CEO and founder of P1 Security Partner Cyber-Security PWC, Ex Director of Cyber Security at Barclays Bank Founders & Advisors CEO Chief Scientist Advisor Advisor World-renowned applied crypto researcher Prof at University of Venice in Formal Analysis of Crypto

More Related Content

PDF
How To Avoid The Top Ten Software Security Flaws
Priyanka Aash
 
PDF
Intelligent Application Security
Priyanka Aash
 
PDF
Wireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical Device
Priyanka Aash
 
PDF
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
MITRE - ATT&CKcon
 
PPTX
Decision criteria and analysis for hardware-based encryption
Thales e-Security
 
PDF
Introduction and a Look at Security Trends
Priyanka Aash
 
PDF
Cylance Information Security: Compromise Assessment Datasheet
Innovation Network Technologies: InNet
 
PDF
Reveelium Smart Predictive Analytics - Datasheet EN
ITrust - Cybersecurity as a Service
 
How To Avoid The Top Ten Software Security Flaws
Priyanka Aash
 
Intelligent Application Security
Priyanka Aash
 
Wireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical Device
Priyanka Aash
 
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
MITRE - ATT&CKcon
 
Decision criteria and analysis for hardware-based encryption
Thales e-Security
 
Introduction and a Look at Security Trends
Priyanka Aash
 
Cylance Information Security: Compromise Assessment Datasheet
Innovation Network Technologies: InNet
 
Reveelium Smart Predictive Analytics - Datasheet EN
ITrust - Cybersecurity as a Service
 

What's hot (20)

PDF
Cylance Protect-Next-Generation Antivirus-Overview
Innovation Network Technologies: InNet
 
PDF
Implementing An Automated Incident Response Architecture
Priyanka Aash
 
PPTX
Ethical hacking
hcls
 
PDF
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
Priyanka Aash
 
PDF
State of Cybersecurity: 2016 Findings and Implications
Priyanka Aash
 
PDF
AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?
Alejandro Correa Bahnsen, PhD
 
PDF
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
PPTX
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
North Texas Chapter of the ISSA
 
DOCX
Surelog Intelligence
Ertugrul Akbas
 
PDF
Evidence-Based Security: The New Top Five Controls
Priyanka Aash
 
PDF
Advanced Endpoint Protection
Mustafa YÜKSEL
 
PPTX
Protecting application delivery without network security blind spots
Thales e-Security
 
PDF
It's just a jump to the left (of boom): Prioritizing detection implementation...
MITRE ATT&CK
 
PDF
5 must-have security testing tools for your pentesting tasks
Pentest-Tools.com
 
PPTX
Effective Security Operation Center - present by Reza Adineh
ReZa AdineH
 
PDF
IDC Security 2014, Endpoint Security in Depth
Ken Tulegenov
 
PPTX
Anatomy of an Attack - Sophos Day Belux 2014
Sophos Benelux
 
PPTX
OWASP Nagpur Meet #4
OWASP Nagpur
 
PPTX
Review on Event Correlation- مروری بر روش های همبسته سازی در مدیریت رخداد
ReZa AdineH
 
PDF
MITRE ATT&CKcon 2018: Summiting the Pyramid of Pain: Operationalizing ATT&CK,...
MITRE - ATT&CKcon
 
Cylance Protect-Next-Generation Antivirus-Overview
Innovation Network Technologies: InNet
 
Implementing An Automated Incident Response Architecture
Priyanka Aash
 
Ethical hacking
hcls
 
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
Priyanka Aash
 
State of Cybersecurity: 2016 Findings and Implications
Priyanka Aash
 
AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?
Alejandro Correa Bahnsen, PhD
 
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
North Texas Chapter of the ISSA
 
Surelog Intelligence
Ertugrul Akbas
 
Evidence-Based Security: The New Top Five Controls
Priyanka Aash
 
Advanced Endpoint Protection
Mustafa YÜKSEL
 
Protecting application delivery without network security blind spots
Thales e-Security
 
It's just a jump to the left (of boom): Prioritizing detection implementation...
MITRE ATT&CK
 
