Fortify Software

Government

Industry Situation

Government organizations throughout the US and across the globe are experiencing dramatic increases in the quantity and sophistication of cyber crime attacks. Whether it’s high profile targets, such as the US military and intelligence agencies, or less sophisticated ones, such as state and local governments, the threat of losing data or suffering a shutdown in the operations is real. The hackers include foreign governments, organized crime, and even individuals within the US. As a result of the recent increase, several compliance regulations, such as FISMA, have been developed to help government agencies understand what steps need to be taken. However most agencies find they must go beyond FISMA to ensure they are protecting the software that runs their organizations, and the securing their confidential

Key Challenges for Government Entities

Huge onslaught of attacks
Increasing focus on the application layer
Increasing reliance on software to run critical operations, be it military, intelligence, civilian, or local
Outsourced code development where security isn’t a guarantee
Legacy code bases that were not designed to be accessed via a Web Application, a mobile phone, or other new access points

Key Trends in Attacks

In 2005, 2% of all attacks against the United States Air Force (USAF) were against their applications. In 2007, 36% of attacks were against their applications - USAF
Major breaches have already occurred, where military personnel records have been compromised
In 2006, 31% of US records stolen via a data breach were in the government sector - Privacy Rights, Clearinghouse

Actions Taken by the US Government

In 2007, the USAF kicked off the largest software security initiative ever. They purchased over $10MM of application security solutions, including source code analyzers, dynamic security testing tools, application shields, and database security tools. The USAF is a leader in application security, mostly due to the critical software they run, the important data they store, and the large quantify of attacks they face every day. Other government entities, including intelligence agencies, civilian branches of the government, and even state/local agencies have started rolling out software security solutions to protect their data and software.

How Fortify can Help

Fortify offers a comprehensive suite of solutions, called Fortify 360, which enables an organization to conduct static analysis of an application’s source code, dynamic analysis of a running application, and real time monitoring and protection for a deployed application. No other company offers all three of these solutions in one integrated platform. Fortify brings these technologies together and correlates the results, helping an organization prioritize issues and understand the security state of an application at any point in time. Fortify is trusted by more government organizations that any other application security company and is at the cutting edge of vulnerability research, tool development, and deployment practices