CYBER SECURITY
Boost innovation and security while managing risk
Practice Leader
- Ramkumar Balasubramanian
- ramkumar@spcnc.com
A Cloud Security Expert with over 30 years of experience in IT and a remarkable portfolio of 26 patents across Infrastructure, AI/ML, and Automation. As a Wipro Fellow and an Independent Consultant for Fortune 15 companies, he has garnered international recognition for his contributions to Automation. His cost rationalization initiatives have delivered significant value to enterprises such as Citi Bank, Credit Suisse, and UBS. A dedicated innovator, Ram continues to drive excellence and transformation in the technology space.
Case Studies
Companies are highly dependent on Information Technology Infrastructure and need to build a fine balance between implementing advanced IT solutions and mitigating the cyber risks at all levels to manage those risks. Our insights and experience gained through continuous involvements IT governance projects and IT certification and attestation services enable us to assist you in project management of major IT changes, as we have seen that it is often of utmost importance to find and implement solutions for issues encountered in daily operations, especially concerning cybersecurity and data protection.
Cloud Audit-Our Approach
Approach Phases
Assess
Gathering architectural and design documents.
Analyzing the current cloud deployment and configurations
Documenting current procedures and practices
Identifying any gaps in documentation and alignment
Reviewing security policies and compliance measures
DESIGN AND CONSTRUCT
Analyzing cloud architecture and network configurations.
Performing GAP Analysis and suggesting solutions.
Recommending architectural improvements and optimization strategies.
Assessing disaster recovery strategies and business continuity plans.
Proposing the right architecture and improvements
EXECUTE AND REPORT
Developing a detailed action plan for audit recommendations.
Ensuring implementation of CAPA & Develop report.
Setting up a schedule for regular review and updates.
Building processes for incident change and Problem Management.
IT Audit - Our Approach
Approach Phases
Assess
Decide on sampling methodology
DESIGN AND CONSTRUCT
Review policies for test of design
Develop initial data request
Conduct walkthrough
EXECUTE AND REPORT
Conduct detailed testing of controls related to ITGC
Execute scripts and perform script output review
Review the deployment architecture through discussions
Review access control to test and development environment
Develop report
Soc
Our Experience in SOC
OUR EXPERIENCE IN VARIOUS TYPES OF AUDIT
LIST OF SECTORS AUDITED BY US
- Automobile
- Logistics
- Consultancy
- Healthcare
-
IT Industry (Automation, Software
Development and many more)
OFFSHORE APPROACH
We provide assistance in End-to-end SOX lifecycle / IT audit service / VAPT
TOOLS SPNX TEAM IS FAMILIAR WITH
Brief Description
Cloud based workflow management Solution. Helps CPA firms in document
exchange and request list management
Used By SPC for
PBC request list management
Brief Description
DaaS/VPN tool used for providing secured remote access to team members.
Used By SPC for
Remote Access
Brief Description
Used to manage, organize and prepare supporting documentation and financial
reports in paperless binder
Used By SPC for
SOC Audit/ SOX Audit management
Brief Description
A leading cloud-based platform used for performing audit, risk, ESG and Compliance
management
Used By SPC for
SOX Audit
Brief Description
A leading cloud-based platform used for performing audit, risk, ESG and Compliance
management
Used By SPC for
SOX Audit
Brief Description
Provides end to end workflow environment.
Used By SPC for
Under training
USE CASE
SOC Compliance Enhancement
For an enterprise client, SPCNXT leveraged Gen-AI, specifically Meta AI’s LLama2 and LLama3,to significantly improve the SOC compliance process. By utilizing the input documents provided
by the enterprise, SPCNXT’s AI-powered solution was able to assess the level of compliance
more comprehensively and efficiently compared to the traditional sampling method. This usecase demonstrates SPCNXT’s ability to streamline compliance processes and ensure higher
accuracy in meeting regulatory requirements.
OUR BUSINESS DIFFERENTIATORS
Tools & Accelerators
Speed to Delivery & Simplifications
- Security Maturity Assessment services
- Third-Party Risk Management (TPRM) & GRC Performance Management Service
- PCI Advisory & Implementation services powered by the Control case platform
COE & CERTIFICATIONS
GRC CoE & Certifications
- Security Maturity Assessment services
- Third Party Risk Management (TPRM)
- Governance, Risk and Compliance(GRC)
- Security Awareness and Training &Certification resources
delivery model
Advisory to Implementation Partner
- Flexible global delivery approach
- Factory model across our deployment and consultin
integrated approach
Reusable Accelerators for Better Success
- Industry-leading framework standards and templates
- Framework with templates to assess and embark on a 3- 5 years of maturity journey
- Productized solution for reduced implementation time, Real Time visibility, Continues compliance
- Automated Maturity scoring, Correlation and analysis, Reports & Dashboard
strong partnership
Close Solution Partner Network
- Best of the Breed and strong partnership
- Seamless Integration
VULNERABILITY ASSESSMENT & PENATRATION TESTING
PENETRATION TESTING SERVICES APPROACH
This methodology covers everything related to a penetration test. Right from the initial communication, information gathering it also covers threat modeling phases to get a better understanding of the target through vulnerability research, exploitation and post exploitation.
