Editor’s Note THE SUPREME GUARDIANS OF ENTERPRISE SECURITY
I
n today’s virtual age, enterprise security has become a major concern. The digital world has undoubtedly enhanced communication but has also opened doors for various cyber and other corporate threats. Many companies have already fallen prey to virus attacks and data thefts. In light of these occurrences, enterprises are now on the lookout for a saviour to protect them from such threats. Moreover, enterprises also come across various challenges related to architecture security, risk management, etc. This eventually interrupts their smooth functioning. In such circumstances, enterprise security solution providers emerge as the guardians. These companies provide their clients with excellent services and ensure that they are protected from threats of any kind. The leading enterprise security solution providers focus all their efforts on data centre, networking, and web server operations in practice. They try to make sure that their clients are free from all sorts of virtual errors and threats. These solution providers emphasize identifying the key risk areas and mitigating that risk to
Ananda Kamal Das
ananda@insightssuccess.com
the highest possible degree. They approach every problem in different ways, such as deploying risk-free network architecture and creating ongoing training and awareness programs for the staff to remain aware of the current and emerging threats. These companies provide comprehensive security solutions while addressing the weaknesses and vulnerabilities of the clients on a wide variety of levels. They also work towards creating an enterprise IT security policy that helps tackle ongoing areas of risk. The prominent enterprise security solution providers cater to a variety of organizations, whether big or small. They establish a robust cybersecurity program internally and utilize consultants to help deploy the cybersecurity program with more efficiency. The primary concern of these solution providers is to ensure that their clients are free from any sort of cyber threat and can function smoothly without any interruptions. They ensure protection from different types of scams and phishing attacks.
With the objective of providing their clients with seamless IT security services, these companies employ innovative techniques and adopt cutting-edge technologies. Hence, to introduce you to the game changers of the enterprise security solutions industry, we present to you our latest issue, India's Most Trusted Enterprise Security Solution Providers, 2021. Have an interesting read! - Ananda Kamal Das
08
SPECIAL PROFILE
20
Protecting Data and Information Infrastructure in the Cyberspace
30
Rex Cyber Solutions Tackling Cyber Threats Dynamically
16
CONTENTS
Briskinfosec
Articles Industry Know-how
Challenges in the Indian Enterprise Security Solutions Space
26
Enterprise Security Insights The essence of Enterprise Security Solutions in Business
Editor-in-Chief Sumita Sarkar Deputy Editor Abhishaj Sajeev Managing Editor Darshan Parmar
sales@insightssuccess.com
Assisting Editor Ananda Kamal Das
AUGUST, 2021
Contributing Writers Ashish, Aditya G
Corporate Offices: Chief Designer Priyanka Rajage Designing Head Vishal Pawar Co-designers Rashmi Singh
Operations Head Megha Mishra Business Development Manager Nandan Deshpande Asst. Manager Ashwini Pahurkar Business Development Lead Tejswini Whaval Sr. Business Development Executive Pravin Yalameli
Technical Head Pratiksha Patil Technical Specialist Amar Sawant
Insights Success Media and Technology Pvt. Ltd. Off. No. 22 & 510, Rainbow Plaza, Shivar Chowk, Pimple Saudagar, Pune, Maharashtra 411017 Phone - India: +91 7410079881/ 82/ 83/ 84/ 85 Email: info@insightssuccess.in For Subscription: www.insightssuccess.in Insights Success Media Tech LLC 555 Metro Place North, Suite 100, Dublin, OH 43017, United States Phone - (614)-602-1754 Email: info@insightssuccess.com For Subscription: www.insightssuccess.com
Digital Marketing Manager Amol Wadekar SME-SMO Executive Atul Dhoran Circulation Manager Tanaji
Cover Price : RS. 150/Follow us on :
www.facebook.com/insightssuccess/
https://twitter.com/insightssuccess
We are also available on Copyright © 2021 Insights Success Media and Technology Pvt. Ltd., All rights reserved. The content and images used in this magazine should not be reproduced or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission from Insights Success Media and Technology Pvt. Ltd. Reprint rights remain solely with Insights Success. Printed and Published by Insights Success Media and Technology Pvt. Ltd. RNI NUMBER: MAHENG/2018/75953
India's Most
T r sted Enterprise Security Solution Providers
2021
Company Name
Management
Brief
Brisk Infosec Technology
Arulselvar Thomas Founder and Director
Brisk Infosec is a global information security organization focused in developing innovative security and compliance solutions and in building high-performance security centric solution.
