Monday, October 16, 2017

Some examples of Cyber Security Firms and what they do



This article is a part of my series 'Security is our duty and we shall deliver it'

Following are some examples of Cyber Security Firms and what they do:


IBM Security: Services include- security intelligence and analytics; identity and access management; application security; advanced fraud protection; data security and privacy; and infrastructure protection.


Symantec Software: World's largest security product vendor, largest antivirus (Norton) and a variety of backup and asset management systems manufacturer


Cisco - Products range from advanced malware protection; next generation firewalls; security management; cloud security; next generation prevention systems; VPN security clients; email security; policy and access; web security; network visibility and enforcement; and router security, to name a few.


BAE Systems - It operates through five segments: the electronic systems; the cyber and intelligence systems; intelligence and security systems; applied intelligence; and the platforms and services.


McAfee - One of the biggest antivirus and anti-malware provider in the world.


Palo Alto Networks - It works on Next-Generation Firewall, Advanced Endpoint Protection and Threat Intelligence Cloud. The company’s Next Generation Security Platform was built for breach prevention with threat information shared across a range of security functions that can operate over mobile networks.


Apart from these, there are hundreds of companies around the globe that manufacture security products or provide their services. We have relations with some of the companies fast emerging in these arena and some having good clientele and reputation in terms of Software security implementations. We are close to building one own Software Security product.



You can read and download the article from:
https://www.slideshare.net/toughjamy/security-is-our-duty-and-we-shall-deliver-it-white-paper

Read on LinkedIn:
https://www.linkedin.com/pulse/security-our-duty-we-shall-deliver-mohd-anwar-jamal-faiz/

Threat hunting, mitigation and Vulnerability Management




This article is a part of my series 'Security is our duty and we shall deliver it'

Threat hunting is a very deep and strong method to deal with security issues in markets and solutions that need stringent regulations, policies and have risks involved. It is the process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions. According to SANS institute, the threat hunters are actively searching for threats to prevent or minimize damage. The formal process of threat hunting should not be confused with an attempt to prevent adversaries from breaching the environment or for defenders to eliminate vulnerabilities in the network. 


We employ SIEM tools typically only provide indicators at relatively low semantic levels. There is therefore a need to develop SIEM tools that can provide threat indicators at higher semantic levels. As the industry itself is developing around it, we also have our feets wet in the process. We have our Chief Security consultant actively involved in all the three methods viz. Analytics-Driven, situational-Awareness Driven and Intelligence-Driven. As an accompalished engineer he is a master of monkey and fuzzy tests as well.


For bug logging and defect tracking we use home grown technologies as well as Atlassian tools like Jira. For the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities, i.e Vulnerability management we have adept leaders to lead and guide teams in teams in using vulnerability scanners. We have successfully employed Coverity and various checkstyles and PMD level rules. 


We have a set of our own scripts and systems to analyze and investigate for known vulnerabilities such as open ports, insecure software configurations, and susceptibility to malware infections. Like stated above, we have masters of fuzzer techniques who can work with us 24x7. Unknown vulnerabilities, such as a zero-day, and complex threats are all under our hand. We have consultants worked with a variety of antivirus software and heuristic analysis mechanisms. You remember we said, we have smartest of security consultants!


You can read and download the article from:
https://www.slideshare.net/toughjamy/security-is-our-duty-and-we-shall-deliver-it-white-paper

Read on LinkedIn:
https://www.linkedin.com/pulse/security-our-duty-we-shall-deliver-mohd-anwar-jamal-faiz/

Security is our duty and we shall deliver it! - A White Paper For Software Security Organizations

Recently, I wrote a White paper. It is titled as - 'Security is our duty and we shall deliver it!'


This paper could be best described in following words-

Quality Management, Information Security, Threat Hunting and Mitigation Plans for a Software Company or a Technology Start-up engaged in building, deploying or consulting in Software and Internet Applications.


The chief sections of the document would be:

  1. Introduction to Enterprise Risk & Cyber Security
  2. The technologies we employ in
  3. Types of Software testing
  4. Some examples of Cyber Security Firms and what they do
  5. How we achieve a secure product
  6. InfoSec and Managed Security Service Provider
  7. Training and development
  8. Safeguarding against Phishing and Multi-Factor Authentication
  9. Threat hunting, mitigation and Vulnerability Management
  10. The denouement


You can read and download the article from:
https://www.slideshare.net/toughjamy/security-is-our-duty-and-we-shall-deliver-it-white-paper

Read on LinkedIn:
https://www.linkedin.com/pulse/security-our-duty-we-shall-deliver-mohd-anwar-jamal-faiz/



Following blog posts are must read for any Software Quality and Security Professional or an organization working in this field:

http://www.w3lc.com/2010/05/veracode-as-new-whitebox-testing-tool.html

http://www.w3lc.com/2012/02/analysis-of-valgrind-still-reachable.html

http://www.w3lc.com/2011/07/stress-testing-what-how-when.html

http://www.w3lc.com/2011/02/types-of-software-testing.html

http://www.w3lc.com/2010/10/dos-and-ddos-clarification-on-hacking.html

http://www.w3lc.com/2010/05/baseline-and-traceability-matrix.html

Cheers my readers.
You are my reason to be motivated.

- M. Anwar Jamal Faiz