1 Penetration Testing End-To-End Automated On-Demand Network Security Testing | Application Security Testing | Compliance Reporting Bala Girisaballa Vice President, Head Products & Marketing www.ivizsecurity.com
1
Penetration TestingEnd-To-End Automated On-Demand
Network Security Testing | Application Security Testing | Compliance Reporting
Bala Girisaballa Vice President, Head Products & Marketing
www.ivizsecurity.com
2
About iViZ
Information Security start-up with world’s only on-demand penetration testing product
USPTO patent pending technology
IDG Ventures Funded
Over 60 customers including top companies in media, financial services, government, telecom & internet domains
Global recognition by Intel, Dept. of Homeland Security, London Business School, World Economic Forum
3
Current Business Needs
Business Continuity Prevent business disruption by protecting critical IT assets
Compliance Manage ever growing compliance requirements
Brand Image Protect brand image by ensuring security of your application
& customer data
4
Ideal Solution
Penetration Testing that goes beyond simple vulnerability scanning needs to be performed frequently
John Pescatore, Gartner
The only way an organization can know its true vulnerability risks is to take a “hacker’s eye” approach to evaluate the effectiveness of its internal and external defenses
IDC
5
Current Technology Challenges
Ensuring security with manual testing is still a problem Time-intensive, effort-intensive, expensive & not scalable Difficult to keep up with over 300 new vulnerabilities discovered /
month Low testing frequency result in outdated security baselines Heterogeneous non-integrated solutions create testing complexity Prone to human errors Not comprehensive – manually finding all possible attack paths is
infeasible Ever increasing/changing compliance & regulatory requirements
6
Multi Stage Attacks
“ .. exploit multiple security weaknesses that individually are not critical, but in the aggregate, they allow an attacker to compromise business critical data ”
Gartner
7
Multi Stage Attacks
8
Kevin Mitnick – renowned hacker
9
Rest of the story..
Even a hacker is not safe from hackers!
10
How does a real one look like ?
11
iViZ Technology
Unique patent-pending penetration technology can simulate these scenarios
12
Unique patent-pending penetration technology can simulate these scenarios
1 Intelligent Human Hacker Attacks
iViZ Technology
13
Unique patent-pending penetration technology can simulate these scenarios
1 Intelligent Human Hacker Attacks
2 Replicate hackers on different machines of your network
iViZ Technology
14
Unique patent-pending penetration technology can simulate these scenarios
1 Intelligent Human Hacker Attacks
2 Replicate hackers on different machines of your network
3 Attacks using community of mutually co-operating hacker agents
iViZ Technology
15
iViZ Offering : Penetration Testing
On-Demand Anytime, Anywhere, Anyhow subscription based service Round the clock protection Zero installation & maintenance overhead Lower cost-of-ownership
End-To-End Complete security lifecycle testing Comprehensive vulnerability management database Prioritization and remediation of vulnerabilities Compliance reporting Choice of manual and automated testing to cover all possibilities
Automatic Intelligent attack planning Automated exploitation Multi stage attack simulation Complete automation of security lifecycle testing
16
How It Works
On-Demand (Hosted) Penetration Testing service from our Security Operation Center
1 2 3
Schedule Scan Receive Report Fix Issues
17
Over 60 customers use iViZ
Media
Telecom
Financial Services
Government
Technology / Internet
Others
18
iViZ Recognitions
10 Hottest start-ups (2008)Business Today is a leading business magazine in India
World Economic Forum Technology Pioneers Nomination (2008)Nominated by World Economic Forum for Technology Pioneers Challenge in 2008.
Top 2 in Asia (2007)Top 6 in World (2007)Short listed in Global Security Challenge 2007 sponsored and partnered by US Department of Homeland Security, London Business School and US Navy.
Top 8 in the world (2006)Short listed to be amongst the world’s Top 8 contenders by Intel-UC Berkeley Technology Entrepreneurship Challenge 2006
Top 2 in India (2006)Intel and Department of Science and Technology selected iViZ among top 2 in India in India Innovation Pioneers Challenge
iViZ discovers new class of vulnerability; announces in Defcon (2008)Jonathon Brossard, lead security researcher & discoverer at iViZ presents it in Defcon, world’s largest security conference at Las Vegas
19
Thankswww.ivizsecurity.com
20
iViZ – netmagic Partnership
Complementing security portfolio
Value addition to clients
Co-branded Vulnerability Management Portal
Co-marketing opportunities
21
Additional Slides
22
Deliverables
Online Vulnerability Management Portal (Co- Branded) On Demand Penetration Testing On Demand Web Application Testing Unlimited Vulnerability Assessment Reports Containing:
All the Vulnerabilities Discovered The Mitigation steps of all the Vulnerabilities Compliance Reports Historical Vulnerability Trend
23
On Demand Testing – Unlimited Frequency. Automated Vulnerability and Penetration Testing
Exploitation Intelligent Attack Planning Online Vulnerability Management Portal
Automated Web Application Testing Advanced Correlation of Vulnerabilities Multi Stage Attack Simulation Prioritization and Remediation of Vulnerabilities
iViZ Technology Features
24
Current Business Challenges
Ensuring security is still a problem with heterogeneous non-integrated solutions
Ever increasing security complexity with over 300 new vulnerabilities per month
Mushrooming IT networks demanding greater protection
25
What Industry Analysts say..
IDC believes that the only way an organization can know its true vulnerability risks is to take a "hacker’s eye" approach to evaluating the effectiveness of its internal and external defenses.
IDC
Penetration Testing that goes beyond simple vulnerability Assessment should be performed regularly
Gartner
“The software has essentially productized what used to be a costly and time-intensive professional service and was done by a select few security specialists with years of experience.”
IDC about automation of penetration testing