Amvion’s Security & Cyber Assurance Services adopts a holistic comprehensive technique and methodology to prevent against Cyber Threats. The reputation was built over 3 decades of trust, expertise & delight.
CLOUD SERVICES DEVOPS

ADVANCED PERSISTENT THREAT PROTECTION

ADVANCED PERSISTENT THREAT PROTECTION 

Non-intrusive monitoring and protection from Reputation, Financial & IP loss:

  • Exhaustive scan of global phishing and spamming databases to cross-check potential compromises of customer’s domain/s
  • Sandbox application to browse customer’s site/sand check if iframe, malware, java drive by can be downloaded to infect the machines of end users of a website or an e-commerce portal
  • Automated daily scan and report generation
  • Phishing complaints reporting system
  • Anti-Viruses check for web portal infections by crawling through all known paths
  • DNS Hijack Detection via cross checking with 450 odd DNS servers from across the world
  • Similarly named websites detection using
    • Advanced heuristics algorithm (even a 5 % match generates alert)
    • Automated “Electronic Eye”, a recognition and comparison engine to scan screen shots
  • AP 24 – Uses phishing feeds on24/7 basis to detect logo spoofing; image processing engine incorporates machine learning; Use of feeds from certificate transparency logs (CTL) for comparison and monitoring of logo misuse.

  • Security Scan of Web portals
  • Protect customers/clients, employees, suppliers, distributors
  • Automated scan and report generation
  • Advanced shell detector module to identify stealth shell-codes
  • Web reputation scan is non-intrusive testing while security scan is intrusive testing

  • Identification, quantification, and prioritization of vulnerabilities
  • Security scans of external IP addresses
  • Charts for easy human interpretations
  • Delta reporting of vulnerabilities (calculates difference in vulnerability reports)
  • Scanner finds vulnerabilities for CMS system
  • False positive & Ignore list for each device/server/web portal
  • Dedicated Monitoring – partner with customer to fix vulnerabilities proactively
  • Reports vetted by security researchers and cyber defense experts who are listed on Hall of Fame of firms such as Google, Microsoft, Apple and Facebook among others
  • In built Cyber Defense Access Point (allows Cyber Defense experts to manually & securely insert access point) for cloud scanning of vulnerabilities

  • DF24 monitors key homepage(s) for defacement and instantly raises a flag upon detection of defacements
  • Separate servers for monitoring defacements and scan of key homepage(s) every 2 hours.
  • Should DF24 detect a home page modification, an instant alert is transmitted - Windows app for SOC, Android app for CISO and IT team
  • Allows companies and organizations to detect defacements and take corrective measures before others such as the media and regulators discover it.
  • DF24 uses technology of word match algorithm and source code analysis. Calculating unique signature for main pages of URL, any change beyond 20% is immediately sent for review. The mobile app runs in two modes (review/CISO mode). Reviewer gets first level alert, once defacement is confirmed, an escalation to CISO follows for immediate action.

  • Maps organization’s network from outside and points out all entry routes for hackers
  • Scans all domains and sub-domains consistently, scans IP ranges, checks all web-interfaces, tom cat servers, web-services, login screens, struts, axis2, SSL certificates and DNS zones
  • In short scans all 'Digital' and 'Physical' surfaces. This optimizes application codes, removes unwanted OS and application services, secures network at all levels.

  • Identifies customer data if posted in Dark Web.

  • Identifies if corporate email Id’s are compromised  externally.

CLOUD SECURITY AND COMPLIANCE

Current Challenges
  • Standardizing the security postures for business applications across the organization
  • Security Incident and Event management on cloud
  • Real-time and Proactive alerting and remediation of issues
  • Monitoring and enforcing compliance controls across cloud infrastructure
  • Seamless application and monitoring of security policies
  • Adhering to the industry regulations
  • Flexibility in selection of various security services and components

        With Amvion T-Ops managed cloud security and compliance services we enable security and compliance at infra, network, operating system, application and data level without need to modify the current or planned deployment models and frameworks. We continuously monitor the cloud infrastructure for drift in security and compliance controls and also alerts and/or remediates as required.

        With out of the box base templates for GDPR, HIPAA, PCI DSS, ISO 27001, NIST and other industry standards we ensure that organizations are up and running quickly.

Ours is a 4-phase approach:

We ensure Proactive security through every stage

Security Testing

  • Operating system scans
  • Vulnerability scans
  • Dependency checks
  • Web server testing
  • Static Analysis
  • Dynamic analysis

Security Policies

  • Cross-functional collaboration and buy-into confirm security considerations are integrated into the entire product development lifecycle.

Secrets Management

  • Inventory privileged accounts and access
  • Integration into existing developmnent tools
  • Visibility into the pipeline

Security Control

  • Antivirus
  • File integrity monitoring
  • Firewall configuration monitoring
  • Vulnerability scanning
  • Log monitoring

ENTERPRISE DATA PROTECTION WITH RANSOMWARE PROTECTOR V1

RPV1 is a non-signature-based system and protects Windows desktops from file-based ransomware. RPV1 is a Drive based ransomware run only with admin privilege.

How Ransomware Protector V1 Works:
  • Works on Windows desktops by monitoring the file system
  • Initiates a warning to user when any program starts working on files (rename/write, delete) – users are provided with option to mark as known process
  • On deployment, the file name, process name and port name of services are customized, RPVI is trained with at least 10 machines and a whitelist process is made. A pre trained Ransomware Protector is thus deployed on network, so users do not get confused when to press yes/no
  • If a process tries to delete or rewrite more than 5 files in 45 seconds, a notice message-box is displayed. In the event of a delayed user response to press Yes (for ransomware), the program automatically understands that the process is ransomware
  • When ransomware starts, RPV1 starts taking backup of each file encrypted by ransomware, terminates ransomware in memory, and restores the files from backup
  • RPv1 ensures that any Ransomware bypassing the Antivirus/not detected by Antivirus is “caught”

RPVI Uses Microsoft Policy and restricts folders from which executable can run. Accidentally executable programs will not run from any folder and block executable extensions running from unauthorized locations.

Download Security Brochure