Fortify Software’s flagship product, Fortify 360, is a suite of solutions for Software Security Assurance that combines analytical, remediation and management functions to eliminate vulnerabilities in business-critical software and applications. David Anumudu, Fortify Software Security Consultant, based in the United Kingdom, recently visited South Africa and worked with Blue Turtle Technologies in launching Fortify 360 to the local market.
“Fortify 360 was launched last year and while it has a strong presence in the US, UK and Asia Pacific, it is not widely known in Africa. To date there are over 500 customers in fields such as banking, insurance, government and defence. We identified Blue Turtle Technologies as an organisation with a good reputation in the region that had the types of customers that could benefit from Fortify products,” says Anumudu. Fortify 360 gives organisations the ability to analyse software from the start of its development, throughout the quality assurance and production phases, identifying vulnerabilities that could be exploited by hackers and cyber-criminals to steal valuable data or manipulate financial transactions.
It provides a repeatable, automated mechanism to identify latent risk. Anumudu notes that the suite of products signifies a shift in focus for software security. “Looking at the industry as a whole, the number of breaches, whether it be money lost, instances of online fraud or personal information revealed, continues to increase year on year. The amount of money spent on preventing these types of things has also increased. The traditional approach of using perimeter security in an organisation through firewalls is just not enough anymore. “The problem with firewalls on banking or online shopping sites is that gaps exist to allow customers access to the site. This opens up opportunities for hackers as well. Once they have access to the application, they begin looking for vulnerabilities in the software that they can exploit to get access to the data,” Anumudu says. “Organisations are generally not addressing the root cause of most security breaches, which are those exploitable vulnerabilities in the software itself.
In the past finding these vulnerabilities has been time consuming and difficult and there is a lot of pressure to minimise time to market. Fortify’s solutions automate this task, making it much easier to improve security.” Anumudu notes that while a lot of time is taken to build and test software applications, not enough time is spent on security. “With Fortify 360, we are security focused from the development stage. The components identify potential vulnerabilities, suggest solutions and ensure that mistakes, innocent or deliberate backdoors built into the code, don’t occur. This applies to software developed in-house, as well as by third parties.”
Fortify also offers professional services, training developers on security issues while writing code. The company’s solution is focused on complete process improvement – throughout the software development life cycle (SDLC) – whereby existing software and processes are analysed to eliminate vulnerabilities and transform them into secure applications. The Fortify 360 suite includes a Governance module that helps an organisation’s security team understand which applications the company is running. Large organisations, especially those with many branches and international offices, have numerous applications both for internal and external functions which present a lot of potential risk. However, the module compiles a registry of all applications and categorises them according to their risk profile. Anumudu notes that Fortify has been instrumental in solidifying Software Security Assurance practices for the IT industry.
Fortify helped create the Software Assurance Maturity Model (SAMM) which gives organisations a framework for understanding, communicating and managing their software security capabilities. “This is a useful tool for companies that are new to software security. It gives them a good indication of where to start, what has worked for other organisations, and what has not.” The market is demanding enhanced security options – especially from the online commerce sector where safeguarding online financial transactions is crucial and from companies affected by legislation regarding the disclosure of data losses.
In a recent Gartner survey – Gartner Magic Quadrant for Static Application Security Testing – Fortify 360 was measured against solutions from leading software developers and was positioned as the clear leader.
About Blue Turtle
Blue Turtle Technologies provides and supports best-in-class software solutions that optimise, enhance and leverage existing IT investment and assist in the cost-effective delivery of new technology. The company offers an extensive product range, sourced through its strategic partnerships with leading local and international software providers, augmented by best-practice implementation services.
About Fortify Software, Inc.
Fortify®'s Software Security Assurance products and services protect companies from the threats posed by security vulnerabilities in business–critical software applications. Its software security suite–Fortify 360–drives down costs and security risks by automating key processes of developing and deploying secure applications. Fortify Software's customers include government agencies and FORTUNE 500 companies in a wide variety of industries, such as financial services, healthcare, e–commerce, telecommunications, publishing, insurance, systems integration and information management. The company is backed by world–class teams of software security experts and partners. More information is available at www.fortify.com or visit our blog.
Contact information:
Blue Turtle Technologies
Enquiries: Martyn Healy
Tel: 011 206 5600
Fax: 011 206 5606
www.blueturtle.co.za
