cap gemini pitch

SECURE CRYPTO, EVERYWHERE.

2

Cryptography is the essential technology for the security of the distributed, open IT networks needed for modern business.

ATMs

Payment Terminals

Internet of things

Blockchain

Mobile

Cloud?

3

Crypto is fragile: a tiny defect can result in complete loss of security and a massive data breach.

4

of crypto bugs are in applications, not in cryptographic library code*

crypto misuse vulnerabilities added to the Mitre CVE database 2013 - 20151806

83%of crypto flaws cannot be detected by the best performing static analysis tool**98.3%* Lazar et al, Why does Cryptographic software fail? APSys ’14** 2013 NIST SATE Evaluation

5

Cryptosense helps enterprise security teams to:

1. Discover crypto use in their IT infrastructure 2. Analyse its security3. Fix any errors found4. Automate audit reports5. Monitor ongoing security

6

!=

!=

!

Appl

icatio

n

Cryp

to L

ibra

ry

1. Tracing 2. Analysis* 3. Remediation** Either on-premise or in the cloud as SAAS

Our Analyzer tool works by tracing all calls from an application to its crypto library at run time, then analyzing these with our proprietary algorithms to detect flaws.

7

Crypto Analysis Report

RisksEach rule has detailed risk assessment information.

Failed RulesClick on a rule for more information

on risks and to see the instances.

Debug ViewLinks to stacktraces to identify where in the application the weaknesses are.Instances

Specific cases of failed rules. Can be shared, dismissed,

and starred.

CategoriesEasily view rules for each category type.

DEMO

8

SAST e.g. Fortify, Veracode

What existing tools cover...

...what Cryptosense covers.

Transport protocol configuration

Key management flaws

Insecure credential storage

Application-level protocol attacks

Weak Algorithms and Block Modes

Weak randomness

Bad nonce management

Mis-configured crypto in libraries & frameworks

Insecure interactions

DAST e.g. SSL Labs, Appscan

Poor data-at-rest protection

9

testmycrypto.comTry it for yourself

10

Current clients

ABOUT

Funding bodies

Prizes

Academic spin-off (2013)

» 3 of top 5 European Banks » 2 SIFIs (Financial Services Infrastructure Providers) » US and French government agencies

Global FinalistFuture of Finance 2015

Winner

Graham Steel, PhDCEO & Founder

11

Richard HornePhilippe LangloisRicardo Focardi Graham Steel

Cryptosense is based in Paris where we profit from a talented pool of French-educated engineers.

Co-founder of Qualys, CEO and founder of P1 Security

Partner Cyber-Security PWC, Ex Director of Cyber Security at Barclays Bank

Founders & Advisors

CEO Chief Scientist Advisor AdvisorWorld-renowned applied crypto researcher

Prof at University of Venice in Formal Analysis of Crypto