1. | |April 2015
14CIOReview | |April 2015
15CIOReview
W
ithout a security policy and provision,
the accessibility and availability
of the enterprise network can be
compromised quite conveniently.
And over the past few decades, we
have been hearing several big stories concerning network
outages. Gradually, after witnessing such glitches in
the network along with burgeoning vectors coming for
various quarters, IT bigwigs and CIOs started realizing
Ravi Prakash,
Regional Director, India
the significance of network security and started
viewing network security of products much more in
a holistic manner rather than one time affair to satisfy
the compliance bodies. But the challenge of performing
securitytestagainstthreatvectorsmanuallyandregularlyby
a consultant pinched every enterprise. Understanding this
quagmire, Beyond Security, headquartered in Cupertino,
United States assists enterprises in testing both known
and unknown vulnerabilities by allowing enterprises
to carry out network security via cloud and through in
premise appliances for end point security. “We are in an
advantageous position to help the product vendors to build
robust products while helping Enterprises to protect their
critical assets and sensitive business data from a security
perspective”, says Ravi Prakash Regional Director, India.
ImprovingSecurityPracticesandManagingVulnerabilities
With the growing internal and external threats, enterprises
are finding it gruelling to meet myriad of security policies
and regulatory compliances. Elaborating further, Ravi
says, “It is even more challenging for large enterprises
that are geographically dispersed given the internal end
point security challenges. In addition, mobile users
who log into network occasionally also face end point
security challenges as they are not a part of the network”.
However, with Beyond Security’s AVDS Vulnerability
Assessment and Management, an organization can
identify vulnerabilities with precision and eliminate
network’s most serious security weaknesses. “AVDS
with its lowest false positive feature help enterprises
manage vulnerabilities efficiently”, adds Ravi.
Additionally, AVDS with its distributed architecture
helps enterprises to deploy appliances in geographically
spread organizations and manage both internal and
external vulnerabilities from a single location,
thus obliterating chances of
long distant breach.
BeingaPCI/DSSApproved
Scanning Vendor (ASV), the
venture conjures AVDS’s full
blown automation features and
couples it with cloud offering
to allow enterprises website
testing both quarterly and Half
yearly . “Our PCI/DSS testing
methodology follows stringent
parameters and passes tests
only when the websites are free
from vulnerabilities, else subjects it
to repeated tests until vulnerabilities
are closed”, proclaims Ravi. This
approach aids in smooth online
payment transactions between the
Enterprise and the user.
Comprehensive Security Testing for All
NetworkedApplications
Security is the most critical parameter for all
software developers who are undergoing high
pressure of producing application that
efficientlymeetsbothfunctionality
and security requirements.
No developer wants to see
his/her application being
taken out because of an
unforeseen breach or
vulnerability. In parallel,
failing to kill the
potential vulnerability
during software
d e v e l o p m e n t
lifecycle can become
a costly affair. And this
is when Beyond Security’s
be STORM–a Software
Security testing tool
comes handy. beSTORM
does dynamic security
testing of products during development and can be used by
developers and testers as part of security assurance testing.
“It essentially identifies protocol implementation error and
finds programming errors/anomalies such as buffer overflow,
integer overflow, off-by-one error. Majority of the OEM’s
including Microsoft, Ericsson, Juniper, Cisco incorporate
beSTORM as part of the secured software development life
cycleprogram(SSDLC)”, says Ravi. In addition, beSTORM
follows black box testing methodology and it is independent of
the programming language. Organizations from the defence,
aviation, telecom and banking sector can deploy beSTORM as
a security assurance testing suite to test home-grown products
and active network components procured from third party
vendors.
WayForward
After establishing a strong foothold as a niche security
product developer and successfully acquiring marquee clients
such as US defence, Bank of America and Royal Bank of
Scotland, Beyond Security is keen to add immense value to
Indian organizations and help them construct robust security
measures. Ravi believes that the industry today has
evolved from the security perspective as a
“good to have” to a “must have” and has
graduallybeenembracingrobustsecurity
into their IT practices. Going forward,
Beyond Security anticipates active
participation from many medium
and small enterprises willing
to strengthen their network
security infrastructure and
applications. Targeting the
aggressive network threats,
Beyond Security like many other
security product developers is
dedicated to help enterprises in
building robust defence in
many critical areas and
enable them to grow
beyond every security
impediments.
beSTORM follows black box testing
methodology and it is independent
of the programming language.
Organizations from the defence,
aviation, telecom and banking sector
can deploy beSTORM as a security
assurance testing suite
Beyond Security: Uncovering
Known and Unknown
Vulnerabilities in Network
ProductsBy Karishma. B
Company of the Month: Network & Application Security