Objectstream
Shyam Nagarajan CTO and Co-founder
Objectstream has an extensive experience in the fabrication and installation of aircraft electrical/electronic components and avionics equipment, as well as their troubleshooting, repair, and replacement.
RAH Infotech
Ashok Kumar Founder
RAH Infotech was established in 2005 with a focus on providing state-of-the-art technology solutions in association with Global IT leaders
Rapyder
Amit Gupta Founder and CEO
Rex Cyber Solution
Rex Aantonny CEO
Rex Cyber Solutions is a vendor-independent Information security consultancy based in Chennai. Its experts lead the industry in security auditing, penetration testing, forensics, incident response, and architecture review
Terrier Security Services
K Ramesh CEO
Established in 1989, Terrier Security Services has carved a niche for itself in the Integrated Security space with unparalleled domain experience and expertise.
With a young, passionate team and expertise in Cloud Computing Solutions, Big Data, Marketing and Commerce, DevOps and Managed Services, Rapyder is the leading provider of Strategic Cloud Consulting
India's Most
T r sted Enterprise Security Solution Providers
2021
T
here is a changing trend in the industry concerning the planning of security infrastructure. Till about a few years back, most of the decisions regarding organization security were taken by the management with little coordination with professional security consultants. That is why many businesses have been struggling when faced with security breaches. Today, security consultants are being given the due authority as well as the responsibility to take over strategic decision-making roles. This shows that the move is in the right direction. With more and more businesses expanding their global reach and the numbers of risk increasing, security consulting has become increasingly specialized and critical for business growth.
That is where Terrier Security Services India Pvt. Ltd., comes into the picture. Starting from a meager strength of 3 Guards at its commencing operations on 5th June' 1989, with leading provider of Industrial Automation as its first client, Terrier stepped into the business. With the nerve centre in Bangalore, the company has spread its wings in Tamil Nadu, Rajasthan, Haryana, Maharashtra, Madhya Pradesh, Delhi, Gurgaon, Andhra Pradesh, Kerala, and Orissa.
With a pan-India presence, Terrier delivers high-end security and loss prevention solutions across diverse sectors like Airports, Industries, Manufacturing, BFSI, Hospitality, Education, Logistics, IT/ITES, and Retail. An ISO 9001/27001/14001/45001 certified company and only the one for PASARA license audited. Terrier has built in-house capabilities to handle everything - right from recruitment, training, and security to R&D, design, and implementation. A division of Quess Corp Limited, Terrier Security Services is one of India’s top 10 security solutions providers. With 3 allied business verticals—Terrier Security Services, Terrier Electronic Security and Terrier Business Solutions Today its presence and resources encompass: •25,000+ Guards •1,900+ Sites •700+ Clients •500+ Sites monitored remotely •QRT’s vehicles integrated with National Command Center •Full-fledged Training Centers at Bangalore, Bhubaneswar, Pune Chennai, Hyderabad, and Jamshedpur provide suitable platforms for imparting Pre and Post induction training
A Top Dog in the Industry Terrier’s strong ManTech Security solutions and remote monitoring facility from a global command centre helps in fortifying its operations. As one the top provider of security solutions, it maintains a comprehensive database of efficient professionals for catering to the client’s manpower requirements. Its team comprises state-of-the-art technology with a highly trained workforce to offer the most efficient security solutions that meet the client’s specifications. “We also have a specialized recruitment process and training module for the respective sectors and situations to which our security team gets deployed,” says Dr. K Ramesh. Prominent amongst the many distinctions, Terrier enjoys over its competitors, a state-of-the-art global command centre-enabled operating model that is one of a kind. The company values its clientele’s demands and offers customized modern security services. To ensure this, it provides advanced training to the security guards on the latest safety measures and equipment so that they can prevent industrial hazards or accidents in the client’s workplace. They are smartly uniformed, professionally trained, and well-supervised personnel who are responsible for the security and safety of assets, personnel, and property against theft, accident, pilferage, and intrusion, etc.