1.
Define Scope
Discussion on In Scoped and Out Scoped Parameters
2.
Enumeration /Recon
Passive & Active Information Gathering
3.
Assessment Scanning
Identification & Validation of Vulnerabilities
4.
Exploitation
Exploit the True Vulnerability to gain unauthorized access
5.
Post Exploitation
Escalate the Privilege level and Extract the sensitive data
6.
Reporting
Report all the Findings with Remediation to fi the identified
tools used for va&pt
ACUNETIX
Acunetix Vulnerability Management. Acunetix is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.
NESSUS
Nessus is an open-source network vulnerability scanner that uses the Common Vulnerabilities and Exposures architecture for easy cross-linking between compliant security tools. It employs the Nessus Attack Scripting Language (NASL),
BURP SUITE
Burp Suite is a Java based Web Penetration Testing framework. It has become an industry standard suite of tools used by information security professionals to identify vulnerabilities and verify attack vectors for web- based applications.
NETSPARKER
Netsparker is an automated web application security scanner. Netsparker helps identify security flaws such as SQL Injection, Cross-site scripting, OS Injection and other vulnerabilities.
NMAP
The structured data is then used in reporting tools like Power BI and Praxis-Pro, which help visualize and analyze the information. It enables companies to make informed decisions based on clear, concise data reports.
MDR (SIEM) AS A SERVICE
OUR SOLUTION PROPOSES A 3-STEP APPROACH TO BUILD A MATURE SOC – ESTABLISH A RESILIENT FOUNDATION, MODERNIZE THE CORE AND CO-INNOVATE
Managed Security Operations
- 1.Resilient Foundation
- 24*7 Monitoring. Incident response, triage, remediation
- Use-Case engineering
- Improve Incident Response readiness with Name..I's IR runbook library
- Monitor & Improve the SIEM log source coverage
- 2.Modernized Core
- Annual SOC Maturity Assessment,
- Adopt Name..'s use case and playbook libraries for accelerated content engineering
- Contextualized Threat Intelligence
- Proactive MITRE ATT&CK framework- based Threat Hunting
- SOAR Single pane of glass for SOC Ops
- Automation of incident response and remediation
- Automated threat intel dissemination
Forward Engineering and Future Proofing
Enhancing NIST
Maturity Score
Future-readiness
- 3.Digital Converged SOC
- Adversary Emulation & Incident Response through Continuous Red & Blue Teaming (BAS as a Service)
- Purpose-built innovation program for building an "idea to business case" pipeline
- Third Party Risk Management
- Cyber Awareness & Cyber Risk Management
B. WE HAVE THOUGHT THROUGH THE KEY ELEMENTS WHICH WILL COME TOGETHER TO CREATE A ROBUST, PROACTIVE AND PRESCRIPTIVE CYBER SOC OPERATIONS
24x7 Operations Support
- 24*7 Security Monitoring, Response, Triage, and Threat Prevention Platform Support
- Identify log sources to be integrated with the SIEM tool for centralized monitoring
- Incident Response Framework
Log source onboarding and Use Case engineering
- Identify log sources to be integrated with the SIEM tool for centralized monitoring
- Leverage Name.'s methodical approach for seamless onboarding of log sources
- Leverage Ready to deploy Name. i 's library of 20,000 use cases mapped to MITRE ATT&CK framework
- Playbook engineering leveraging Name.'s library of 200+ engineering playbooks
Threat Intel and Hunting
- Adopt MITRE ATT&CK framework to improve threat detection
- Continuous Rule Engineering to enhance threat detection based on Threat Hunting
Automation
- To create a single pane of glass view of SOC Operations
- Playbook Engineering for automating key use-cases
- Threat Intel dissemination to Security tools
E. 24X7 SOC MONITORING AND MANAGEMENT WITH PURPOSE- BUILT DEDICATED SOC
- Ramkumar Balasubramanian
- ramkumar@spcnc.com
A Cloud Security Expert with over 30 years of experience in IT and a remarkable portfolio of 26 patents across Infrastructure, AI/ML, and Automation. As a Wipro Fellow and an Independent Consultant for Fortune 15 companies, he has garnered international recognition for his contributions to Automation. His cost rationalization initiatives have delivered significant value to enterprises such as Citi Bank, Credit Suisse, and UBS. A dedicated innovator, Ram continues to drive excellence and transformation in the technology space.
- Ramkumar Balasubramanian
- ramkumar@spcnc.com
A Cloud Security Expert with over 30 years of experience in IT and a remarkable portfolio of 26 patents across Infrastructure, AI/ML, and Automation. As a Wipro Fellow and an Independent Consultant for Fortune 15 companies, he has garnered international recognition for his contributions to Automation. His cost rationalization initiatives have delivered significant value to enterprises such as Citi Bank, Credit Suisse, and UBS. A dedicated innovator, Ram continues to drive excellence and transformation in the technology space.