5 must-have security testing tools for your pentesting tasks
Pentest-Tools.com
 
Effective Security Operation Center - present by Reza Adineh
ReZa AdineH
 
IDC Security 2014, Endpoint Security in Depth
Ken Tulegenov
 
Anatomy of an Attack - Sophos Day Belux 2014
Sophos Benelux
 
OWASP Nagpur Meet #4
OWASP Nagpur
 
Review on Event Correlation- مروری بر روش های همبسته سازی در مدیریت رخداد
ReZa AdineH
 
MITRE ATT&CKcon 2018: Summiting the Pyramid of Pain: Operationalizing ATT&CK,...
MITRE - ATT&CKcon
 
Ad

Viewers also liked (16)

PPTX
Why Just Making Great Games Is Not Enough | Anders Lykke
Jessica Tams
 
PPTX
Blueberray Project - SparksDrone - EN
SparksDrone Inc.
 
PPTX
Sedicii Introduction
Rob Leslie
 
PDF
Faclon Labs
Archit Naraniwal
 
PDF
Introducing Buddy: Your emotional assistant
Ismaël Méité
 
PDF
Hackmania Pitch Deck
Rajat Shahi
 
PDF
Preksh ir50
Sathvik Muralidhar
 
PDF
GetShift - IoT Devices Done Right.
Sean Greenhalgh
 
PPTX
The Lucky Iron Fish: Based on Science Built on Values
Gavin Armstrong
 
PDF
Presentation PickMeApp
Gustavo Ribeiro
 
PDF
Eticca Compliance - Institutional Presentation
Allan Costa
 
PPT
Leopetra brief product deck
Pranab G
 
PDF
Scedule pitch deck short
sebgross
 
PDF
DragonBill deck for Innovators Race 50.
DragonBill
 
PDF
The Virtual Insurance Agent that sells push based contextual microinsurance
Andrea Silvello
 
PPTX
Innovators race50 qlez
Deepak Kashyap
 
Why Just Making Great Games Is Not Enough | Anders Lykke
Jessica Tams
 
Blueberray Project - SparksDrone - EN
SparksDrone Inc.
 
Sedicii Introduction
Rob Leslie
 
Faclon Labs
Archit Naraniwal
 
Introducing Buddy: Your emotional assistant
Ismaël Méité
 
Hackmania Pitch Deck
Rajat Shahi
 
Preksh ir50
Sathvik Muralidhar
 
GetShift - IoT Devices Done Right.
Sean Greenhalgh
 
The Lucky Iron Fish: Based on Science Built on Values
Gavin Armstrong
 
Presentation PickMeApp
Gustavo Ribeiro
 
Eticca Compliance - Institutional Presentation
Allan Costa
 
Leopetra brief product deck
Pranab G
 
Scedule pitch deck short
sebgross
 
DragonBill deck for Innovators Race 50.
DragonBill
 
The Virtual Insurance Agent that sells push based contextual microinsurance
Andrea Silvello
 
Innovators race50 qlez
Deepak Kashyap
 
Ad

Similar to Cap gemini pitch (20)

PDF
Why Organisations Need_Barac
Barac
 
PDF
Cyber Defense Automation
♟Sergej Epp
 
PPTX
Security Architecture for Cyber Physical Systems
Alan Tatourian
 
PDF
CODE INSPECTION VIMRO 2015 MHF
FitCEO, Inc. (FCI)
 
PDF
INTERVIEW QUESTION FOR IT AUDITOR
Infosec Train
 
PDF
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Software Guru
 
PDF
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Angeloluca Barba
 
PDF
TechWiseTV Workshop: Encrypted Traffic Analytics
Robb Boyd
 
PPTX
Appsec2013 assurance tagging-robert martin
drewz lin
 
PDF
CompTIA Security+
Infosec Train
 
PDF
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
ShivamSharma909
 
PDF
Top Interview Questions for CompTIA Security +
infosec train
 
DOCX
Running Head Security Assessment Repot (SAR) .docx
SUBHI7
 
PDF
Adversary Emulation - Red Team Village - Mayhem 2020
Jorge Orchilles
 
PPTX
Presentation_SOC.pptx
MahmoudShoair2
 
PDF
Aujas incident management webinar deck 08162016
Karl Kispert
 
PPTX
Security engineering 101 when good design & security work together
Wendy Knox Everette
 
