User Blogs

User Blogs

Discussions and Blogs

Apr 15

Study Shows Single Software Security Incidents Costs Average $300,000

Posted by: Robert Siciliano in MyBlog

Tagged in: IT Security , HP , Aberdeen Group

Robert Siciliano

A recent study of more than 150 organizations conducted by Aberdeen Group(1) found that the average total cost to remediate a single application security incident is approximately $300,000. As security incidents can happen at any point in the application life cycle, modernization initiatives can prove especially costly if they are not proactively secured from development to operations.

“Application security” is an often used term when, during the software development cycle, the software or application goes through a series of “penetration tests” designed to seek out vulnerabilities that could be exploited in the field. It is important to understand that flaws, bugs, holes, vulnerabilities, or whatever you call them, are often detected after the launch of software. This costs companies big bugs when a security incident arises.

While both developers and criminals have many of the same tools, the bad guys seem to have an edge and are often able exploit those flaws before developers can find and fix them.

HP today announced the first application security analysis solution that discovers the root cause of software vulnerabilities by observing attacks in real time.

HP Fortify Real-Time Hybrid Analysis, used in concert with the new HP Fortify 360 v3.0 and HP Application Security Center 9.0, helps organizations proactively reduce business risk and protect against malicious software attacks.

Enterprises using the new HP offerings can deliver the application security intelligence required to effectively manage risk across the life cycle. By taking a pragmatic approach that secures applications from development to operations, organizations can develop a scalable, repeatable and cost-effective security assurance program to further reduce risk.

“The traditional approach of single-point security solutions helps secure parts of a business, but limits enterprises from making informed decisions,” said Joseph Feiman, vice president and fellow, Gartner. “To make optimal security and risk management decisions, enterprises must move from technological security silos to enterprise security intelligence. This can be achieved through the interaction of different technologies as well as contextual analyses of integrated security and business information.”

Based on advanced application security technologies, the new solutions help clients:

—  Immediately respond to business threats: With new technology that correlates code-level analysis, HP Fortify Real-Time Hybrid Analysis allows organizations to observe security attacks as they happen to identify the point of vulnerability in code;

—  Manage enterprise risk from applications: Proactively protect against threat risks and address compliance requirements through HP Fortify 360 Server, which detects security vulnerabilities across architectural layers and prioritizes remediation;

—  Accelerate innovation with the latest technologies: Through expanded automation and web services testing capabilities, HP WebInspect 9.0 and HP Assessment Management Platform 9.0 increase security testing coverage of complex Web 2.0 applications;

—  Enhance productivity through greater collaboration: With new features that centralize vulnerability and remediation issues, HP WebInspect 9.0 reduces the time to recreate and fix security defects, allowing developers, quality assurance and security teams to cover more applications with fewer resources; and

—  Protect the integrity of the enterprise: Providing new programming language support and integrations with HP WebInspect, HP Fortify On Demand tests the security of all applications quickly, accurately and affordably.

“Applications bring new enterprise opportunities, but the threat landscape is constantly evolving,” said John M. Jack, vice president, HP Fortify business unit, Software, HP. “With new advanced real-time security technologies, HP is delivering the application security intelligence needed to drive innovation while lowering the enterprise risk associated with it.”

These new security solutions are key elements of the HP Security Intelligence and Risk Management Framework, which helps businesses and governments in pursuit of an Instant-On Enterprise. In a world of continuous connectivity, the Instant-On Enterprise embeds technology in everything it does to securely serve customers, employees, partners and citizens with whatever they need, instantly.

The new HP Fortify releases, part of HP Hybrid Delivery, are offered through multiple delivery models, including on-premise, on-demand software-as-a-service and managed services.

Robert Siciliano is an Identity Theft Expert. See him discussing identity theft on YouTube. 

Comments (0)add comment

Write comment


Subscribe via Email

 Your Email:

Tag Cloud

2012 abduction Aberdeen Group alarm alarms Android Apple Apps ATM Skimming Audit Bank Fraud Banking Security BillGuard BlackBerry botnet BPM breaches BS 25999 burglar burglary Business Continuity BYOD change management cheating children pictures Cloud Cloud Security Cobit collaboration Community discussion Compliance computer failure Consumer IT Tips contactless credit card credit card breaches Credit Card Fraud credit cards credit fraud Cross-Device Security Cyber gangs cyber monday Cyber Security cyberbullying cybercrime cybercriminal cybercriminals cybersecurity cyberwise data Data Backup Data Breaches data security Data Storage DDOS Device Reputation digital devices Digital Forensics digital life Digital Security digitally secure Disaster Recovery DNS download DPI driver's license dumps E-Commerce eBanking Electronic Discovery Electronic ESI electronic passport EMV Endpoint Security entity theft Epsilon ERM ESI Ethics Events Facebook FCC FCPA FDIC Federal Government FFIEC Financial Crisis firewall FourSquare Fraud gaming Gartner Geo-tagging gold farming Governance GPS grc GRC evaluation GRC Marketplace GRC technology readiness GRChange Green IT grey charges guard dogs Hackers Hackproof Hacktivism holidays home invasion home security Hotspot HP IAM iCloud id ID Theft Identity theft Information Management Information Security Information Supply Insider Threat Internal Audit Internal Controls internet safety iOS app iovation IP address iphone iPhone security ISACA ISO 27000 ISO 27001 ISO 31000 IT Alignment it compliance it governance IT GRC Forum Events it risk management IT Security IT Service Management ITIL jailbreaking Jobs keylogger laptop security Litigation Malware marathon mCommerce Member Discount Mobile Mobile Apps Mobile Banking mobile device Mobile Device Management Mobile Devices Mobile payment mobile phone mobile security Mobile Wallet mSecurity Multi-Regulatory Compliance multifactor authentication myblog Network Security New Years NFC NFC app Online Backup Online Banking online dating online gaming online identity online privacy online safety Online Security online shopping Operational Management OSHA Outsourcing P2P Security Panel Partner Offers passport passwords PCI Performance Management personal data personal device Personal Security pheasting phishing Policy predator Privacy Prize Draw QR Codes ransomeware ransomware Regulation E remote access resume fraud Risk Assessment Risk Management RSA Rules safety tips scam scammer scammers Scams scareware Seasonal Security security apps security tips sext Shopping shredding skimming Skimming Fraud small business smartphone smartphones smishing Social Media social network Social Security SOX spammers spokesman Spyware SSDs Standards strangers Strategy tablets tax scams Tech tech support technology Threat Management Tokenization TQM Twitter typosquatting Virus VPN wallet web Webcast Q&A Wi-Fi WIFI WiFi password wireless