Penetration Testing End-To-End Automated On-Demand Network Security Testing | Application Security Testing | Compliance Reporting Bala Girisaballa Vice President, Head Products & Marketing www.ivizsecurity.com

About iViZ Information Security start-up with world’s only on-demand penetration testing product USPTO patent pending technology IDG Ventures Funded Over 60 customers including top companies in media, financial services, government, telecom & internet domains Global recognition by Intel, Dept. of Homeland Security, London Business School, World Economic Forum

Current Business Needs Business Continuity Prevent business disruption by protecting critical IT assets Compliance Manage ever growing compliance requirements Brand Image Protect brand image by ensuring security of your application & customer data

Business Continuity

Prevent business disruption by protecting critical IT assets

Compliance

Manage ever growing compliance requirements

Brand Image

Protect brand image by ensuring security of your application & customer data

Ideal Solution Penetration Testing that goes beyond simple vulnerability scanning needs to be performed frequently John Pescatore, Gartner The only way an organization can know its true vulnerability risks is to take a “hacker’s eye” approach to evaluate the effectiveness of its internal and external defenses IDC

Current Technology Challenges Ensuring security with manual testing is still a problem Time-intensive, effort-intensive, expensive & not scalable Difficult to keep up with over 300 new vulnerabilities discovered / month Low testing frequency result in outdated security baselines Heterogeneous non-integrated solutions create testing complexity Prone to human errors Not comprehensive – manually finding all possible attack paths is infeasible Ever increasing/changing compliance & regulatory requirements

Ensuring security with manual testing is still a problem

Time-intensive, effort-intensive, expensive & not scalable

Difficult to keep up with over 300 new vulnerabilities discovered / month

Low testing frequency result in outdated security baselines

Heterogeneous non-integrated solutions create testing complexity

Prone to human errors

Not comprehensive – manually finding all possible attack paths is infeasible

Ever increasing/changing compliance & regulatory requirements

Multi Stage Attacks “ .. exploit multiple security weaknesses that individually are not critical, but in the aggregate, they allow an attacker to compromise business critical data ” Gartner

“ .. exploit multiple security weaknesses that individually are not critical, but in the aggregate, they allow an attacker to compromise business critical data ”

Multi Stage Attacks

Kevin Mitnick – renowned hacker

Rest of the story.. Even a hacker is not safe from hackers!

How does a real one look like ?

iViZ Technology Unique patent-pending penetration technology can simulate these scenarios

Unique patent-pending penetration technology can simulate these scenarios 1 Intelligent Human Hacker Attacks iViZ Technology

iViZ Technology Unique patent-pending penetration technology can simulate these scenarios 1 Intelligent Human Hacker Attacks 2 Replicate hackers on different machines of your network

iViZ Technology Unique patent-pending penetration technology can simulate these scenarios 1 Intelligent Human Hacker Attacks 2 Replicate hackers on different machines of your network 3 Attacks using community of mutually co-operating hacker agents

iViZ Offering : Penetration Testing On-Demand Anytime, Anywhere, Anyhow subscription based service Round the clock protection Zero installation & maintenance overhead Lower cost-of-ownership End-To-End Complete security lifecycle testing Comprehensive vulnerability management database Prioritization and remediation of vulnerabilities Compliance reporting Choice of manual and automated testing to cover all possibilities Automatic Intelligent attack planning Automated exploitation Multi stage attack simulation Complete automation of security lifecycle testing

On-Demand

Anytime, Anywhere, Anyhow subscription based service

Round the clock protection

Zero installation & maintenance overhead

Lower cost-of-ownership

End-To-End

Complete security lifecycle testing

Comprehensive vulnerability management database

Prioritization and remediation of vulnerabilities

Compliance reporting

Choice of manual and automated testing to cover all possibilities

Automatic

Intelligent attack planning

Automated exploitation

Multi stage attack simulation

Complete automation of security lifecycle testing

How It Works On-Demand (Hosted) Penetration Testing service from our Security Operation Center 1 2 3 Schedule Scan Receive Report Fix Issues