Dynamics of Terrier “At Terrier, we aim to help in ensuring the safety and security of businesses through our state-of-the-art security solutions,” says Dr. K Ramesh. At Terrier Security Services, the company is redefining how business is done. The complete operation automation helps clients increase productivity by saving time, money and keeping track of their premise and assets.Its smart operational solution gives them full online access keeping their workspace safer. Some of its proven solutions are online site survey, POP – Paperless Onboarding, WorQ App, Hawk-I, QRT’s, OpsWorQ, Customer Care platform, Online client dashboard, SeQure App and Invoice
There's A Paradigm Shift Towards Transforming The Company's Security Capabilities From Reactive To Proactive
automation. With a single-minded passion for creating positive customer impact, Terrier’s team helps its customerscut costs, make operations sustainable, and implement the mission-critical solution. The company delivers it by integrating manpower services with e-surveillance, intelligent business services, hardware, software, and other IoT enabled sensors. It offers a diverse portfolio ranging from manned guarding and high-end esurveillance to command centre-led business solutions such as remote asset management, access management, energy optimization, and retail ROI enhancement. “We provide our security and business services expertise pan India to IT/ITES and manufacturing sectors, solar farms, critical infrastructure like (Airports, and Hospitals), leading retail chains, and telecom providers,” further adds Dr. K Ramesh.
Our Coin Sensor Nodes Tracking System Gives You Full Access, Full Control, Anywhere From Any Device
Over the years, Terrier has developed the capability to deploy fully trained security personnel, on-site, across India. “It is our constant endeavor to deliver the highest quality of products and services to our prestigious clientele, which includes Fortune 500 companies and technological giants,” Dr. K Ramesh answers. With over three decades of industry experience, it is needless to say that the team at Terrier can be trusted to deliver the right solution, specifically curated for the needs of the clients. The team proactively secures its client’s assets, places, and people. State-of-the-Art Security Offerings “At Terrier Security Services, we partner with you, leveraging our expertise and experience, cutting-edge technology and systems, and industry knowledge to provide comprehensive, customized security solutions that help you protect against threats,” states Dr. K Ramesh. If one is looking to have a security solution for long-term or short-term assignments, the team at Terrier can provide solutions that best fit their security needs and budget. The company is structured to deliver security expertise for specialized markets as well as multiple security solutions utilizing people, technology, and knowledge. Terrier Security Services provide innovative security offerings across industries that ensure uncompromising value, cost-effectiveness, and results for other businesses.
Leaders of an Enterprise Security Solutions Giant
Dr. K Ramesh – CEO Dr. K Ramesh is the CEO for Terrier Security Services. He holds Ph.D. and MPhil from Bharathiar University and MBA in Marketing. He is a seasoned professional with 24 years of diverse work experience including leadership role in managing and driving Integrated security solutions. An accomplished leader with broad Sales and Marketing, Operations Management, Strategic planning skillset and ability to provide creative, enthusiastic, and forward-thinking leadership in a team environment. His previous organizations of work include G4S, Securitas, MSF, Pentasoft, Virtual 3D and Telesistems where he proved his ability to scale up and provide creative and innovative leadership. He brings a great mix of leadership, inspiration, operational excellence, technical expertise, and passion for customer management.
Terrier’s Thermal Fever Screening Terrier Facial Recognition Readers Alerts on social distancing and masks
Its trained security operators are available 24 hours a day to monitor the clients’ sites via CCTV. Blending talent and technology enables Terrier to provide a service that is second to none. “We also provide a wide range of services like Consultancy, Project Management, Commissioning, and Service Operations,” shares Dr. K Ramesh. Also, Fever Screening Thermographic Cameras are designed to detect elevated skin-surface temperature and can be used for quick preliminary fever screening without any human intervention. Any object with a temperature above zero emits a detectable amount of radiation.
