IViz Technologies - Presentation at NASSCOM Product Conclave

1

Penetration TestingEnd-To-End Automated On-Demand

Network Security Testing | Application Security Testing | Compliance Reporting

Bala Girisaballa Vice President, Head Products & Marketing

www.ivizsecurity.com

2

About iViZ

Information Security start-up with world’s only on-demand penetration testing product

USPTO patent pending technology

IDG Ventures Funded

Over 60 customers including top companies in media, financial services, government, telecom & internet domains

Global recognition by Intel, Dept. of Homeland Security, London Business School, World Economic Forum

3

Current Business Needs

Business Continuity Prevent business disruption by protecting critical IT assets

Compliance Manage ever growing compliance requirements

Brand Image Protect brand image by ensuring security of your application

& customer data

4

Ideal Solution

Penetration Testing that goes beyond simple vulnerability scanning needs to be performed frequently

John Pescatore, Gartner

The only way an organization can know its true vulnerability risks is to take a “hacker’s eye” approach to evaluate the effectiveness of its internal and external defenses

IDC

5

Current Technology Challenges

Ensuring security with manual testing is still a problem Time-intensive, effort-intensive, expensive & not scalable Difficult to keep up with over 300 new vulnerabilities discovered /

month Low testing frequency result in outdated security baselines Heterogeneous non-integrated solutions create testing complexity Prone to human errors Not comprehensive – manually finding all possible attack paths is

infeasible Ever increasing/changing compliance & regulatory requirements

6

Multi Stage Attacks

“ .. exploit multiple security weaknesses that individually are not critical, but in the aggregate, they allow an attacker to compromise business critical data ”

Gartner

7

Multi Stage Attacks

8

Kevin Mitnick – renowned hacker

9

Rest of the story..

Even a hacker is not safe from hackers!

10

How does a real one look like ?

11

iViZ Technology

Unique patent-pending penetration technology can simulate these scenarios

12


1 Intelligent Human Hacker Attacks

iViZ Technology

13



2 Replicate hackers on different machines of your network

iViZ Technology

14



2 Replicate hackers on different machines of your network

3 Attacks using community of mutually co-operating hacker agents

iViZ Technology

15

iViZ Offering : Penetration Testing

On-Demand Anytime, Anywhere, Anyhow subscription based service Round the clock protection Zero installation & maintenance overhead Lower cost-of-ownership

End-To-End Complete security lifecycle testing Comprehensive vulnerability management database Prioritization and remediation of vulnerabilities Compliance reporting Choice of manual and automated testing to cover all possibilities

Automatic Intelligent attack planning Automated exploitation Multi stage attack simulation Complete automation of security lifecycle testing

16

How It Works

On-Demand (Hosted) Penetration Testing service from our Security Operation Center

1 2 3

Schedule Scan Receive Report Fix Issues

17

Over 60 customers use iViZ

Media

Telecom

Financial Services

Government

Technology / Internet

Others

18

iViZ Recognitions

10 Hottest start-ups (2008)Business Today is a leading business magazine in India

World Economic Forum Technology Pioneers Nomination (2008)Nominated by World Economic Forum for Technology Pioneers Challenge in 2008.

Top 2 in Asia (2007)Top 6 in World (2007)Short listed in Global Security Challenge 2007 sponsored and partnered by US Department of Homeland Security, London Business School and US Navy.

Top 8 in the world (2006)Short listed to be amongst the world’s Top 8 contenders by Intel-UC Berkeley Technology Entrepreneurship Challenge 2006

Top 2 in India (2006)Intel and Department of Science and Technology selected iViZ among top 2 in India in India Innovation Pioneers Challenge

iViZ discovers new class of vulnerability; announces in Defcon (2008)Jonathon Brossard, lead security researcher & discoverer at iViZ presents it in Defcon, world’s largest security conference at Las Vegas

19

Thankswww.ivizsecurity.com

20

iViZ – netmagic Partnership

Complementing security portfolio

Value addition to clients

Co-branded Vulnerability Management Portal

Co-marketing opportunities

21

Additional Slides

22

Deliverables

Online Vulnerability Management Portal (Co- Branded) On Demand Penetration Testing On Demand Web Application Testing Unlimited Vulnerability Assessment Reports Containing:

All the Vulnerabilities Discovered The Mitigation steps of all the Vulnerabilities Compliance Reports Historical Vulnerability Trend

23

On Demand Testing – Unlimited Frequency. Automated Vulnerability and Penetration Testing

Exploitation Intelligent Attack Planning Online Vulnerability Management Portal

Automated Web Application Testing Advanced Correlation of Vulnerabilities Multi Stage Attack Simulation Prioritization and Remediation of Vulnerabilities

iViZ Technology Features

24

Current Business Challenges

Ensuring security is still a problem with heterogeneous non-integrated solutions

Ever increasing security complexity with over 300 new vulnerabilities per month

Mushrooming IT networks demanding greater protection

25

What Industry Analysts say..

IDC believes that the only way an organization can know its true vulnerability risks is to take a "hacker’s eye" approach to evaluating the effectiveness of its internal and external defenses.

IDC

Penetration Testing that goes beyond simple vulnerability Assessment should be performed regularly

Gartner

“The software has essentially productized what used to be a costly and time-intensive professional service and was done by a select few security specialists with years of experience.”

IDC about automation of penetration testing