Services C2C Innovations Pvt. Ltd.
Strategy, Governance, Risk and CompliancesC2C works with enterprise, regulatory bodies and government in strategizing cyber security program and transformation. Helps in building cyber security frameworks, rejig policies, frameworks and compliances. C2C possess a strong team that helps in laying down frameworks such as ISMS, COBIT and compliances such as ISO 27001, PCI/DSS, HIPAA and others. C2C has an extensive understanding of cyber security architecture of large enterprises, supply chain management and the government sector and helps in change management. C2C works to build a robust security layer for the various e-Governance initiatives and helps protect the digital initiatives of the country.
IOT SecurityAccording to a recent survey 70% of the most commonly used IoT devices contain vulnerabilities. Say by 2020, billions of devices are coming together to throw open obviously trillions of threat vectors and would remain as a continued challenge for the IOT manufactures be it in the connected cars, smart city, smart life OR industrial sectors.
While the IoT is entering daily life more and more, security risks pertaining to IoT are growing and are changing rapidly. In today’s world of “always on” technology and not enough security awareness on the part of users, cyber attacks are no longer a matter of “if” but “when.” Threat actors are breeding new techniques for getting through the security of established organizations, accessing everything from IP to individual customer information to cause damage, disrupt sensitive data and steal intellectual property. State sponsored attacks are more sophisticated and harder to defeat. With this on-going effort, it’s harder to predict and prevent newer form of attacks given the threat landscape length and breadth is alarmingly increasing. Effective cyber security is increasingly complex to deliver. The traditional organizational perimeter is eroding and existing security defenses are coming under increasing pressure. Point solutions, in particular antivirus software, IDS, IPS, patching and encryption, remain a key control for combatting today’s known attacks; however, they become less effective over time as hackers find new ways to circumvent controls.
Cyber attacks have transformed the risk landscape. It’s important to remember that cyber security is a business-wide issue and not just a technology risk. Since many opportunities for IoT will arise through technological integration and collaboration, which will continue to increase in complexity that breeds risk. Traditional proven risk management models have their origins and wisdom still focused in a world where the organization owns and possesses most, if not all, of the data assets flowing through the systems. The increasing use of the Internet and mobile working means that the boundary of the enterprise is disappearing: and as a result, the risk landscape also becomes unbounded. With most of today’s businesses being done outside the organization’s defensive fence, it is vital for organizations to be able to communicate with their business partners — and to do this they must create “holes” in the fence. As a result, a cyber security system should also include the organization’s broader network, including clients, customers, suppliers/vendors; collaborators, business partners and even their alumni together can be termed as “business ecosystem.” A standard approach to risk management assumes that the trust boundary is already defined. What is missing in the risk-focused and techno-centric approach is everything related to the management of trust, i.e., the new functions and processes, and the new policies and structures required to expand the risk boundary. An extended ecosystem is governed and managed by various actors with individual policies and assurance requirements; and these actors sometimes have very different interests and business objectives within the collaboration. It is therefore necessary to adjust the organization’s normal risk focus to take this into consideration.
In this direction, C2C helps build cyber security testing platform for IoT manufacturers that would essentially discover both known and unknown vulnerabilities. Scope of the test includes testing the API’s, testing each of the connected sensors, devices based on the protocols each device supports.
C2C employs fuzzing as a black box testing methodology to discover OEM level vulnerabilities including buffer over flow, integer overflow, memory leaks, off-by-one error (which are difficult to discover in source code review) and also test for any hardware Trojan implants that pave way as back doors. IoT manufacturers can send Perl script testing report back to product OEM’s in the event of such unknown, zero day vulnerabilities and debug before roll out.
SCADA SecuritySupervisory Control and Data Acquisition SCADA manufacturers have a new mandate to adhere to. Each of the Industrial components including Supervisory Computers, PLC’s, HMI’s, Remote Terminal Units (RTIs) etc., require to pass Embedded Device Security Assurance testing stipulated by ISA Secure. All known and proprietary protocols on which these devices are built require testing for security vulnerabilities. Each protocol, interfaces including link layer requires to be tested for communication and functional protocols.
C2C with its immense experience in testing SCADA components, offer fuzzing-as-a-service and extend service as a “Test Bed” for all the industrial automation companies. Each of the SCADA protocols including ModBUS, EtherCAT, EtherNet/IP, DNP3 etc., are tested for unknown vulnerabilities by performing statefull fuzzing. Each of these tests are conducted by deploying ISA Secure V2 approved Fuzzers.
Enterprise SecurityDespite these defensive elements, businesses are getting compromised and business critical information are either stolen OR destroyed by the threat actors.
70% of the threats are emanating from the inside of an organization. In most cases, attackers are resident within the network and are unnoticed even for over few months. Such advanced persistent threats are posing loss of business critical data, intellectual properties and disrupting businesses. Besides, web applications have been the softest target for attackers to gain access to critical data by performing multi stage attacks.
In light of the ongoing new threat vectors, it is imperative for the businesses to perform periodic vulnerability assessment and penetration testing to combat attack vectors and be resilient from attacks.
C2C performs periodic vulnerability assessment and penetration testing for internal and external network elements and applications. C2C employs best practices in performing VAPT audits and performs as per ISO 27001, PCI/DSS, HIPAA guidelines. End point Vulnerability Assessment and Penetration testings are carried out for the entre base of end points OR sampling over 10% of the end points. C2C ensures zero false alarms and provide accurate and exploitable vulnerabilities with concise reports. Helps enterprises to go over only exploitable weaknesses and thus reducing the cycle time of fixing the vulnerabilities.
Get in Touch
with our solution architect for a webinar
+91 080 6793 5340 Fax: 080 – 6793 5301
C2C Innovations Pvt. Ltd. Regus, Level 22, World Trade Center,
Brigade Gateway Campus,
Malleswaram (W), Bengaluru - 560055
Brigade Gateway Campus,
Malleswaram (W), Bengaluru - 560055