iViZ Security : On Demand Penetration Testing

Overview Presentation On Demand Penetration Testing Application | Networks | Compliance Reporting www.iViZsecurity.com An IDG Ventures Company

Today’s Security Challenges

iViZ Value Proposition

Solution Details

iViZ Profile

Contents Private & Confidential | iViZ

About iViZ

Industry’s first On Demand Penetration Testing Company for web applications, networks and compliance reporting

Funded by IDG Ventures , a 4 Billion USD US venture capital fund which has funded companies like Netscape, Myspace, Baidu, F5 etc.

Patent Pending technology to simulate a human hacker which has won worldwide recognition from US Dept. of Homeland Security, Intel, World Economic Forum, Red Herring, London Business School etc.

In-house research team discovered new vulnerabilities in different products of Microsoft, Intel, IBM, Adobe, AVG, McAfee etc.

Widely adopted by customers like Sony, Oracle, Tata, CNN IBN, CNBC, Fiat, ING etc.

Private & Confidential | iViZ

Today’s Security Challenges Private & Confidential | iViZ

Security Challenges Businesses Face Today Business Continuity

Prevent business disruption by protecting critical IT assets

Compliance Management Brand Protection

Manage Ever Growing Compliance Requirements PCI, ISO, HIPAA

Ensure Safety Of Your Application & Confidential Customer Data

Security Snapshot 7400 New vulnerabilities discovered in 2008 92% Vulnerabilities can be exploited remotely >55% Vulnerabilities affect web applications. If you add custom applications, this figure will be far higher 74% Vulnerabilities did not have vendor patches by end of 2008 SQL injection exploitations per day . (#1 vulnerability) Increased from few thousands per day last year Source: Gartner, CERT, Security Trends & Risk Report 2008 75% Attacks are tunneled through web applications (Gartner) 100,000+

Even Secure Organizations Are Not Safe!

Multi-Stage Attacks Are Harder To Detect Attacks Are Getting Complex Attack Entry Critical Server Non-Critical Server

The Solution Private & Confidential | iViZ

Proactive Regular Security Testing Penetration Testing Ensures You Are Safe Regular proactive Penetration Testing is needed to augment defensive security monitoring measures such as firewalls, IDS, IPS etc., especially in light of the rising level of targeted attacks

Current Approach Has Gaps Private & Confidential | iViZ

Private & Confidential | iViZ

Private & Confidential | iViZ On Demand Vulnerability Management Portal Application Penetration Testing Business logic verification Specialized Testing For Web 2.0 Technologies (AJAX, JavaScript, Flash, ActiveX etc.,) Coverage for all 26 classes of WASC vulnerabilities & OWASP Top 10 Network Penetration Testing Multi-Stage Attack Simulation Coverage for CVE / NVDB / SANS Top 20 vulnerabilities Automated Exploitation And False Positives Elimination as well as data leakage detection PCI Compliance Reporting PCI Compliance Checklist PCI-DSS quarterly scanning Auto fill data from test results Expert analysis along with automated scanning ISO, SOX Compliant Reporting iViZ On Demand Security Solution

Customer Applications/Network Internet Internet Private & Confidential | iViZ iViZ Vulnerability Mgmt Portal Customer Log in Schedule Scan iViZ Scanners iViZ Vulnerability Mgmt Portal Report + Vulnerability Dashboard Internet Test over secure connection Customer Customer How does it work? iViZ Scanners iViZ Scanners

Private & Confidential | iViZ Superior Coverage Security Test Coverage

Benefits On Demand Regular Security Testing Coverage Online Vulnerability Management Portal Periodic Security Test Scheduling Comprehensive Detection Of All Possible Attack Paths Unique Multi-Stage Attack Simulation Technology Cost-Effective High Security ROI Pay-As-You-Go Quarterly Subscriptions Zero Tools / Infrastructure Overheads Hybrid Testing : Automated + Expert Testing

On Demand Portal Screenshots On Demand Scan Scheduling Historical Trend Analysis Vulnerability Analytics

On Demand Metrics Threat Analysis

Threats & Remediation Report includes threat details & remediation recommendations

About iViZ Private & Confidential | iViZ

Strong research team discovered new vulnerabilities in Microsoft, Intel, HP, Lenovo, McAfee and several others Funded by USD 4 Billion IDG Ventures (whose portfolio include Netscape and MySpace) About iViZ Private & Confidential | iViZ Information Security company with world’s only on-demand penetration testing solution using unique patent pending technology Over 1200 successful tests done for major global brands Global recognitions by Intel, US Dept. of Homeland Security, London Business School, World Economic Forum

Top 2 in Asia / Top 6 in World Top 100 in Asia Top 8 in World Top 4 Emerging Company Innovative Company Finalist Top 10 Hottest Startups Top 2 in India 2007 2008 2006 2009 2008 2006 Global Recognitions for Technology Private & Confidential | iViZ

Hard Disk Encryption BIOS Antivirus iViZ Vulnerability Research has discovered security vulnerabilities in the following products F-Prot version 4.6.8, Sophos SAVScan 4.33.0, AVG for Linux version 7.5.51, Avast for Workstations v1.0.8, Bitdefender for GNU/Linux version 7.60825, ClamAV 0.93.3 Microsoft Bitlocker/Vista (SP0), SafeBoot Device Encryption v4, Build 4750 and below Hewlett-Packard 68DTT Ver. F.0D, Intel Corp PE94510M.86A.0050.2007.0710.1559, Lenovo 7CETB5WW v2.05 iViZ Follows Responsible Disclosure Policy: 1) Private vendor disclosure 2) Vendor coordinated public disclosure 3) No public proof of concept One Step ahead of Hackers: iViZ discoveries Private & Confidential | iViZ

IDG Ventures invests $ 2.5 Mil to Enable iViZ Expand Operations iViZ Solutions Aim to Put Hackers Out of Work 10 Hottest Start-ups Keeping a digital vigil Encrypting hard disk is not safe. New vulnerability discovered by iViZ affects Microsoft, Intel, HP and Others New vulnerability discovered by iViZ affects Microsoft, Intel, HP and Others iViZ Research widely cited in over 1000 Media Private & Confidential | iViZ

Due to Non-disclosure Policy, other client names cannot be displayed here Customers Across Broad Industries Private & Confidential | iViZ

Thank You [email_address] Private & Confidential | iViZ www.iViZsecurity.com An IDG Ventures Company