Banking and Financial Sector in India are the most regulated compared to other sectors. Vulnerability Assessment and Penetration Testing (VAPT) in BFSI sector today, is more of a ‘compliance’ program, which is conducted because of regulatory or applicable standard mandates. Thus, leaving the enterprises in this sector in a vicious cycle of patching thousands of vulnerabilities emanating from these VAPT programs.
Key Business reasons for the endless VAPT patching cycles in the BFSI sector:
- 40% lesser calendar days in a year because of business-sensitive month and year ends.
- A larger part of the organisation operates with thin bandwidths because of its widespread presence in the entire country (even in remote places)
- ~70% of human resources are on a commission basis and are not salaried employees. Majority of this team is on the field, and their systems are shared and seldom connects to the corporate network
In addition to the above reasons, there are thousands of vulnerabilities which need patching with ~8000 new vulnerabilities being added to the global database list every year. Thus, making any VAPT program in the BFSI sector ineffective resulting in vulnerable endpoints.
The second link of the InfoSec chain – The Humans/People were always vulnerable and often referred as the weakest link. Year 2017 onwards there has been a rise in a series of ransomware attacks like ‘WCry’, ‘Petya’ ‘Maze’ and few others which directly or indirectly targeted this vulnerable link and exploited almost every business segment. In-order to build a robust defense system, a security professional must understand that ransomwares need “Executioner/Human Resource” to yield its nefarious results.
Happiest Mind Technologies “Complete Exploit, Assess & Negate” (CLEAN) program secures digital assets exposed through all the three ‘Web’ ‘Email’ & ‘Physical connectivity’ channels. Unlike traditional VAPT programs, CLEAN addresses the people and technology challenges within the operational constraints of BFSI business and assuring ‘digital safety’ to Information Security guardians of enterprises.
- 8000 vulnerabilities get added every year, yet only 20% of them have exploit codes available and every 2 of 3 vulnerabilities exploited have been with the exploit code
- Vulnerability scoring methods consider ONLY ‘Work Factor’, while attackers also consider the benefits in exploit
- Digital assets over email channel remain open/vulnerable
- Contactless and interactive assessment
- Contactless assessments surface enterprise cyber footprints in cyberspace
- VA at click of mouse, no more large-spaced (quarterly, bi-annual or yearly) assessment frequencies
- Intelligent vulnerability prioritization, 8x improved VA program effectiveness, no more vicious VA cycles
- Covers building defense against phishing, strengthens the weakest link of the chain
- Designed for enterprises with separate email solution for commission-based agents (non-employees)
- Red teaming thru Black Hat certified hackers
Vulnerability Assessment (VA)
- 360 VAPT lifecycle management
- Since with existent exploit code chances of vulnerability exploit increases by 7x, program includes Intelligent vulnerability prioritization
- 8x more efficient patching with prioritization
Penetration Testing (PT)
- Includes testing of profuse client like CBS (Core Banking System) Email and many more based applications
- Includes mobile app testing
- Complete physical and IT Infra Red teaming included
- Covers complete lifecycle
- Simulation to education & improvisation
- These tests are done based on cyber footprints of the organization
- Risk score card indicating the vulnerabilities of the organization visible to attacker is delivered
- Includes designing of controls to mitigate the vulnerabilities
Data masking - Big Data Environment Best Practices Discover the potential of environmental data, and learn how it's used in…
Moving to Clouds? Simplify your approach to understand… Cloud based services add to the complexities of managing traditional security &…
Risk Assessment and Security Strategy Definition for a… The business requirement was to provide well defined security strategy and protection to…
End Point Security Management for a Financial Services… The business requirement was to create a centralized management/monitoring solution and setup…
Managed Cyber Security The world is changing; changing while we speak. Technology is no more…
Agile Infrastructure Management with Digital Security Next-Gen managed services platform for managing and enabling agile and secure hybrid…