Вы находитесь на странице: 1из 24

Aujas Overview

Copyright Aujas Information Risk Services

Aujas Overview

400+
Customers

served across North


America, Middle
East & APAC

We manage information security risks


by protecting data, software, people
and identities. We also help
strengthen security governance and
intelligence frameworks.

380+
Professionals

globally with more


than 290 specialists
Investors:
IDG Ventures
IvyCap Ventures
RVCF

47%

24%

29%
APAC

Middle East

North America
2

Copyright Aujas Information Risk Services

Aujas Portfolio

Platform as a service (PaaS)


Co-managed security
Vulnerability intelligence
Vendor Risk management
Data protection

Services

Risk Advisory
Identity & Access
Management
Threat Management
Security Intelligence
& Operations
Digital Security

Services

Platform

SAVP
(Security analytics &
Visualization platform)

Copyright Aujas Information Risk Services

Risk Advisory
We help design, deploy and manage security programs, including: integrated IT GRC frameworks,
automation of GRC frameworks using RSA Archer, managing vendor risks, protecting data, achieve and
maintain compliance with legal, regulatory requirements such as PCI DSS, ISO27001, ISO22301, NIST 800-53,
SOX, HIPAA, etc

350+
Customer Locations
certified for ISO27001,
PCI DSS & ISO22301

Strategy & Planning


GRC Framework & Strategy
Archer Consulting
Advanced Data Protection
Framework Design
Enterprise Security Strategy
Review

450+
Third Party Vendor
Risk assessments
conducted annually

Solution Implementation
Third Party Vendor Risk
Management
Security Program
Implementation
Archer Integration
Data Protection Technology
Integration
Data leakage Risk Assessment
(Foresight, Symantec,
Guardium, Seclore)

20+
RSA Archer
Implementations
completed

Enhancements & Sustenance


Virtual Security Office
Archer Sustenance &
Enhancements
Data Protection
Technology Sustenance &
Enhancements

Our Strengths
RSA Archer Center of
Excellence
Coverage across US,
MEA, India
Experienced, skilled
and certified
practitioners
Hybrid Delivery Model
Thought Leadership in
Risk Management
Automation and Data
Protection
Partnerships with RSA,
IBM, Forcepoint and
others.
4

Copyright Aujas Information Risk Services

Holistic Data Protection Program for One of the Worlds Largest


Banks

Maturity model
assessment,
Governance
framework with a 3year roadmap

Copyright Aujas Information Risk Services

Data protection
program, Data
classification policy
with guidelines.

Data security
architecture, data
flow analysis &
leakage risk
assessment.

Comprehensive Security Incident Management Framework for a


Large Oil & Gas Company

Assessment of existing
IS-IM capabilities.
Program to address
people, process &
technology

Copyright Aujas Information Risk Services

A threat and control


matrix taking into
account the business
and operational
environment

Enhance existing
technology
capabilities.
Response strategies
for key threats.

Identity & Access Management


We help mitigate access risk, enhance user convenience, reduce cost and automate application integration
within the enterprise and the cloud realms.

600+

1M+
User identities and
accesses successfully
integrated

Strategy & Planning

Custom enhancements
developed to integrate
applications

Solution Implementation

Enhancements &
Sustenance

IAM Governance Framework

Access Governance Services

Audits and Benchmarking

IAM Readiness and


Roadmap

Ubiquitous Identity

Incident Resolution

Digital Identity Management

Enhancements and
Optimizations

IAM Technology and Product


Selection
IAM Architecture Design

Access Management and SSO


Privileged Identity (RSA, IBM ,
CA, MS)

Our Strengths
Coverage across US,
MEA, India
Experienced, skilled
and certified
practitioners
Hybrid Delivery Model
Thought Leadership in
Access Governance
Partnerships with RSA,
IBM, ObserveIT and
others

IAM Operations And


Evolution

Copyright Aujas Information Risk Services

Mitigating Access Risk & Increasing Operational Efficiency for a


Leading BPO

Turn-around-time of 1
hour against 40 hours
earlier for access
provisioning & deprovisioning.

Copyright Aujas Information Risk Services

Automated access
for 30,000+ users,
5,000+ project
groups, 25+
applications.

Reduced Help Desk


calls by 80%.

Unified Single Sign-On for a Global Conglomerate with 62+ Group


Companies

ID Federation to cloud
centric applications..

Copyright Aujas Information Risk Services

Reverse proxy based


multi protocol SSO
for internal onpremise
applications.

A common portal for


unified SSO

Threat Management Services


We help design, develop and manage Threat Management programs, including: managing threats through
our Vulnerability Management Lifecycle Framework, advising on open source security risks using Open Source
Compliance Platform, evaluating people behavior risk using Phishnix.

