• Save
iViZ Security : On Demand Penetration Testing
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

iViZ Security : On Demand Penetration Testing

  • 3,271 views
Uploaded on

iViZ is an Information Security company funded by IDG Ventures which offers the industry's first on-demand (SaaS based), end-to-end, automated Penetration Testing (Ethical Hacking). ...

iViZ is an Information Security company funded by IDG Ventures which offers the industry's first on-demand (SaaS based), end-to-end, automated Penetration Testing (Ethical Hacking).

As a leading network security company,iViZ Security has developed the world's first tool to simulate human hacker intelligence to detect all possible paths of attack in a system / network and also suggest suitable remedies. This disruptive technology transforms the way security is tested and brings in "the hacker's eye view" - providing higher efficiency and ensuring better protection for organizations, governments and users from the rising internet threats.

Using this technology, iViZ provides On-Demand Penetration Testing for proactive security audit risk management and compliance for standards such as SOX, PCI, HIPAA or ISO 27001. The Software-as-a-Service model provides anytime, anywhere and anyhow security testing capability to customers & eliminates the pain associated with the conventional manual security testing which is time-intensive, expensive and not comprehensive.

More in: Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
3,271
On Slideshare
3,208
From Embeds
63
Number of Embeds
5

Actions

Shares
Downloads
0
Comments
0
Likes
1

Embeds 63

http://members.nasscom.in 31
http://www.onlineprnews.com 15
http://www.slideshare.net 11
http://memberdirectory.nasscom.in 5
http://www.lmodules.com 1

