Assess. Monitor. Analyze. Respond. Security Testing at its best

Transcription

1 Assess. Monitor. Analyze. Respond. Security Testing at its best

2 Securing your business, one loophole at a time Aleph Tav Technologies offers security risk assessments and penetration testing services across platforms and frameworks, flexible and scalable to suit every specific need. We specialize in comprehensive threat defense, analysis and remediation. Our vision is to help people and enterprises embrace technology whilst being fully aware of the dangers it could pose to their credibility and business Services we specialize in Vulnerability Assessment Penetration Testing Managed SIEM User Profiling and Anti-phishing Campaigns

3 Domains Web and Mobile Applications Enterprise Networks Cloud, Big Data and IoT SCADA, ICS and HMI systems Legacy Modernization Specialized Services for Mergers and Acquisitions

4 Security Information Management Suite Managed Security by Aleph Tav Technologies PERPETUAL THREAT DEFENSE and MANAGEMENT 24x7 event monitoring for malicious traffic, threat detection, analysis and remediation. Threat Detection Intrusion Detection Host Intrusion Detection Threat Analysis Ransomware Detection Advanced Persistent Threat (APT) detection PERIMETER SECURITY Real-time security status monitoring for networked assets, assessed against intelligent, purpose-built criteria. Automated Asset Discovery and Monitoring Behavioral Monitoring Rogue Connection Monitoring SECURITY INFORMATION & EVENT MANAGEMENT System event log coordination and analysis for contextual attack behavior profiling. 24 /7 Security Event Management and Monitoring Threat Intelligence

5 Services On-demand Vulnerability Assessment & Remediation Identify, prioritize and rectify vulnerabilities in specific assets or network segments on regular intervals or ad-hoc. VULNERABILITY MANAGEMENT COMPLIANCE MANAGEMENT Automated status monitoring for compliance-readiness. Manage requirements, tasks and alerts. Vulnerability Scanning and Reporting Flexible, instant scanning and penetration testing that provides pragmatic direction for risk mitigation. PCI DSS HIPAA ISO 27001/27002 EI3PA RFC 2196 ETSI TC CYBER GPG13 GLBA/FFIEC Protective Monitoring IASME NERC CIP

6 Service: Mobile Application Security Testing Mobile-based services are rapidly changing the way today s businesses present their offerings to their customers. Mobile applications routinely attract scores of cyber attackers with an intent to steal user credentials and confidential data or to wreak havoc on your app pages. Aleph Tav s Vulnerability Assessment and Pentesting will help you safeguard your application by sniffing out every minute disparity in the technical and logical framework. Process Abridgement Test Plan, assumptions, dependencies and goals Threat Model, risk rating Vulnerability Assessment Static and Dynamic methods. Application-centric analysis of third party vendor channels Exploit Administration - Manual and Automated scripts Reports & Recommendations Extensive analysis and threat intelligence reports by our team of experts. Insights into security configuration strength of third party APIs and payment gateways Technical assistance in protecting and monitoring the security posture of your data assets Approach that eliminates threats by raising the threshold for potential modes of intrusion.

7 Service: Web Application Security Testing Web applications have been the most common targets for cyber criminals ever since enterprises made the transition to the virtual space for connecting with customers. Websites attract adverse attacks like cross-site scripting, SQL injection and a host of other threats to credibility and confidentiality. Aleph Tav helps you secure your virtual site from imminent attacks by detecting contextual vulnerabilities that give leeway to a range of attack vectors. Process Abridgement Test Plan, assumptions, dependencies and goals Threat Model, risk rating Vulnerability Assessment - Checks Authorization, Cryptography, Client-side Injection, etc Exploit Administration - Manual and Automated scripts Reports & Recommendations Highly evolved process and constantly updated cyber attack databases Tried and tested methodology based on best practices Process conforms to global standards OWASP, NIST & SANS Server-side misconfigurations are addressed Behavior Profiling reports that support measures to instill due diligence.

8 Service: Enterprise Network Security Testing Monitoring corporate workplace networks, be it physical or cloud-based, can be quite daunting when it comes to sealing your perimeter against real world cyber threats. Managing access control lists in the face of rapidly changing business spheres can often result in negligent user (employee) behavior, the number one cause for breaches in enterprise data servers. Pre-engagement - Identifying scope and access limits, need for black or white box testing methodology Intelligence gathering -Non-intrusive study of target system using manual and automated tools Our testing and scanning processes are meticulously planned and executed to ensure uninterrupted availability of systems for your enterprise operations. We strive to demonstrate to clients the indispensability of a pervasive vulnerability assessment with a well-documented Proof of Concept detailing the severity and volume of impact of every identified threat Enumeration and Vulnerability Scanning - Active probing to identify open ports, map router rules, OS framework, etc. Exploit Administration - Running manual and automated scripts to check penetrability Reports and Review - Analytics and observations to support social engineering Web-based interfaces of Enterprise Software are appraised for vulnerabilities Reports help in understanding asset criticality and its classification Assistance in managing the security of your IT infrastructure