Through this, it empowers its clients to make better and more informed decisions about security operations. “We also help you quantify and understand your risks, identify and respond to threats and unify your organization on security priorities,” states Dr. K Ramesh. With its expert team and proven frameworks, the company ensures that it facilitates a deep understanding of business and compliance needs of a client by assessing, reducing, and managing their security risks. Piercing through the Pandemic During this time of uncertainty due to the advent of the Covid-19 pandemic, the companies are navigating towards remote supervision. Terrier’s futuristic Global Command Centre provides a centralized platform that allows its clients to manage their site remotely with minimal personal contact. “We offer high-tech remote monitoring security services, powered by advanced CCTV transmission and recording technology,” informs Dr. K Ramesh. Terrier’s systems have been programmed to manage and respond to CCTV alarms generated from protected sites 24/7. Terrier’s contactless campus security and safety solutions leverage smart tech and AI solutions to track and protect its clients’ employees, visitors and contractors, helping them reduce transmission risks, productivity losses and compliance risks. Following are the solutions:
The thermal camera converts IR radiations into gray value and establishes the accurate corresponding relation between gray value and temperature through the temperature measurement algorithm model. It is well known that one major symptom of a virus infection is fever. Therefore, a thermal camera with high temperature accuracy can detect elevated body temperature and can be used to make the preliminary screening. It is advisable to install thermal cameras at places with long queues and huge gatherings. So, with all these resources at its disposal, Terrier Security Services is really making a difference in the enterprise solutions space and Insights Success is glad to feature their journey and story for our audience in a new light.
It’s A Dawn Of A New Era For Integrated Security
Challenges Enterpr se in the Indian
16 | AUGUST 2021
Industry Know-how
Security Solutions
Space
I
t is no secret that Indian enterprise security solutions are poor. Indian enterprises are at a higher risk of security breaches, and many reports prove this fact. Whether it is start-ups or big established companies, everybody faces challenges in keeping the firm secure. Security is vital for everyone. Violating rules and misusing data is a serious offense. There are several laws relating to security, yet breaching rules for fraud is one of the most commonly noticed offenses. The situation right now is alarming. Inter-communication has speeded, and industries use different technologies to keep their data safe. It is difficult to hack data, but it is not impossible at the same time. Threat to customer data is the highest level of disappointment and loss in the enterprise industry. Cybercriminals and cyberbullies are taking advantage of the technology and easily breaching the laws and privacy of people. Firms are facing losses because of these crimes.
17 | AUGUST 2021
Even after installing anti-virus software and different security softwares, it is seen that most of the crimes happen as they always used to. Taking extra care is a must-do and not a should-do for company’s now.
The hackers/attackers know that small businesses are more likely to pay because they do not have the data back up. Particularly, the health care sector is hit hard by these attacks.
Let us see the few most common challenges faced by enterprises.
Malware Attacks
Phishing Attacks Phishing attacks are those when an attacker acts as a potential client and a trustworthy customer. It entices the user to click on a malicious link and gives them access to sensitive information, data, and credentials. This is the biggest and most widespread attack. It is utterly unsafe and most dangerous. It accounts for 90% of breaches faced by companies. It has become easier as the breachers act like legit business clients or customers. Faking and interrupting your privacy can be done easily as the attackers have become more convincing in being business contacts.
Malware usually comes from connecting defective devices, spam emails, and malicious website downloads. It is another most common challenge company’s face. It encompasses a variety of cyber threats like trojans and viruses. It is a term for malicious code that hackers use to gain a network, steal data, and destroy data. These attacks are particularly destructive for small businesses as they can damage devices, requiring costly repairs or substitutes to fix. They can also give hackers a back door to open data, which can put clients and workers at risk. Weak Passwords
A major drawback that businesses face in phishing attacks is the attacker/hacker uses social engineering to target the people in the business industry. Hackers do not use technological weaknesses in this kind of fraud.