PDF
Top 10 Essential Ethical Hacker Tools Everyone Should Know.pdf
daksh908982
 
PDF
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
ITCamp
 
PDF
01_Metasploit - The Elixir of Network Security
Harish Chaudhary
 
Why Organisations Need_Barac
Barac
 
Cyber Defense Automation
♟Sergej Epp
 
Security Architecture for Cyber Physical Systems
Alan Tatourian
 
CODE INSPECTION VIMRO 2015 MHF
FitCEO, Inc. (FCI)
 
INTERVIEW QUESTION FOR IT AUDITOR
Infosec Train
 
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Software Guru
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Angeloluca Barba
 
TechWiseTV Workshop: Encrypted Traffic Analytics
Robb Boyd
 
Appsec2013 assurance tagging-robert martin
drewz lin
 
CompTIA Security+
Infosec Train
 
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
ShivamSharma909
 
Top Interview Questions for CompTIA Security +
infosec train
 
Running Head Security Assessment Repot (SAR) .docx
SUBHI7
 
Adversary Emulation - Red Team Village - Mayhem 2020
Jorge Orchilles
 
Presentation_SOC.pptx
MahmoudShoair2
 
Aujas incident management webinar deck 08162016
Karl Kispert
 
Security engineering 101 when good design & security work together
Wendy Knox Everette
 
Top 10 Essential Ethical Hacker Tools Everyone Should Know.pdf
daksh908982
 
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
ITCamp
 
01_Metasploit - The Elixir of Network Security
Harish Chaudhary
 

Recently uploaded (20)

PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Approach and Philosophy of On baking technology
30anthuong17
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Cloud computing and distributed systems.
kkkkkhan
 

Cap gemini pitch

  • 2. 2 Cryptography is the essential technology for the security of the distributed, open IT networks needed for modern business. ATMs Payment Terminals Internet of things Blockchain Mobile Cloud ?
  • 3. 3 Crypto is fragile: a tiny defect can result in complete loss of security and a massive data breach.
  • 4. 4 of crypto bugs are in applications, not in cryptographic library code* crypto misuse vulnerabilities added to the Mitre CVE database 2013 - 20151806 83% of crypto flaws cannot be detected by the best performing static analysis tool**98.3% * Lazar et al, Why does Cryptographic software fail? APSys ’14 ** 2013 NIST SATE Evaluation
  • 5. 5 Cryptosense helps enterprise security teams to: 1. Discover crypto use in their IT infrastructure 2. Analyse its security 3. Fix any errors found 4. Automate audit reports 5. Monitor ongoing security
  • 6. 6 != != ! Application CryptoLibrary 1. Tracing 2. Analysis* 3. Remediation* * Either on-premise or in the cloud as SAAS Our Analyzer tool works by tracing all calls from an application to its crypto library at run time, then analyzing these with our proprietary algorithms to detect flaws.
  • 7. 7 Crypto Analysis Report Risks Each rule has detailed risk assessment information. Failed Rules Click on a rule for more information on risks and to see the instances. Debug View Links to stacktraces to identify where in the application the weaknesses are.Instances Specific cases of failed rules. Can be shared, dismissed, and starred. Categories Easily view rules for each category type. DEMO
  • 8. 8 SAST e.g. Fortify, Veracode What existing tools cover... ...what Cryptosense covers. Transport protocol configuration Key management flaws Insecure credential storage Application-level protocol attacks Weak Algorithms and Block Modes Weak randomness Bad nonce management Mis-configured crypto in libraries & frameworks Insecure interactions DAST e.g. SSL Labs, Appscan Poor data-at-rest protection
  • 10. 10 Current clients ABOUT Funding bodies Prizes Academic spin-off (2013) »» 3 of top 5 European Banks »» 2 SIFIs (Financial Services Infrastructure Providers) »» US and French government agencies Global Finalist Future of Finance 2015 Winner Graham Steel, PhD CEO & Founder
  • 11. 11 Richard HornePhilippe LangloisRicardo FocardiGraham Steel Cryptosense is based in Paris where we profit from a talented pool of French-educated engineers. Co-founder of Qualys, CEO and founder of P1 Security Partner Cyber-Security PWC, Ex Director of Cyber Security at Barclays Bank Founders & Advisors CEO Chief Scientist Advisor Advisor World-renowned applied crypto researcher Prof at University of Venice in Formal Analysis of Crypto