25M+
Lines of Code
reviewed

Strategy & Planning


VMS Framework & Strategy
Application Security Advisory
Cloud security strategy
Enterprise mobility strategy

50+

5000+
Applications
secured

Solution Implementation
Advanced Security Testing
Services
Technology Implementations
Software Composition Analysis
(Open Source Compliance)

Bug Bounty Programs


participated

Enhancements &
Sustenance
VMS Program
Management

Our Strengths
Coverage across US,
MEA, India
Experienced, skilled
and certified
practitioners
Hybrid Delivery Model
Thought Leadership in
Social Engineering
Partnership with
Palamida.

Cloud security sustenance


Application Security
Program Management

10

Copyright Aujas Information Risk Services

Mitigating Information Security Risk for a Top Regional Banking


Leader

Top-down approach
for technology & risk
assessments.

Copyright Aujas Information Risk Services

65+ applications &


1000+ assets
secured.

Compliance
achieved for PCIDSS, ISO 27001 &
local regulatory
requirements.

On-Demand Security Assessment for a Leading General Insurance


Company

Scalable. Flexible.
Pay-as-you-Go,
Plan-as-you-Need
security assessment
model

Copyright Aujas Information Risk Services

Secured 50+
applications

Trusted partner in
managing end-toend program for
Application Security

Security Intelligence & Operations


We help design and deploy security intelligence solutions in addition to helping clients in optimizing and
enhancing existing deployments.

1Billion+
Events analyzed
managing very large
SIEM/SA installations

Strategy & Planning


SOC Strategy and Planning
SOC Framework and
Consulting
SOC Architecture Design

350+

700+

Custom Parsers to
integrate niche log
sources

Use cases for security


monitoring scenarios.

Solution Implementation
SIEM Implementation and
Integration (IBM Qradar, RSA
SA)
SIEM optimization, Advance
Correlation Rules and Use
Cases Configuration
Analytics and Reporting
Custom Parser Development

Enhancements &
Sustenance
Co-Managed SOC
Services
SOC Skill Augmentation
SOC Maturity Assessment
and Audits

Our Strengths
Coverage across US,
MEA, India
Experienced, skilled
and certified
practitioners
Hybrid Delivery Model
Thought Leadership in
Security Analytics,
Intelligence, SIEM
Optimization, Etc.
Partnerships with RSA,
IBM, and others.

13

Copyright Aujas Information Risk Services

Detect and Prevent Fraud for Worlds No.3 Telecom


Company

200 types of perimeter


log sources. 75
advanced correlation
rules. 120 alerts. 150
core network device
types with proprietary
log format.

Copyright Aujas Information Risk Services

Correlate and
Analyze 1Billion+
events per day
across network
elements to detect
unknown attack
patterns.

Closely worked with


network equipment
manufacturers to
quickly build over
100 parsers.

Digital Security
We help provide solutions to manage identities of people, business and things. We can also help with
development of software controls & secure APIs, in addition to helping with security testing, validation &
vulnerability remediation.

40M+
Mobile Banking Users
secured

Strategy & Planning


Digital Security Strategy and
Planning
Security Architecture Design
IoT Platform Consulting
API Management Platform
Consulting
IoT on Cloud Strategy

450K
Connected Devices
secured for payment

Solution Implementation
Software & API Control
Implementation
Mobile & Internet of Things
Controls
IoT on Cloud Controls
Identity Management of
Businesses, People and Things
Security Validation &
Remediation
Compliance assurance

2500+
Merchants & Aggregators
secure integrated

Enhancements &
Sustenance
Managed Digital Security
Services

Our Strengths
Coverage across US,
MEA, India
Experienced, skilled
and certified
practitioners
Hybrid Delivery Model
Thought Leadership in
IoT Security

15

Copyright Aujas Information Risk Services

Mobile Banking Made Safe for a Large Private National Bank

Integrated approach people, data and


technology. Secured
data both in transit
and at rest. Protected
application code.

Copyright Aujas Information Risk Services

Ensured the bank was


not relying on end
users device for
security and it was
independent of
security features on
any specific device.

Engaged all
stakeholders - 3rd
party vendors,
developers and
everyone in the area
of mobile banking
and other services.

Award Winning Mobile Security for


Global Leader in Payment Solutions

Assessments/ reviews
at different phases in
SDLC in order to
minimize security
impact at later stages.

Copyright Aujas Information Risk Services

Design and secure


code reviews for the
entire application
suite. Improved
clients existing PKI.

Centralized security
features for all
surfaces (Mobile App
,API, Web-Service,
Web App) connecting
to external entities.