Using an easily guessed password makes the business unstable as the risk of data corruption is heightened. Many companies use several cloud-based services for different work, which makes it easy for attackers to hack the data.
Ransomware
Employees use easy/weak passwords without knowing the damage they can cause to the businesses. Using the same password is also dangerous for companies.
Ransomware is one of the most common cyber-attack, hitting thousands of businesses. This has grown more common as it is the most lucrative form of attack. Ransomware involves using encrypted company data so that it cannot be used. Then the attackers demand ransom from the businesses. This leaves the company with no option but to pay the ransom or lose huge data, which will somehow jeopardize the business. Small businesses are affected by this on a larger scale as they don’t have a proper cyber security system to protect their data. According to a report in 2018, Ransomware affected 71% of small businesses causing considerable losses.
18 | AUGUST 2021
There is a range of threats faced by businesses at the moment. The safest way for businesses to protect these threats is to have a thorough set of security devices in place and utilize Security Awareness Training to ensure that users are conscious of security risks and how to avoid them. - Sayali Sangewar
Streamlining Cybersecurity
Briskinfosec
Protecting Data and Information Infrastructure in the Cyberspace
T
he most prominent enterprise security solution companies utilize various strategies, techniques, and processes for protecting information and IT assets against unauthorized access, data breaches, and other related risks which may threat the confidentiality, integrity, or availability of these systems. One such leading company which is revolutionizing the enterprise security solutions space is none other than Briskinfosec. Incorporated in February 2015 as LLP and later formed as PVT LTD in 2017 it is a global information security organization focused in developing innovative security and compliance solutions and in offering high performance security solutions. The company's excellence in carrying out various security assessments has garnered success and appreciation from all its valuable clients, from wide array of sectors. It has established a reputation of providing top-notch information security service to industry leaders, both in the Asia-Pacific region as well in the other parts of globe. • We have Identified as One Among Top 10 Most Promising Cyber Security providers by CIO Review Magazine. • The most Powerful security solutions provider by "The Leader's Globe" Magazine. • We reported 8000 vulnerabilities within 4 hours and have registered our name in “The India Book of Records” for this greatest achievement. • We have been certified with ISO/IEC 27001, its commitment to information security management of its credentials as a managed service provider. • Our cyber security initiatives are affiliated by the National Cyber Defence Research Centre (NCDRC). • CSA (Cloud security alliance) honoured us with the award for “Award of Excellence in cybersecurity”. Taking Enterprise Security Solutions to the Next Level Briskinfosec provides various types of cyber security assessment services and solutions to its valuable customers
20 | AUGUST 2021
namely Virtual CISO/ Virtual Security Team/ Third Eye Security Review assessment/Work from Home Security assessment/ CXO review assessment/ GRC Assessment/ Source code review assessments/ /Corporate workshops/ VA/PT assessment in respective all IT asserts such as Web, Mobile, API, IOT, SCADA, RF and Wireless technologies etc., for both MSMEs and corporate sectors plus government bodies including public institutions. Also, Briskinfosec also offers solutions like managed security solution provider /soc /red team assessment as a service, incident response, and so on. In addition to the above, to fulfill the regulatory compliances for the manufacturing /service-oriented organization and also financial sectors including healthcare industries, Briskinfosec offers services on ISO 27001 /PCI DSS /HIPPA /CCPA /EU GDPR, and much more. The Erudite Founder and Director The person leading Briskinfosec from the front is none other than Mr. Arulselvar Thomas, the Founder and Director of the company. He is a veteran in information security focused on building innovative security solutions and responsible for the technical vision. Mr. Arulselvar leads the company in all the verticals. He leads the company in technology deliverables, research initiatives, and operations. Mr. Arulselvar is also the technical head of research at National Cyber Defence Research Centre for developing and executing technology strategy and setting technology plans. Facing the Challenges Efficiently In the current scenario, especially during this unexpected COVID 19 pandemic, the last one and half years have been difficult for most of the organizations including government/ semi government/ corporate sectors. Each segment is facing tremendous challenges with internal/ external stakeholders. Our special Work from Home security audit service helped lot of our trusted partners and customers to see more value during these unrealistic situations.