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. On Demand Security Testing Overview www.ivizsecurity.com An IDG Ventures Company
  • 2. iViZ Industry’s First On Demand Penetration Testing Company
  • 3. Industry’s First On Demand Penetration Testing Solution Subscription based security testing solution for applications, networks & compliance provides demand, comprehensive and cost-effective coverage IDG Ventures Funded A top tier venture firm with over $4 Bil. investment whose portfolio include Netscape and MySpace Research Recognitions Strong vulnerability research team credited with vulnerability discovery in products of Microsoft, Intel, McAfee, IBM, AVG etc., Technology Recognitions Globally recognitions from US Dept. of Homeland Security, Intel, World Economic Forum, Red Herring, London Business School etc., Strong Customer Adoption Large enterprises across various industry domains like Media, Web, E-Commerce, Banking, Telecom, Government, Technology and others About iViZ
  • 4. Security Challenges Businesses Face
  • 5. Security Challenges Businesses Face Today Business Continuity Compliance Management Brand Protection
      • Prevent business disruption by protecting critical IT assets
      • Manage ever growing compliance requirements
      • PCI, ISO-27001, SOX, HIPAA
      • Ensure safety of your application and confidential customer data
  • 6. Threat Landscape Is Increasing! 8000 new vulnerabilities will be discovered this year Even Secure Organizations Are Not Safe! Threat Landscape Is Increasing!
  • 7. Multi-Stage Attacks Are Harder To Detect Attacks Are Getting Complex Critical Server Non-Critical Server
  • 8. The Solution
  • 9. Proactive Regular Security Testing Penetration Testing Ensures You Are Safe Regular proactive Penetration Testing is needed to augment defensive security monitoring measures such as firewalls, IDS, IPS etc., especially in light of the rising level of targeted attacks
  • 10. iViZ On Demand Penetration Testing Applications | Networks | Compliance Comprehensive | Cost-Effective | On Demand
  • 11. iViZ Solution On Demand Application Penetration Testing On Demand Network Penetration Testing On Demand Compliance Reporting Covers compliance like PCI, SOX, ISO-27001, HIPAA & more SOX/HIPAA compliant penetration testing ISO-27001 compliant quarterly penetration testing Multi-Stage Attack Simulation to detect attacks missed in traditional testing Covers all 26 classes of WASC application vulnerabilities & OWASP Top 10 Business logic verification Covers all CVE / NVDB / SANS Top 20 vulnerabilities as well as data leakage detection Specialized Testing For Web 2.0 Technologies (AJAX, JavaScript, Flash, ActiveX etc.,) Automated Exploitation And False Positives Elimination PCI-DSS Scanning including compliance templates & auto fill-in from test results Expert analysis along with automated exploitation Expert analysis along with automated scanning
  • 12. Solution Highlight Unique Multi-Stage Attack Simulation Technology detects all attack paths missed in traditional approach
  • 13. iViZ Remote Security Operation Center Customer Network On-Demand Portal Internet Secure iViZ Scan Cluster Industry’s First Subscription Based On-Demand Solution Works over the Internet – Anytime - Anywhere Solution Highlight 1 2 3 SCHEDULE TEST FROM ONLINE PORTAL VIEW REPORTS ONLINE OR BY ENCRYPTED EMAIL TEST CONDUCTED AUTOMATICALLY OVER THE INTERNET 1 2 3
  • 14. Hybrid Testing : Automated Scanning With Expert Analysis Provides Superior Security Coverage Solution Highlight Superior Coverage
  • 15. iViZ Solution Benefits
      • Online Dashboard providing flexible scheduling, historical trends with powerful vulnerability management capability
      • MAS coupled with expert analysis helps in the detection of attack paths otherwise missed out in traditional testing and also eliminates the false positives
      • Monthly / Quarterly Subscription helps in providing higher ROI and lower TCO (Total Cost of Ownership)
    On Demand Comprehensive Cost-Effective
  • 16. On-Demand Portal Screenshots
  • 17. Top 2 in Asia / Top 6 in World Top 100 in Asia Top 8 in World Top 4 Emerging Company Innovative Company Finalist Top 10 Hottest Startups Top 2 in India Global Technology Recognitions 2007 2008 2006 2009 2008 2006
  • 18. Hard Disk Encryption BIOS Antivirus iViZ Research Recognitions iViZ Vulnerability Research has discovered security vulnerabilities in the following products F-Prot version 4.6.8, Sophos SAVScan 4.33.0, AVG for Linux version 7.5.51, Avast for Workstations v1.0.8, Bitdefender for GNU/Linux version 7.60825, ClamAV 0.93.3 Microsoft Bitlocker/Vista (SP0), SafeBoot Device Encryption v4, Build 4750 and below Hewlett-Packard 68DTT Ver. F.0D, Intel Corp PE94510M.86A.0050.2007.0710.1559, Lenovo 7CETB5WW v2.05 iViZ Follows Responsible Disclosure Policy: 1) Private vendor disclosure 2) Vendor coordinated public disclosure 3) No public proof of concept
  • 19. Media/Online Telecom / Mobile Financial Services Government Technology Others Customers Across Broad Industries
  • 20. DETAILS
  • 21. Application Testing iViZ SOC Remote Scan Cluster How It Works On-Demand Portal Internet Secure iViZ Scan Cluster Customer Network Database Application Server Custom Applications Web Server Methodology Application Spidering Authentication Testing Web Serv. / Bus. Logic Testing Ajax Testing Risk Assessment Reporting Session Mgmt Testing Data Validation Testing
  • 22.
    • Comprehensive coverage of vulnerabilities
    • Supports modern websites using JavaScript, Flash, AJAX, Java Applets, or ActiveX
    • Combination of Automated and Manual Testing
    • Business Logic Verification and Testing
    • Profiling of Remediation with severity
    • Flexible Reporting for effective remediation
    • PCI compliant Reporting
    Application Testing - Features
      • Cross-Site Scripting
      • SQL Injections;
      • HTTP Response Splitting
      • Parameter Tampering
      • Hidden Field Manipulation
      • Backdoors/Debug Options
      • Stealth Commanding
      • Session Fixation , automatic intelligent form filling
      • Forceful Browsing
      • Application Buffer Overflow
      • Cookie Poisoning
      • Third-Party Misconfiguration
      • HTTP Attacks; Suspicious Content
      • XML/SOAP Tests
      • Content Spoofing
      • LDAP Injection
      • XPath Injection
  • 23. External Network Penetration Testing iViZ Remote Security Operation Center Customer Network Reconnaissance Vulnerability Assessment Exploitation Root Cause Analysis Risk Assessment Reporting Methodology How It Works On-Demand Portal Internet Secure iViZ Scan Cluster
  • 24.
    • On Demand Testing
      • Schedule daily, weekly, monthly scans
    • Advanced Artificial Intelligence based Testing
      • Exploitation and Accurate vulnerability validation
      • Complete Attack Simulation for finding all attack paths
      • Advanced Correlation of Vulnerabilities
    • Expert Validation
    • Online Vulnerability Management Portal
    • Prioritization and Remediation of Vulnerabilities
    • Reports Compliant to PCI, SOX, ISO 27001
    External Network Penetration Testing - Features
  • 25. Internal Network Penetration Testing Methodology Reconnaissance Vulnerability Assessment Exploitation Root Cause Analysis Risk Assessment Reporting Multi-Stage Attack Analysis Protocol / Link Analysis Customer Network iViZ Scanner On-Demand Portal Green Cloud Security Appliance Security Operation Center On-Demand Portal Secure iViZ Scan Cluster Internet How It Works
  • 26.
    • Advanced Artificial Intelligence based Testing
      • Exploitation and Accurate vulnerability validation
      • Complete Attack Simulation for finding all attack paths
      • Advanced Correlation of Vulnerabilities Combination of Manual and Automated Testing
    • Network Protocol Vulnerability Testing
      • Find critical data exposure either at rest or in motion for data leakage prevention
    • Profiling of Remediation with severity
    • Flexible Reporting and Compliance Wizard for effective remediation
    Internal Network Testing - Features
  • 27. APPENDIX
  • 28. Challenges in Traditional Penetration Testing Traditional Penetration Testing Challenges Not Comprehensive
      • Manually finding all possible attack paths is not feasible
      • Non-standardized and prone to human errors
    Not-Scalable & Irregular
      • Dependency on human experts
      • Continuous IT footprint changes & new vulnerability discoveries makes it ineffective
    Time Intensive & Expensive Low ROI
      • Longer engagement process & turn around time
      • Despite significant investments in penetration testing, infrequent test schedules makes it useless with very little ROI
  • 29. “ .. exploit multiple security weaknesses that individually are not critical , but in the aggregate , they allow an attacker to compromise business critical data ” Emerging Threats: Multi-Stage Attacks
  • 30. Critical Server Non-Critical Server Harmless Critical Vulnerabilities Harmful Non-Critical Vulnerabilities Changing Threat Definitions
  • 31. iViZ Security Solves The Problem.. Intelligent Human Hacker Self Replicating Mutually Co-operative Community of Technology to Simulate/Emulate
  • 32. Customer Network iViZ Scanner On-Demand Portal Green Cloud Security Appliance iViZ Security’s Security Operation Center On-Demand Portal Secure iViZ Scan Cluster Internet On-Demand Penetration Test: How It Works? Internal Testing SCHEDULE TEST FROM ONLINE PORTAL APPLIANCE DEPLOYED WITHIN NETWORK TEST CONDUCTED AUTOMATICALLY VIEW REPORTS ONLINE OR BY ENCRYPTED EMAIL
  • 33. Thanks www.ivizsecurity.com [email_address] LinkedIn Profile