Your SlideShare is downloading. ×
0
V-Empower Services And Solutions
V-Empower Services And Solutions
V-Empower Services And Solutions
V-Empower Services And Solutions
V-Empower Services And Solutions
V-Empower Services And Solutions
V-Empower Services And Solutions
V-Empower Services And Solutions
V-Empower Services And Solutions
V-Empower Services And Solutions
V-Empower Services And Solutions
V-Empower Services And Solutions
V-Empower Services And Solutions
V-Empower Services And Solutions
V-Empower Services And Solutions
V-Empower Services And Solutions
V-Empower Services And Solutions
V-Empower Services And Solutions
V-Empower Services And Solutions
V-Empower Services And Solutions
V-Empower Services And Solutions
V-Empower Services And Solutions
V-Empower Services And Solutions
V-Empower Services And Solutions
V-Empower Services And Solutions
V-Empower Services And Solutions
V-Empower Services And Solutions
V-Empower Services And Solutions
V-Empower Services And Solutions
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

V-Empower Services And Solutions

210

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
210
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Transcript

    1. Security Services and Solutions Enabling Secure Business
    2. <ul><li>Mission: </li></ul><ul><ul><li>To provide state-of-the-art security solutions and services to customers employing in-depth research, comprehensive analysis and knowledge share. </li></ul></ul><ul><li>Vision: </li></ul><ul><ul><ul><ul><li>To produce innovative security products and provide superior consulting services for enabling secure computing and business. </li></ul></ul></ul></ul>Introduction
    3. <ul><li>V-Empower is global solutions and services company established 2000 </li></ul><ul><ul><li>North America: </li></ul></ul><ul><ul><ul><li>Bowie, Maryland USA </li></ul></ul></ul><ul><ul><ul><li>Seattle, Washington USA </li></ul></ul></ul><ul><ul><ul><li>Los Angeles, California USA </li></ul></ul></ul><ul><ul><ul><li>Maple, Ontario Canada </li></ul></ul></ul><ul><ul><li>Europe: </li></ul></ul><ul><ul><ul><li>London, United Kingdom </li></ul></ul></ul><ul><ul><li>Asia Pacific </li></ul></ul><ul><ul><ul><li>Beijing, China </li></ul></ul></ul><ul><ul><li>South East Asia </li></ul></ul><ul><ul><ul><li>Hyderabad, India </li></ul></ul></ul>Company Profile
    4. Company Profile <ul><li>V-Empower saw a 206 % increase in revenue in 2006 </li></ul><ul><li>Our security team consists of highly talented industry experts </li></ul><ul><li>Providers of security services and solutions to the worlds largest software company </li></ul>
    5. Services Infrastructure Security <ul><li>Penetration Testing Network Infrastructure </li></ul><ul><li>Configuration Review of Infrastructure Devices </li></ul><ul><li>Design and Deploy Secure Infrastructure Solutions </li></ul>Application Security <ul><li>Black Box Assessments (Penetration Testing) </li></ul><ul><li>White Box Assessments (Detailed Code Reviews) </li></ul><ul><li>Threat Analysis and Modeling </li></ul><ul><li>Security Research and Development </li></ul>Security Program Development <ul><li>Resource Integration </li></ul><ul><li>Integrating Security into Systems Development Lifecycle (SDLC) </li></ul><ul><li>Security Policy and Standards Development </li></ul><ul><li>Security Program Analysis </li></ul>Training Services <ul><li>Secure Application Development </li></ul><ul><li>Application Source Code Auditing </li></ul><ul><li>Threat Analysis and Modeling </li></ul><ul><li>Application Security Awareness </li></ul>
    6. Comprehensive Penetration Services <ul><li>Typical Penetration Tests consist of arbitrary approaches </li></ul>
    7. Comprehensive Penetration Services <ul><li>Systematic Approach </li></ul><ul><li>Comprehensive Services </li></ul><ul><li>Environment Specific </li></ul><ul><li>Threat Evaluation </li></ul><ul><li>Assets Driven Assessment </li></ul><ul><li>Vulnerability Analysis </li></ul><ul><li>Comprehensive Reporting </li></ul><ul><li>Recommendations and Validation </li></ul>
    8. Comprehensive Penetration Services <ul><li>Assurance on effective controls </li></ul>
    9. Systematic Approach
    10. Design And Architecture Review <ul><li>Background Analysis (Business Functionality) </li></ul><ul><li>Design Documentation (Architecture Diagram) </li></ul><ul><li>Asset Identification (Data Flow Diagrams) </li></ul><ul><li>Review Design and Architecture </li></ul>
    11. Threat Analysis and Modeling <ul><li>Review Threat Models </li></ul><ul><li>Environment Decomposition </li></ul><ul><li>Asset Identification (Data, Functionality, etc) </li></ul><ul><li>Operating Procedures Identification (Use Cases) </li></ul><ul><li>Threat Identification (Based on Assets and Operations) </li></ul>
    12. Comprehensive Assessment
    13. Comprehensive Assessment Identify Technologies Involved