Mr. Arulselvar Thomas Founder and Director
“
We aim to build a secure and resilient cyberspace for
“
our valuable customers across the geographical locations
21 | AUGUST 2021
Accordingly, the company has tasked a corporate strategy team with analyzing information about its company's objectives, challenges, and opportunities, while the enterprise strategy team seeks top-line growth through an acquisition-centric strategy or through potential joint ventures. Since the work is always challenging, the company conducted an internal discussion with its teams to understand some of the biggest challenges confronting enterprise strategy teams today, which include: a. Lack of internal resources with sound exposure on security related matters b. Meeting the deadlines / aggressive timelines, as stipulated by the customers c. Continuous learning and to keep on updating the latest technologies, mainly to blend digital tools and hybrid teams; also, the organization requires the capacity to constantly restructure enterprise assets and talent d. Mindset: The company believes that the sole strategy is about change, and driving change requires individuals and organizations to have a 'change mindset'. Making its Own Impression In order to establish itself as a unique company, Briskinfosec follows various practices, which gives it an edge over the others. These have been mentioned below:
• BINT Labs is the official R&D Research Centre of Briksinfosec. • A total of 100+ Cybersecurity Tech Blogs have been published on the website. • 150+ open-source tools and objectives have been confirmed through detailed evaluation, and full demonstrations have been posted on our official YouTube channel. • Five cybersecurity tools were created and made available for free on GitHub. • BINT Labs has Developed and published two cybersecurity frameworks: NCDRC MAST and Zero Trust Frameworks. • Every month, our monthly magazine Threatsploit Adversary reports are given to the community in order to identify large attacks with serious effects. (Edition 34) • As of now, there have been 100+ Cyber Monday Awareness Quotes published. • A total of ten Wake Up CXO awareness articles have been published. • 4 White Papers on Cybersecurity have been released. • 15 Case Studies have been published 22 | AUGUST 2021
Embracing Technological Advancements In this digital transformation era, technology plays an essential role for startup business companies like Briskinfosec. The company believes that it may be able to compete with MNC companies without anyone realizing how small/ medium/ big the company is with full security protection and controls in place. As per team Briskinfosec, technological advancements and its advantages are: • It increases the efficiency and productivity • At par with the competitor • Improve the flexibility • Enhanced the marketing strategy • Better customer service engagement • Technology keeps safe with all security built in controls are in place The Road Ahead Team Briskinfosec believes that the need for cyber security has been increasing steadily. Organizations have started focusing on protecting their information assets critically. Work-from-home inducted by the pandemic has made information assets much more vulnerable. “This is an ideal market for any company's expansion. We are no exception”, states the management. Precious Advice The company states that for the young entrepreneurs (YE), there are a lot of options available in this enterprise security solutions market, because of the huge demand in this vertical industry. Team Briskinfosec has the following advice for the entrepreneurs of tomorrow: a. YE should be open-minded, and they should enrich sound knowledge in this cyber security domain, before making up their mind and he/ she should have sound network, in the respective industry cyber space. b. They should know the market scenario and should take survey/ stock about market demand c. They should focus on trustworthy partnership d. Minimum capital funds required e. They should emphasize on good mentorship f. Need to maintain transparency with the Stakeholders g. Planning and implementation, also contingency plan required h. They should understand that good sales and marketing team are their strengths I. Identified and Technical Manpower resources
Subscribe Today Stay in touch.
Subscribe to Insightssuccess Get Insightssuccess Magazine in print, & digital on www.insightssuccess.in
www.insightssuccess.in
Cheque should be drawn in favour of : INSIGHTS SUCCESS MEDIA AND TECH PVT. LTD.
