On Demand Penetration Testing Applications Networks Compliance.

Transcription

1 On Demand Penetration Testing Applications Networks Compliance

2 About iviz Security Information Security company with industry s first on-demand penetration testing solution using unique patent pending technology Funded by USD 4 Billion IDG Ventures (whose portfolio include Netscape and MySpace) Strong research team discovered new vulnerabilities in Microsoft, Intel, HP, Lenovo, McAfee, AVG and several others Customers from broad range of markets inlcuding media, telecom, financial services, Internet/web etc., Global recognitions by Intel, US Dept. of Homeland Security, London Business School, World Economic Forum

3 Why Security is a big concern today for businesses The Solution iviz On Demand Security Testing Solution About iviz

4 BUSINESSES ARE CONCERNED ABOUT SECURITY

5 Why Businesses Need Security? Business Continuity Manage Compliance Protect Brand Prevent business disruption by protecting critical IT assets Manage ever growing compliance requirements PCI, ISO-27001, SOX, HIPAA Ensure safety of your application and confidential customer data

6 Security Spending Is Increasing 13.1B 10.5B

7 Threat Landscape Is Increasing Too!

8 Security Breaches Are Increasing Even More!! 5863 Source: CERT-IN 2007

9 Even Secure Organizations Are Not Safe!

10 Security Challenges In Telecom Network Complexity: Heterogeneous non-integrated solutions make security landscape complex Network convergence & complexity makes security management challenging Open Infrastructure: Integration to VAS, Partners & Customer networks introduces new 3 rd party external vulnerabilities Emerging Technologies Threats: Recently introduced mobile payment technologies compound security exposure

11 Security Threats in Telecom Network Mobile Device Application Threats Wireless Link Threats Mobile Infrastructure Threats 3 rd party/ E- Commerce/Exte rnal Threats Mobile Network Internet Towers Mobile client Wireless Gateway Transaction Server Merchant

12 Attack Points in Telecom Pay Cycle Customer Merchant M-Commerce Server Customer Registers (Ph.#, PIN, Username, Password) Merchant Authenticates Customer (Transaction Details) Info Confirmation (Authentication Info & Payment/Merchant) MACD (Add charge to bill/prepaid a/c) Customer Charged (Phone Bill Deducted)

13 HOW TO ENSURE SECURITY?

14 How To Ensure That You Are Secure?..deeper penetration testing is now needed to augment existing vulnerability management processes, especially in light of the rising level of targeted attacks.

15 Challenges in Traditional Penetration Testing Not Comprehensive Manually finding all possible attack paths is not feasible Non-standardized and prone to human errors Low ROI Despite significant investments in penetration testing, infrequent test schedules makes it useless with very little ROI Time Intensive & Expensive Longer engagement process & turn around time Not-Scalable & Irregular Dependency on human experts Continuous IT footprint changes & new vulnerability discoveries makes it ineffective

16 Challenge: Multi-Stage Attacks Are Hard To Detect.. exploit multiple security weaknesses that individually are not critical, but in the aggregate, they allow an attacker to compromise business critical data

17 Challenge: Non-Critical Vulnerabilities Are More Harmful! Critical Server Non-Critical Server Harmless Critical Vulnerabilities Harmful Non-Critical Vulnerabilities

18 THE SOLUTION

19 The Solution iviz On Demand Security Testing Solution Applications Networks Compliance Comprehensive Cost-Effective On Demand

20 iviz Technology Solves The Problem Technology to Simulate/Emulate Community of Mutually Co-operative Self Replicating Intelligent Human Hacker

21 iviz Attack Simulation Technology Detects all multi-stage attack paths!