    14. Host Assessment Default Configs Protocols Access Control Default Configs Services Patches
    15. Application Layer Assessment AuthN Protocol Elevation of Privileges Logging XSS, XRSF, RI, SQL Injection, BO Resources Cryptography Information D AuthZ Bypass DOS, Deface
    16. Network Layer Assessment Firewall, IDS, etc Perimeter Cntrls Fuzz Testing Standard Eval Network Security Best Practices.
    17. Risk Analysis and Reporting <ul><li>Risk Analysis </li></ul><ul><ul><ul><li>Evaluation of each vulnerability to assess true risk to an environment. </li></ul></ul></ul><ul><ul><ul><li>Risk is reported based on a matrix which evaluates the following keys factors </li></ul></ul></ul><ul><ul><ul><ul><li>Vulnerability classification (STRIDE - CIA) </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Classification of Asset </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Probability of Exploit </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Impact of Exploit </li></ul></ul></ul></ul>
    18. Risk Analysis and Reporting <ul><li>All vulnerabilities are given the following Severity Ratings: </li></ul>
    19. Severity Ratings <ul><li>Critical : Impact of vulnerability can compromise multiple applications/across organization boundaries. Recommend immediate mitigation. </li></ul><ul><li>High : Impact of vulnerability can compromise application with limited cross organization impact. Recommend priority in mitigation. </li></ul><ul><li>Medium : Best Practice & should be fixed with in next version release. </li></ul><ul><li>Low : Recommended best practice with low priority for mitigation. </li></ul>
    20. Risk Analysis and Reporting <ul><li>Title </li></ul><ul><li>Severity </li></ul><ul><li>Explanation of Issue </li></ul><ul><li>Explanation of Impact </li></ul><ul><ul><ul><li>Real life attack scenario </li></ul></ul></ul><ul><li>Proof of concept exploit </li></ul><ul><li>Recommendations for Remediation </li></ul><ul><li>Validation Steps </li></ul><ul><li>References </li></ul>
    21. Analysis and Reporting <ul><li>Critical </li></ul><ul><li>High </li></ul><ul><li>Medium </li></ul><ul><li>Low </li></ul>
    22. Acknowledgements <ul><li>What controls are effective which were tested. </li></ul><ul><ul><li>Break down of the controls which effectively guard the environment against different threat types. </li></ul></ul>
    23. Incremental Reviews <ul><li>Due to the in-dept Analysis performed at the first iteration of the assessment, any update and changes can be reviewed incrementally following the same approach. </li></ul>
    24. Future Follow-up <ul><li>Establish future touch points or additional services required in relation to an assessment. </li></ul>
    25. Our Team <ul><li>V-Empower Security Team (VST) consist of 27 consultants world wide providing services to Fortune 100 companies </li></ul><ul><li>VST’s methodology and services have been incorporated by many clients </li></ul><ul><li>VST’s has been featured in Microsoft’s Information Security Newsletter </li></ul>
    26. <ul><li>Publications </li></ul><ul><ul><li>Advances in Forensics </li></ul></ul><ul><ul><li>Intro to Exploits Coding </li></ul></ul><ul><ul><li>Forensics with Open Source Software </li></ul></ul><ul><ul><li>Pen Testing Tools Development </li></ul></ul><ul><ul><li>Pen Testing Methodologies </li></ul></ul><ul><ul><li>Exploits Coding Techniques </li></ul></ul><ul><ul><li>Real Life VulnDev Process of a Win32 Stack Buffer Overflow </li></ul></ul><ul><ul><li>Vulnerability Development on Linux and Win32 </li></ul></ul><ul><ul><li>Elevation of Privileges in Thick Clients </li></ul></ul><ul><li>Presentations </li></ul><ul><ul><li>Antivirus (In)Security (Black Hat Europe 2007) </li></ul></ul><ul><ul><li>Vulnerability Development under Unix and Win32 (CIH2K5, International Hackers Congress 2005) </li></ul></ul><ul><ul><li>Introduction to Exploits Coding (InfoSecurity 2004) </li></ul></ul><ul><ul><li>Automated Pen testing Tools Development (GCon III) </li></ul></ul>Project Portfolio
    27. Clients
    28. Testimonials V-Empower Inc is the preferred Security Vendor for Microsoft. Testimonials … your team is the best in the business. - Todd Kutzke ( Director , Microsoft) Another nice example of how good a job V-Empower is doing….extend my compliments to your team for the quality of their support and making sure our customers see the value of the services we provide… - Shawn Veney ( Manager , ACE Team, Microsoft) Thank you! It’s outstanding that we had someone who actually knows about Email.   - Yaron Goland ( PRINCIPAL PROGRAM MANAGER , MSN) “ Quoted in relation to a vulnerability.”
    29. Future Value Add to Wamu <ul><li>Methodology Knowledge Share </li></ul><ul><li>Resource Augmentation </li></ul><ul><li>Off shore development </li></ul><ul><li>Code Reviews </li></ul><ul><li>General Security Consulting </li></ul>

    ×