Friday, March 7, 2014

Cyber Crisis: It’s time to train and employ half a million Ethical Hackers

Several organizations across the world have had to regret for not utilizing the services of ethical or white hat hackers to test their internal and external infrastructure for vulnerability scanning.

Recently a large financial service company was the victim of a phishing attack and had to undergo with a substantial chunk of its information being compromised. The company would have saved the crores, if spent a few lakhs on deploying the services of Ethical Hackers.

In an Interview, Dr. Anup Girdhar (CEO – Sedulity Solutions & Technologies) said, ‘there are various reasons due to which companies are little skeptical in deploying the services of ethical hackers- low awareness about the concept of IT Auditing or Penetration Testing, the perception of high cost of services and un-comfortability to share the infrastructure policies implemented by their technical team’. However, each organization should take the professional and expert services in order to get their internal technical policies audited for better productivity, through third party IT auditing organization like ‘Sedulity Solutions & Technologies’, etc. who have good track record for delivering their services to various Corporate and Govt. clients.

As, the demand for such services is rising, each organization should organize ‘Cyber Security & Ethical Hacking’ Training programmes for their technical and management teams or should recommend them to learn such technologies from some good and reputed universities in India like ‘IGNOU and TMV-Pune’. Among the top IT countries in the world, the need for Ethical Hackers is huge in India, as the percentage for Cyber Crimes, Cyber Terrorism, Data theft, Defamation, Cyber Stalking, etc. have seen exponential growth in the past few years, Dr. Girdhar adds.

According to the recently released National Cyber Security Policy by Ministry of IT, Govt. of India, there is a need of almost 500,000 Cyber Security Professionals who can put their best for securing the most important information from this Cyber Space. Currently the rough estimate of Cyber Security Experts in India is about 30,000. To deliver 500,000 Cyber Security Experts in 3-4 years, each candidate who works on computer and internet should learn such technology from reputed institutions like ‘Sedulity’ as it offer more practical oriented training modules which helps the candidates to get good placement opportunities as well.

The "Awareness across the US and Europe is comparatively much higher than in India as a lot more information related to Cyber Security is to be shared within the industry. It is recommended that organizations should focus on live Penetration testing or IT Auditing instead to rely more on security certifications. Moreover, special kind of training which is related to ‘Cyber Laws’ should also be provided so that each candidate who learn such technology is aware that if he try to misuse the knowledge would have to go for certain punishments or penalties or both which are applicable under ‘Indian IT Amendment Act-2008’.

Thursday, July 4, 2013

Importance of Secure Software Development Life Cycle

A common delusion is that applications should be secured after they are developed but before deployment to the production environment. Performing a Security Audit after they are completed typically results in a significant amount of Security flaws said Dr. Anup Girdhar, (CEO-Sedulity Groups). Some of these flaws could involve serious technical & architectural issues. In a best case scenario, developers can invest an immense amount of time and effort to fix these flaws. Worst case, the application may require recoding and renovation of its architecture. Performing application security in this manner is incredibly expensive and time consuming. Integrating security into the early phases of the ‘SDLC’ neutralizes this cost and produces more secure applications in comparatively less time.

However, many organizations have not yet formalized their secure software development program and consequently they spend more time reacting to security issues in completed applications rather than pro-actively eliminating issues before the applications are completed. Further, they see the same problems marked themselves time and again in the same applications. This is a clear sign that a strategic approach must be engaged to avoid the endless bug-fix cycle.

Sedulity help organizations to develop a secure SDLC integration program including recommend¬ed policies, guidelines, and knowledge transfer to address the three fundamental areas of people, process, and technology that are critical to a successful development process.

The secure software development gap analysis process can significantly benefit from security reviews of multiple of your applications to create a baseline. This testing could include threat modeling, and penetration testing. Creation of this baseline will allow Sedulity consultants to accurately determine the state of software security within your environment. This in turn helps during the gap analysis and in making recommendations that can truly help your organization improve its software security while still delivering IT projects on time and within budget.

Methodology:

Sedulity Solutions & Technologies will gain a comprehensive under¬standing and analysis of how your development teams work. Thorough interaction, analysis of documented SDLC procedures, and review of any known issues with existing applications, Sedulity Consultants will understand existing practices and be able to identify areas for improvement from a security perspective. A key part of this analysis will include examining existing and proposed touch points and artifacts to identify critical areas for improvement. Sedulity measures the maturity of your application security efforts and helps you determine next steps by evaluating your SSDLC against a baseline of our best practice areas which are as follows:

•    Awareness and Training
•    Assessment and Audit
•    Penetration Testing
•    Development and Quality Assurance
•    Compliance
•    Vulnerability Response
•    Metrics and Accountability
•    Operational Security etc.