22 iviz On Demand Solution On Demand Application Penetration Testing Covers all OWASP web application vulnerabilities Expert Validation along with automated scanning Business logic verification Threat Modeling On Demand Network Penetration Testing Comprehensive vulnerability coverage including data-inmotion leakages Detection of attack paths missed by even in traditional testing Appliance deployed within your network for internal testing Expert validation along with automated exploitation On Demand Compliance Reporting PCI ISO SOX HIPAA

23 Security Solution For Telecom Wireless (WLAN) penetration Test Cellular Technology Security Test WID Testing Mobile Service provider User Application Application Penetration Testing Fraud Management Testing Mobile Portal Provider Content Aggregation Web services security Testing Functional Security Testing Content Developer Personalization Support Source Code Review Application Integration Testing Mobile App Vulnerability Test Application Developer Presentation Service Product Security Testing Black Box Penetration Test Security Policy Audit Application Platform Vendor Transaction Support Infrastructure and Equipment Vendor Basic Enabling Service Technology Platform Vendor Transport

24 iviz Solution Benefits On Demand Comprehensive Cost-Effective Flexible scheduling using secure on-demand portal Access to reports online or by encrypted On-line vulnerability management dashboard Detection of attack paths otherwise missed out in traditional testing Elimination of false positives & prioritization of real threats Access to zero-day vulnerability research Monthly / Quarterly Subscription Low cost of ownership Higher ROI & continuous security

25 On-Demand Penetration Test: How It Works? LOG ON TO ONLINE PORTAL SCHEDULE TEST FROM ONLINE PORTAL TEST CONDUCTED AUTOMATICALLY VIEW REPORTS ONLINE OR BY ENCRYPTED iviz Remote Security Operation Center Customer Network On-Demand Portal Internet Secure iviz Scan Cluster

26 On-Demand Portal Regular Scan Schedule

27 On-Demand Portal Dashboard

28 On-Demand Portal - Reports

29 CASE STUDIES

30 Case Study Customer: Indian Telecom Major Problem: Launching a new mobile payment service Security threats of mobile payment service iviz Solution: Conducted in-depth penetration testing of the mobile payment system & its deployment Results: Detected security gaps & helped fix them Validation retesting to ensure fixes closed the gaps

31 Case Study Customer: Indian Telecom Major Problem: Integrating a new solution of VAS vendor Security of the solution & integration iviz Solution: Conducted in-depth penetration testing of the application, integration points & infrastructure Results: Detected security gaps & helped fix them. Post fix validation done to ensure gap closure Next step is to test more than 200 other applications

32 Case Study Customer: Global Telecom Major Problem: Security challenges on their corporate website iviz Solution: In-depth penetration testing of the application & the website Results: Detected security gaps in the online portal & helped fix them. Post fix validation done to ensure gap closure Regular test to be conducted to ensure continuous security

33 Case Study Customer: Revenue Assurance (RA) Solution Company Problem: Security of their solution needed to be tested before their telecom customer can integrate with them Solution: iviz in-depth penetration testing of the solution & the integration points with the telecom network Results: Detected vulnerabilities & helped remediate them On-going security testing to guarantee security to their customers

34 Why They Chose iviz iviz unique technology Comprehensive attack simulation Globally recognized technology Expertise Research team which discovered vulnerabilities in global products On Demand Anytime, Anywhere Scalable Fast iviz technology can match the large scale requirements in terms of tests & frequency Faster than traditional solutions

35 ABOUT IVIZ THE COMPANY BEHIND ON DEMAND SECURITY TESTING

36 Global Recognitions For Technology Top 4 Emerging Product Company (2008) Top 100 in Asia (2008) 10 Hottest start-ups (2008) World Economic Forum Technology Pioneers Nomination (2008) Top 2 in Asia (2007) Top 6 in World (2007) Top 8 in the world (2006) Top 2 in India (2006)

37 One Step ahead of hackers: iviz discoveries iviz Vulnerability Research Team has consistently discovered numerous security vulnerabilities for the first time in the world Discovered multiple vulnerabilities in the hard disk encryption products Discovered multiple vulnerabilities in the BIOS of products Discovered multiple vulnerabilities in Antivirus products

38 iviz Research Widely Covered By Global Media Encrypting hard disk is not safe. New vulnerability discovered by iviz affects Microsoft, Intel, HP and Others New vulnerability discovered by iviz affects Microsoft, Intel, HP and Others 10 Hottest Start-ups IDG Ventures invests $ 2.5 Mil to Enable iviz Expand Operations iviz Solutions Aim to Put Hackers Out of Work Keeping a digital vigil

39 Customers Across Broad Industries Media/Internet Telecom Financial Services Government Technology / Others

40 Thanks Bala Girisaballa Vice President, Head of Products & Marketing On Demand Penetration Testing Applications Networks Compliance