Over 60 customers use iViZ Media Telecom Financial Services Government Technology / Internet Others

iViZ Recognitions 10 Hottest start-ups (2008) Business Today is a leading business magazine in India World Economic Forum Technology Pioneers Nomination (2008) Nominated by World Economic Forum for Technology Pioneers Challenge in 2008. Top 2 in Asia (2007) Top 6 in World (2007) Short listed in Global Security Challenge 2007 sponsored and partnered by US Department of Homeland Security, London Business School and US Navy. Top 8 in the world (2006) Short listed to be amongst the world’s Top 8 contenders by Intel-UC Berkeley Technology Entrepreneurship Challenge 2006 Top 2 in India (2006) Intel and Department of Science and Technology selected iViZ among top 2 in India in India Innovation Pioneers Challenge iViZ discovers new class of vulnerability; announces in Defcon (2008) Jonathon Brossard, lead security researcher & discoverer at iViZ presents it in Defcon, world’s largest security conference at Las Vegas

Thanks www.ivizsecurity.com

iViZ – netmagic Partnership Complementing security portfolio Value addition to clients Co-branded Vulnerability Management Portal Co-marketing opportunities

Complementing security portfolio

Value addition to clients

Co-branded Vulnerability Management Portal

Co-marketing opportunities

Additional Slides

Deliverables Online Vulnerability Management Portal (Co- Branded) On Demand Penetration Testing On Demand Web Application Testing Unlimited Vulnerability Assessment Reports Containing: All the Vulnerabilities Discovered The Mitigation steps of all the Vulnerabilities Compliance Reports Historical Vulnerability Trend

Online Vulnerability Management Portal (Co- Branded)

On Demand Penetration Testing

On Demand Web Application Testing

Unlimited Vulnerability Assessment

Reports Containing:

All the Vulnerabilities Discovered

The Mitigation steps of all the Vulnerabilities

Compliance Reports

Historical Vulnerability Trend

On Demand Testing – Unlimited Frequency. Automated Vulnerability and Penetration Testing Exploitation Intelligent Attack Planning Online Vulnerability Management Portal Automated Web Application Testing Advanced Correlation of Vulnerabilities Multi Stage Attack Simulation Prioritization and Remediation of Vulnerabilities iViZ Technology Features

On Demand Testing – Unlimited Frequency.

Automated Vulnerability and Penetration Testing

Exploitation

Intelligent Attack Planning

Online Vulnerability Management Portal

Automated Web Application Testing

Advanced Correlation of Vulnerabilities

Multi Stage Attack Simulation

Prioritization and Remediation of Vulnerabilities

Current Business Challenges Ensuring security is still a problem with heterogeneous non-integrated solutions Ever increasing security complexity with over 300 new vulnerabilities per month Mushrooming IT networks demanding greater protection

Ensuring security is still a problem with heterogeneous non-integrated solutions

Ever increasing security complexity with over 300 new vulnerabilities per month

Mushrooming IT networks demanding greater protection

What Industry Analysts say.. IDC believes that the only way an organization can know its true vulnerability risks is to take a "hacker ’ s eye" approach to evaluating the effectiveness of its internal and external defenses. IDC Penetration Testing that goes beyond simple vulnerability Assessment should be performed regularly Gartner “ The software has essentially productized what used to be a costly and time-intensive professional service and was done by a select few security specialists with years of experience.” IDC about automation of penetration testing

IDC believes that the only way an organization can know its true vulnerability risks is to take a "hacker ’ s eye" approach to evaluating the effectiveness of its internal and external defenses.

IDC

Penetration Testing that goes beyond simple vulnerability Assessment should be performed regularly

Gartner

“ The software has essentially productized what used to be a costly and time-intensive professional service and was done by a select few security specialists with years of experience.”

IDC about automation of penetration testing