Capability Demonstration of Our Comprehensive Services


Aujas secures a 1,000,000,000 (billion) identities
Eco system that delivers
800 Million
Citizen
enrollments
in first 4 years

100 Trillion
Matches run
to identify
duplicates
10 PB
Of citizen data
stored in RDBMS
& Hadoop
HDFS
100 Million
Citizen
authentication
processed daily

Dedicated CISO Office

Governance

CISO supported by a team


of ISO, policies, risks, standards,
vendor management and
GRC automation

Reactive Proactive

Security Analytics

Fraud Management

Advanced threat detection,


security intelligence

Fraud modeling, detection


and forensics

Data Protection

Identity & Access

Data privacy, rights,


encryption, classification,
masking, tokenization

Security Incident Response

Security incident detection,


response and management

Security Operations

Security exception requests,


change management

Virtualization Security

Instance security, privilege ID


administration, production
release

Management of employee,
contractor & privilege
identities & role based access

Risk & Compliance

Internal Audits, 3rd party


assessments, risk &
compliance management

Threat Management

VA/PT, code review and


vulnerability management

Secure Application

Defense grade storage &


transport encryption,
biometric API & Secure SDLC

Comprehensive multi-disciplinary security solutions provider


18

Copyright Aujas Information Risk Services

SAVP
(Security analytics & visualization platform)
19

Copyright Aujas Information Risk Services

Platform for advanced security analytics, that can be


customized for your specific use-cases.

Custom Built
(org-specific. diverse data.
high volume)

Closeness to
addressing
enterprises
challenges

UEBA
(user anomalies. data-intensive)

State of Security Analytics


1. It is at the peak of inflated
expectations.
2. Problems solved, methods
applied & right data sources are
more important.
3. You will need custom-built
solutions to solve organizationspecific problems.

SIEM
(near real-time correlations)

Log Management
(collect log data)
20

Copyright Aujas Information Risk Services

Security Analytics Capability - Options

Benefits

Buy

Build

Partner

Solves at least some problems


immediately
Solves select problems automatically

Modules for
Use-Cases

Development capability to solve future


problems
Focus resources on organization-specific
problems

Customizable
Platform

Development of customized capability


Leverages vendor/partner expertise

Expert
Services

Platform as a Service
21

Copyright Aujas Information Risk Services

Security Analytics & Visualization Platform (SAVP)


Customizable Analytics & Visualizations beyond SIEM/Analytics, helping
security leaders see through the reporting fog and focus on what is
critical.
Modules & widget examples

Administrators

Executives

IT

Clients

Security

Verification

Workflow

Security

Integrity
Verification

Presentation/Widgets

Transformation

Control
Frame Work

CSV, XML, XLS, PDF, ODBC, Syslog

.
AV

FW/IPS

VMS

Vulnerability Management
Business / region stats
Top 10 vulnerable
assets
EOL / vulnerability ratios
Remediation
performance

Product Security
Vuln to patch TOT
Product sec trends
Vuln source analytics
External threat impacts

Data Protection
Data exposure trends
Business / regional stats
Client SLA impacts
Consequence mgmt
trends

Compliance
Evidence mgmt
Audit support tools
Compliance trends
TPA analytics

Security Operations
User analytics
Alerting across controls
Contextual sev
reporting
Attack pattern alerts
Service level reporting

CMDB

Parser

SIEM

Customer Assurance
Service level trends
Top 10 client status
Regional compliance
stats
Major NC status

Vendor Controls

22

Copyright Aujas Information Risk Services

SAVP deployed use cases


Financial software /
cloud service provider

Client
Assurance

Product
Security

Provides virtualized
contextual visualizations for
external and internal
stakeholders. Analytics
based on expected
normal behavior which is
defined per client.
Visualizations customized as
per viewing roles and
themes.

Vulnerability
Remediation

Fortune 5 Enterprise

Major Asian Bank

SAVP supports its global


vulnerability assessment &
remediation program
across regions and
technologies. The program
covers both IT & production
assets.

Uses SAVP for audit support,


performance analytics &
evidence management for
its vendor risk program
covering 250+ vendors

Third Party
Assurance

Fortune 20 Tech major

SAVP for IBM QRadar

Telecom Major - ME

Analytics, reporting &


workflow management for
the companys products.
Provides contextual security
information to its product
engineering teams and
external stakeholders.

Enhances customer
experience of IBM QRadar
SIEM by enabling clients to
add business context and
customizable reporting
capability.

SAVP enables analytics &


advance reporting for the
companies data protection
program. Platform
customized to support data
flow assessments.

Product
Enhancement

Data
Protection

23

Copyright Aujas Information Risk Services

www.aujas.com
www.savpbyaujas.com

24

Copyright Aujas Information Risk Services

Оценить