Friday, June 14, 2013

Meet & network with international experts at Zebra-Con ‘An International Conference on GRC’

Condition Zebra, an established risk management and critical infrastructure security solutions provider from United States, is hosting its inaugural conference on Governance, Risk, and Compliance (GRC) in Malaysia this August.

“ZebraCON is an information exchange platform with an assembly of industry experts to share on strategic solutions and compliance concerns that impact security risk management,” said Wilson Wong, Managing Director of Condition Zebra. “Unlike a conventional conference covered with vendor-centric presentations, the content of our topics is specially designed to bring out a more engaging and interactive session.”
Kicking off in 27th August, more than 400 GRC professionals and corporate leaders around the globe are expected to gather at the Berjaya Times Square Hotel for this 3-day symposium. The speaker line-up includes Drew Williams (President of Condition Zebra), Dennis Moreau (Technology Strategist at RSA Security), and Jim Manico (Vice President Security Architecture of Whitehat Security), just to name a few.
“Protecting the Payloads: Aligning GRC with Business Priorities” is the theme for this event, it illustrates the importance and strategies to adopt a stronger security solutions across the critical infrastructures to secure the organization’s assets from perilous attacks.

According to a study conducted by PricewaterhouseCoopers, 78% of the organizations anticipate increased board and audit committee demands for evidence of effective compliance. To remain competitive, organizations need an effective system to improve overall compliance objectives and simultaneously, have a clear overview on the distributed access control in their business environment to mitigate risks.

“Every organization is facing the growing security threats caused by dubious business practices. Risks are present and unpredictable, doing nothing will only put the organization in rough water and bring huge damage to its assets when the attack strikes,” said Wong.

ZebraCON will feature insightful GRC strategy and implementation guidelines for policy development throughout the event. A series of expert-led trainings are to follow suit, covering the root cause analysis of GRC challenges to cloud computing, business – translated view of the national security policies as well as the legal considerations of infrastructure preparation.

More information about ZebraCON 2013 is available at http://www.zebra-con.com or you may also visit and contact  http://cybertimes.in, and http://sedulitygroups.com to register and avail 20% Discount for the conference.

Tuesday, May 28, 2013

Penetration Testing can help corporates to meet their security goals

After so many latest and powerful Malware attacks, Corporate industry; more than ever - need to take advantage of Cyber Security in order to test their networks, systems and applications to protect themselves from different Cyber Attacks. To ensure that web based systems and applications are secure requires more than just good design and development. In order to identify vulnerabilities, it is often a good idea to involve an independent body like Sedulity Groups to help find potential security problems before releasing to the public.

Getting Penetration Testing done is the only best practical way for companies (Small, Medium, & Large) to establish the optimum level of security within their networks & systems. Having third parties do this testing is a good way of introducing genuine experts and getting a different view on something said Dr. Anup Girdhar, CEO of Sedulity Groups. "However it’s also important to make sure that security is the responsibility of the team, and not something that is outsourced. With the ever-increasing risk of internal & external Cyber-Attacks to websites, the adoption of new technologies including virtualization and cloud computing, organizations have to firstly, identify Cyber Threats and secondly, put control measures in place to defend themselves from all these Cyber Attacks said ."

Routine IT Audit, is also known as penetration testing which is an essential component for any Corporate to implement the optimum level of security. As computer technology has advanced, organizations have become increasingly dependent on computerized information systems to carry out their operations and to process, maintain, and report essential information. As a consequence, the reliability of computerized data and of the systems that process, maintain and report these data are a major concern to audit.

Penetration testing should go far beyond proving it is possible to break into a system. It should explore the impact of the compromise and give a business answer to the threats an organization faces Dr. Girdhar, said in an interview. A client may not care that a development SQL server is vulnerable – but if that server is joined to the domain, we can demonstrate that it almost always allows an attacker to gain full access to the entire network. Likewise, a vulnerable firewall might not be important if the vulnerability cannot cause loss or embarrassment to the business. This type of analysis will assist you in directing security strategies and efforts. This makes penetration testing a need rather than an optional endeavor.

Sedulity Solutions & Technologies, is the most professional group of IT security Experts and Ethical Hackers involved into various Cyber Security Solutions for Corporate and Govt. Departments like Penetration Testing, IT Auditing, Cyber Crime Investigation, Data Acquisition, Network Security, Server Configurations,  Security AMCs, Creation and Hosting of Secure Websites, finding Vulnerabilities and loopholes in the Websites and also provide the Security Countermeasures to overcome the Cyber Attacks. Penetration Testing, services include a comprehensive report which will identify the vulnerabilities, severity levels and also recommends remedial activities as well. These services are suitable for small, middle, and large level companies. The packages are available for a limited time only at the special discounted price..

To get best Cyber Security Solutions for your business or organization, you may contact Team Sedulity.
FOR FURTHER INFORMATION
Call

+91-9312903095 or Email at contact@sedulitygroups.com