Fortify Software

Fortify Software

Home Solutions Financial Services

Financial Services

Industry Situation

With extremely large asset bases to protect, financial services companies are one of the prime targets for organized crime, foreign governments, and malicious insiders. These organizations experience a steady and sophisticated barrage of online attacks on a daily basis. They also face a major threat from malicious insiders, such as disgruntled employees or laid off workers. Over the last 10 years, online attacks have evolved from attempts to crack the corporate network to directed attacks on the company's applications. Rich Web applications offering new capabilities, and increased functionality opening up legacy systems and applications originally not designed with security in mind have provided the hacking community with substantial avenues for attack.

Key Challenges for Financial Services

  • Legacy code bases that were not designed to be accessed via a Web Application
  • Outsourced code development where security isn’t transparent
  • Limited security expertise in the development group
  • Short deadlines for development
  • Focus on new features and functionality, rather than security

Key Trends and Statistics

  • 75% of all breaches are due to software flaws
    - Gartner
  • In 2006, financial services companies lost over 5.8 MM records
    - Privacy Rights, Clearinghouse
  • The cost of a breach for financial institutions is over $300 per record lost
    - Forrester

Actions Taken by Financial Services

In order to counter these growing threats, financial services companies have led the charge in deploying application security technologies and developing new processes. The most common technologies include

Source Code Analysis
Nearly every international financial services company, and several regional ones, has started the process of rolling out source code analysis in their security and development teams.

Dynamic Security Testing:
Dynamic security testing can include pen testing, web application scanning, attack path tracing, and other techniques to test an application once it’s up and running. Some of these techniques, such as pen testing, are designed for security professionals, while others are designed to be used in the QA group.

Real-Time Protection

Many organizations are also beginning to deploy real time solutions to monitor and protect Web applications once in production. This provides insight into the types of attacks and offers a layer of active protection.

How Fortify Can Help

Fortify offers a comprehensive suite of solutions, called Fortify 360, which enables a financial services organization to conduct static analysis of an application’s source code, dynamic analysis of a running application, and real time monitoring and protection for a deployed application. No other company offers all three of these solutions in one integrated platform. Fortify brings these technologies together and correlates the results, helping an organization prioritize issues and understand the security state of an application at any point in time. Fortify is trusted by more financial services organization that any other application security company and is at the cutting edge of vulnerability research, tool development, and deployment practices.

Fortify Experience

Fortify is helping over 300 companies secure and protect their applications, including:

  • The top 5 commercial banks
  • 7 of the 8 largest banks
  • 3 of the top 6 securities firms
  • 2 of top 3 insurance firms
  • 3 of the leading 4 accounting firms

Sign up for a Free Trial

Contact me about products from Fortify Software

Contact Fortify Software

Downloads

© 2008 Fortify Software Inc., Headquartered in San Mateo, CA USA, (650) 358-5600

Purchase | Register | Software Security Blog | Contact Us | Privacy