Synopsys Security Event Israel Presentation: Keynote: Securing Your Software, Today and in the Future
2 likes434 views
Synopsys, Inc. is a leading provider of software security solutions and consulting services, recognized for its expertise in application security and risk management across various industries. With over 4,000 clients, including major financial and technology organizations, Synopsys offers a range of tools and services that help teams build secure, high-quality software efficiently while addressing evolving security challenges. The company emphasizes a multi-layered approach to software security, integrating automation, testing, and training into development workflows.
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software, Today and in the Future
- 1. © 2018 Synopsys, Inc. 1 Build Secure, High-Quality Software Faster Girish Janardhanudu, Vice President, Security Consulting, Software Integrity Group
- 2. © 2018 Synopsys, Inc. 2 A solid foundation for long term stability and growth 1 Microsoft 2 Oracle 3 SAP 4 Symantec 5 VMware 6 Salesforce 7 Intuit 8 CA Technologies 9 Adobe 10 Teradata 11 Amdocs 12 Cerner 13 Citrix 14 Autodesk 15 Synopsys 16 Sage Group 17 Akamai Technologies 18 Nuance 19 Open Text 20 F5 Networks Top 20 Global Software Companies Engineering Culture Total Employees: ~12,000 Engineers: 50% Software Integrity Group: ~1,500 Global Reach 30+ years Market Cap: ~ $13B 2017 Revenue: $2.7B
- 3. © 2018 Synopsys, Inc. 3 Application security is in our DNA The authority on open source security & risk management Published Thought Leadership in software security The team and technology that found Heartbleed Pioneer in Software Quality and Software Security Static Analysis Pioneer of IAST - Interactive Application Security Testing
- 4. © 2018 Synopsys, Inc. 4 Mobile / Consumer Devices Enterprise Networking and Software High Reliability Systems Financial Services Deep experience in software security and quality testing for many industries
- 5. © 2018 Synopsys, Inc. 5 A trusted partner to over 4,000 companies 16 of the top 20 commercial banks 9 of the top 10 ISVs 7 of the top 10 aerospace and defense firms 8 of the top 10 global brands 6 of the top 10 semiconductor companies
- 6. © 2018 Synopsys, Inc. 6 The recognized leader in end-to-end application security Forrester Wave Static Application Security Testing Forrester Wave Software Composition Analysis Gartner Magic Quadrant Application Security Testing Synopsys is the only vendor recognized as the leader in both SAST and SCA
- 7. © 2018 Synopsys, Inc. 7 Major security trends • Increased regulations • Data manipulation vs data access • Shortage of security resources • Pace of attacks • IOT (edge of the network) • DevSecOpps, Cloud & CI/CD • Secure by design or “shift left”
- 8. © 2018 Synopsys, Inc. 8 Major security trends • Increased regulations • Data manipulation vs data access • Shortage of security resources • Pace of attacks • IOT (edge of the network) • DevSecOpps, Cloud & CI/CD • Secure by design or “shift left”
- 9. © 2018 Synopsys, Inc. 10 The Evolving Landscape of Software Development Impacts Software Integrity Embedded devices Cloud (private, hybrid, public) Languages, open source and frameworks New tech stacks and attack surfaces Agile, DevOpsSec, CI/CD Fit into toolchain eco-systems Automation through toolchain integration New development philosophies and approaches Comprehensive view into risk Accuracy and speed of quality defects and security vulnerability feedback Focus Lack visibility into evolving application portfolio Align with workflow timeframes Security as a core component of quality Testing coverage and depth Changing testing demands
- 10. © 2018 Synopsys, Inc. 11 To succeed, you need to take a multi-layer approach Strategy Programs Services Tools
- 11. © 2018 Synopsys, Inc. 12 We help teams build secure, high quality software faster DevSecOps Tools Managed Services Strategy & Planning Professional Services Build Security In Maturity Model (BSIMM) Coverity Static Analysis Black Duck Software Composition Analysis Seeker / Defensics Dynamic Analysis DevSecOps Integration Architecture and Design Security Training Cloud Security Industry Solutions Maturity Action Plan (MAP) Mobile Security Testing SAST Penetration Testing DAST
- 12. © 2018 Synopsys, Inc. 13 We help teams build secure, high quality software faster DevSecOps Tools Managed Services Strategy & Planning Professional Services Build Security In Maturity Model (BSIMM) Coverity Static Analysis Black Duck Software Composition Analysis Seeker / Defensics Dynamic Analysis DevSecOps Integration Architecture and Design Security Training Cloud Security Industry Solutions Maturity Action Plan (MAP) Mobile Security Testing SAST Penetration Testing DAST
- 13. © 2018 Synopsys, Inc. 14 Scale• Augmenting internal teams with external resources for scalability • Identify and prioritize vulnerabilities for remediation • Integrating with DevOps Software Security Initiatives are a Journey Launch • Pen testing to find vulnerabilities • Compliance driven • Low level testing • Programmatically managing risk across your software release cycles • Driving efficiencies through SDLC integration • Purposeful blend of automated and manual testing processes Optimize OVERLAYINTEGRATE REACT PREVENT
- 14. © 2018 Synopsys, Inc. 15 Know where your software security initiatives stand compared to your peers BSIMM - Build Security In Maturity Model • Base your SSI on industry best practices • Compare your SSI against others using 200+ metrics • Benchmark and track SSI growth • Interact and learn from BSIMM community peers Strategy & Planning
- 15. © 2018 Synopsys, Inc. 16 • Set objectives, outline a strategy, identify resources • Equip staff to build and operate secure software • Define how and when to address each software asset • Plan activities to verify your software security program Build, evolve, and maintain your software security initiatives MAP – Maturity Action Plan Strategy & Planning
- 16. © 2018 Synopsys, Inc. 17 What this means to our customers Any test Static, software composition, or dynamic analysis On any software From legacy to mobile to cloud to IoT and beyond At any depth From rapid automated scanning to comprehensive analysis With complete flexibility From DevSecOps tools to on-demand services At any SDLC stage From design & build to integrate & deploy With tools and services From strategy & planning to acceleration & integration
- 17. Thank You