Security Risk Management Services: To Recognize New Risks and Re-Examine Your Security Position

Security breaches occur when external or internal threat agents are successfully able to identify and exploit inherent vulnerabilities in an organization’s infrastructure, applications, and allied processes. Vulnerability assessment is a specialized assessment that aims at delving into the organization's technology landscape to identify security vulnerabilities that may be exploited by determined attackers. The penetration testing methodology is intended to provide customers an independent, point-in-time, assessment of its overall security posture. The penetration tests provide a view of risk from the perspective of a malicious actor. This testing is also used to identify ways that technical risk can translate into business risk.

Our services identify vulnerabilities, implement remediation, and pro-actively prevent security events and data breaches. Including Vulnerability Assessment and Penetration Testing for Web application, Infrastructure, REST API and Mobile App using manual and automated ways of testing, Black box / White box testing types. It is a comprehensive service for security audit, security amendment, recommendation, security monitoring, risk analysis, forensic analysis, and penetration testing.

Scope:

• Information gathering and discovery
• Application and infrastructure assessment
• White and Black Box Testing: Methodology: OSSTMM, ISSAF, NIST and OWASP
• Tool-based automated (Nessus, Burp Suite, OpenVAS) as well as manual penetration testing
• Document and demonstrate likely attack vectors into the networks and systems included in the scope
• Quantify the impact of a successful attack through active exploitation
• The Common Vulnerability Scoring System (CVSS V3) standard is used for assessing the severity of computer system security vulnerabilities
• Risk calculations using the DREAD framework
• Detailed recommendations / resolutions for all the findings
• Consulting and support for fixing vulnerabilities (Independent SOW-based on recommendations report)

Xoriant can provide an Independent Security assessment of your Azure Environment.

We assess your organization’s Azure position for policies, processes, procedures, technology and architectures, and define a roadmap for protecting and updating your Azure environment, including modern technologies such as AKS.

The assessment includes a review of the customer’s Azure architecture and implementation to assess compliance against Microsoft’s Azure recommended security best practices. It identifies risks associated with the areas of non-compliance and recommends mitigations to reduce risk in the environment.

Scope:

Assessment of Azure environment for the following categories

• Azure Security Policy
• Compute, Storage and Network
• Identity and Access Management
• SQL Services and Databases
• Operations and Miscellaneous
• Reporting with recommendation
• Remediation and support services - (Independent SOW)

Xoriant provides an independent security assessment for your technology environment which may be split across on-prem and cloud.

We assess your policies, processes, procedures, technology and architectures, and create a roadmap for securing your multi-cloud, hybrid, private-cloud environments.

The assessment includes a review of your technology architecture and implementation to assess compliance against recommended security best practices. It identifies risks associated with the areas of non-compliance and recommends mitigations to reduce risk in the environment.

Scope:

Assessment of the environment for the following categories

• Security Policy
• Compute, Storage and Network
• Identity and Access Management
• Databases (RDBMS (OLTP and OLAP, Hash tables, NoSQL and Data lakes))
• Build and Release
• Operations
• Reporting with recommendation
• Remediation and support services - (Independent SOW)

Xoriant can build awareness of social engineering phishing through-out your company, report on the awareness within your organization, outline your risks, and build protection against social engineering vulnerability.

The ISO 27001 standard mandates end-users to undergo Security Awareness training, however, there is no mechanism to assess the effectiveness of end-user training. We create simulated phishing attacks that help in analyzing the user behavior / response and in assessing the security awareness level of the users. This analysis allows us to define awareness programs for users.

Scope:

• Deploy and configure phishing framework
• Identify target users for simulated phishing attack
• Schedule real-world phishing attacks on identified users
• Run simulated phishing attack campaign in the organization
• Monitor the user action
• Generate reports and analyze user behavior   
• Validate the effectiveness of the existing security training & recommend additional training.
• Extensive real-time dashboard and reporting