Security Risk Management Services: Protect Against Existing and New Risks

Our comprehensive Vulnerability Assessment services identify vulnerabilities, including Vulnerability Assessment and Penetration Testing for Web applications, Infrastructure, REST API and Mobile App using manual and automated testing, and Black box / White box testing. Xoriant experts will remediate and pro-actively prevent security events and data breaches.

Scope:

• Information gathering and discovery
• Application and infrastructure assessment
• White and Black Box Testing: Methodology: OSSTMM, ISSAF, NIST and OWASP
• Tool-based automated (Nessus, Burp Suite, OpenVAS) as well as manual penetration testing
• Documentation and demonstration of likely attack vectors into networks and systems included in the scope
• Quantification of the impact of successful attack through active exploitation
• The Common Vulnerability Scoring System (CVSS V3) standard is used for assessing the severity of computer system security vulnerabilities
• Risk calculations using the DREAD framework
• Detailed recommendations/resolutions for all findings
• Consulting and support for fixing vulnerabilities (Independent SOW-based on recommendations report)

To ensure you’re maximizing your Azure investment, Xoriant will assess policies, processes, procedures, technology and architectures, and define a roadmap for protecting and updating your Azure environment, including modern technologies such as AKS. Our review will help ensure compliance with Microsoft’s Azure recommended security best practices, identify non-compliance risks, and recommend mitigations.

Scope:

• Azure security policy
• Compute, storage and network
• Identity and access management
• SQL services and databases
• Operations and miscellaneous
• Reporting with recommendations
• Remediation and support services - (independent SOW)

Security becomes more challenging as organizations adopt multiple/hybrid cloud models. To reduce your exposure, we will assess your policies, processes, procedures, technology and architectures, and create a roadmap for securing your multi-cloud, hybrid, and private-cloud environments. Our experts determine compliance with recommended security best practices, identify non-compliance risks, and recommend mitigations.

Scope:

• Security policy
• Compute, storage and network
• Identity and Access Management
• Databases (RDBMS (OLTP and OLAP, Hash tables, NoSQL and Data lakes))
• Build and Release
• Operations
• Reporting with recommendation
• Remediation and support services - (Independent SOW)

With the massive increase in remote workers today, social engineering has a wider target field. Xoriant will create awareness of social engineering throughout your company, identify individual awareness and risks, and build protections against vulnerabilities.

The ISO 27001 standard mandates end-users to undergo Security Awareness training, however, there is no mechanism to assess its effectiveness. We create simulated phishing attacks that analyze user behavior/response and assess security awareness, which allows us to customize an awareness program for your users.

Scope:

• Deploy and configure a phishing framework
• Identify target users for simulated phishing attacks
• Schedule real-world phishing attacks on identified users
• Run simulated phishing attack campaigns across the organization
• Monitor user actions and responses
• Generate reports and analyze user behavior   
• Validate the effectiveness of existing security training and recommend additional training
• Provide a real-time dashboard and extensive reporting