9 Service: Enterprise Risk Assessment for Phishing Attacks Phishing Scams are one of the most notorious attack vectors that target employees connected over an internal corporate network. Often, one click is all it takes for spyware and other malicious code to infiltrate systems and critical servers. Companies around the world lose around $144 million per attack and the impact could be in any form ranging from loss of employee credentials and privileged information to manipulation of mission-critical devices and control systems. The best way to deal with this organized cyber crime is a vigilant workforce and a fine-tuned filtering system. Aleph Tav evaluates your posture against cyber crime with an investigative study of how prudent and cautious your employees are on the cyber space. We do this by launching pseudo phishing attacks that are controlled and harmless. First tier test: Launched through the internal enterprise server to a group of employees. carries a link redirecting to an educative content on phishing. Second tier test: Also launched through the internal server to employees, mimics a regular, official system login page but redirects to a cloned, phony login page. This uncovers the ratio of employees who would be entrapped in a real-time phishing attack. Conclusive test attack: Launched from an external web server, carrying information aimed at social engineering.

10 Service: Security Testing for IoT and connected devices Cloud storage and computing services are susceptible to attacks of cyber warfare and data theft of monstrous proportions. The Big Data reservoirs exchange real-time data with a myriad of connected devices that introduce several points of entry for malware and backdoor attacks when data is at rest and in transit. Parameters of IoT Security Risk Assessment Hardening services running on connected devices -based on analysis of device s design components and communication protocols Assessing Cryptography for data at rest and data in motion Optimizing Authentication and Authorization for communication between devices and the cloud platform Appraising security posture of the cloud storage/service Securing the channels to the web and mobile applications accessing cloud data

11 Service: Security Testing for SCADA, ICS and HMI systems Industrial automation systems that comprise control dashboards perform critical tasks on critical infrastructure. Integration of these systems with corporate networks using network protocols introduces security threats into the infrastructure. We perform systemic assessments to detect and offset contextual security flaws brought about by unchecked exposure, obsolete operating systems, interconnectivity, complex structuralism and so on. Aspects of Assessment Port Scanning System Fingerprinting Services Probing Exploit Research Simulated Vulnerability Testing and Verification Configuration Strength Testing and Verification Administrator Privileges Escalation Testing Password Strength Testing Network /UTM Security Controls Testing Parameters assessed: Perimeter Control Network Architecture Policies, Procedures and Permissions Host Security

12 Why choose us Assessing the security posture for IT infrastructure requires the kind of industry-specific, sophisticated knowledge of risks and attack vectors that our professionals are poised to deliver. Security Assessment is not a one-size-fits-all capsule. Large company or startup, we deliver scalable and custom-built service packages and flexible engagement models based on a candid need assessment. Our services are evolved and fine-tuned to keep up with advancing cyber threats while our processes always conform to globally-recognized standards We strive to optimize costs through self-sufficiency. We help eliminate redundant costs and effort on multiple, ad hoc and isolated implements Timely detection and timed status reviews can save counteraction costs. We prepare analytical reports to ensure compliance and more importantly, maintenance of critical security parameters. Our security professionals can work as your extended Centre of Continued Excellence ensuring economy of scope and undertake social engineering projects for your enterprise.

13 Who we are Aleph Tav Technologies is a security testing service provider founded in 2015 and headquartered in Chennai, India. We assess security risk and cyber readiness of enterprises and applications. Our vision is to help people and enterprises embrace technologies whilst being completely aware of the dangers it can pose to their business and credibility Managed SIEM 24x7 Threat Protection Application Security Testing User Behavior Profiling Our Capabilities Certifications Network Pentesting SCADA & IoT Security Assessment Vulnerability Management Compliance Consulting CEH Certified Ethical Hacking CHFI Certified Hacker and Forensic Investigator HDS- Hitachi Data Systems CPISI-Certified Payment Card Industry Security Implementer Our engagement models For organizations -Flexible assessment schedules and time frames -Validation for mobile app launches and digital initiatives - Assistance in user behavior analysis and sensitization Application Penetration Security Our Tools Expertise Xenotix Framework, Sql ninja, Havij, Sql map, XSS Me, Netsparker, Burp suite,firebug, Mantra frameworketc, ZAP Proxy & W3AF For service providers -Extended center of excellence for the apps you develop and web solutions you offer. -Preemptive guidance for secure software development. For startups -Cost-efficient, scalable solutions for small enterprises Network Penetration testing Mobile Penetration testing Packet Analysis Nmap, Nessus, Metasploit Framework, DNS enumeration tools, Armitage, Nipper, OllyDbg etc. AppUse, Drozer, smali, Dex2Jar Wireshark and Fiddler

14 Follow us on We are just a phone call away You can your queries to enquiries@alephtavtech.com Visit to learn more A L E P H T A V TECHNOLOGIES 2E, Gee Gee Emerald 312 Village Road, Nungambakkam Chennai , India