CORPORATE OFFICE Insights Success Media and Technology Pvt. Ltd. Off No. 22 & 510, Rainbow Plaza, Shivar Chowk, Pimple Saudagar, Pune, Maharashtra 411017. Phone - India: 020- 7410079881/ 82/ 83/ 84/ 85 USA: 302-319-9947 Email: info@insightssuccess.in For Subscription : www.insightssuccess.in
The essence of
Enterprise Security
Solutions
in Business I
n today’s world, advancement in technology is transforming the lives of people as well as businesses. The entire world is going digital, and the pandemic has accelerated this journey. In this journey of digitalisation, data is the key to reaching the goal. Businesses use their customer’s data to provide them with the best services. When any customer deals with a company, they trust the company and give them access to their information, like bank details, mobile numbers, addresses, other contact details, and a lot more. So, it is important for a business to respect the privacy of their clients and secure their sensitive information. The companies also have to take care of their employees’ and the organisation’s data.
Securing the organisation from cyberattacks has become challenging but a crucial task for any business. All the companies follow a different procedure for securing the data. Majorly, large organisations have a set of procedures and policies for protecting the organisation from cyber threats. They implement different strategies in order to secure the company’s assets. 26 | AUGUST 2021
Enterprise Security Insights
27 | AUGUST 2021
Most of the time, the cyber attackers target small organisations as they think there will be a less secure environment. They also assume that large organisations know how to deal with cyberattacks. According to Verizon’s Data Breach Investigations Report in 2019, 43% of victims of cyberattacks were small businesses. The reason is that small businesses do not have the same level of resources and security as large organisations. But protecting the organisation is crucial for any organisation in order to avoid financial crisis and build trust among the customers. Following proper steps to prevent the organisation from cyberattacks is essential. Below we have mentioned a few steps to help you safeguard your organisation from cybercrimes. Define the Boundaries In previous times when cloud technology was not introduced, an organisation’s boundaries consisted of computing assets of the organisation and colocation of the data centres. After adopting cloud technology, the boundaries are no longer defined by the geographic location, but these boundaries must be extended to include cloud services in the enterprise. The enterprises have the information stored at their corporate location and should leverage the AWS or Azure technology in order to secure and store the information. The controls to such technologies should be implemented properly and included within the enterprise’s boundary. Define your Software Environment Defining the software environment goes with defining the boundaries and identifying hardware and virtual devices. In this step, consider all the software running within your organisation’s boundaries. The software should be sorted according to the organisation’s requirement. For example, various software will be running within your boundaries unnecessarily. A software inventory tool can be used to complete this task. Once you get all the necessary software running in the organisation, update them all. Keeping all the software updated in the organisation reduces the risk of cyberattacks. The software required should be co-related with the hardware requirement. Once co-related, only allow the necessary software to run within the organisation’s boundary.
28 | AUGUST 2021
Harden the Assets with the Boundaries Once all the required software is gathered, it is time to harden the operating system and applications within the organisation. This effort narrows down the requirement. It focuses on the software running on every laptop, server, or workstation within the organisation’s boundary. Many strict guides are available for hardening the operating system, databases, applications, and network devices. Not every parameter mentioned in the hardening guide should be considered, as many of them negatively impact the system. You need to identify these parameters. Once the required hardening parameters are identified and implemented, a configuration baseline is created for your organisation. The approved configuration baseline must configure all the approved software. The software should be aligned with approved configuration baseline in order to work correctly. Implement Vulnerability Management Program Software is commonplace to find vulnerabilities as no software is perfect. But how your organisation deals with these vulnerabilities is important. The vulnerability management programs help to reduce the time between identifying vulnerabilities and implementing solutions to correct them. Make sure to scan and test every patch of the software. Once every patch is tested, deploy it for production. Review the use of Administrative Access across the Enterprise The final step in implementing enterprise security solutions is to review the use of administrative access across the entire organisation. The attacker’s goal is to attack the organisation, which gives administrative access to many employees. So, make sure to provide the access to software and applications to only those employees who need it for their job. Ensure that the employees with administrative access use their administrative account while performing tasks; otherwise an account without administrative access should be used. By following these steps, you can prevent your organisation’s security. Maintaining a security program is an essential thing for organisations. Remember to work in phases and include every step mentioned above in your security program.
30 | AUGUST 2021
Rex Aantonny Founder and CEO
“
Being Aware is Being Prepared
“
31 | AUGUST 2021