Cloud Computing

iViz Security looks to redefine ethical hacking with cloud-based model

by Srikanth RP, InformationWeek, October 10, 2011

An Indian company has quietly sprung on the global map with a string of more than 150 customers who are using its cloud-based penetration testing service

Unlike traditional penetration testing or ethical hacking, which is driven by security consultants such as PwC or a KPMG or any known security firm, iViz Security claims to be the industry’s first cloud-based penetration testing company. The cloud-based model is working well for iViz as it has signed up more than 150 customers and 20 global partners. The customers who are using its services include some big names in sectors such as the banking and financial sector, telecom, e-commerce and defense. These include names such as Sony, Oracle, ING, HSBC, Aviva, Vodafone, Airtel, Fiat, CNN IBN, CNBC, Makemytrip, Yatra and Indian Defense.

"Our technology simulates a human hacker, and has the capability to simulate all possible attack scenarios"

- Bikash Barai, CEO, iViz Security

 

iViz claims that the cloud-based model offers significant advantages over a traditional model. “Conventional penetration testing or ethical hacking is driven by consultants and hence is time consuming, costly, non scalable and lacks uniformity in quality. Compared to this, a SaaS-based model offers scalable penetration testing with easy compliance to standards such as SOX, HIPAA, ISO 27001 and PCI DSS. Our technology simulates a human hacker, and has the capability to simulate all possible attack scenarios,” claims Bikash Barai, CEO, iViz Security. The firm has already won numerous awards from organizations such as the US Navy, US Department of Homeland Security, Intel, University of California Berkely, Red Herring, Nasscom etc.


The ability to simulate all possible attack paths is crucial, as most standalone technology solutions are not able to understand the big picture behind multiple small attacks. thereby providing a more comprehensive solution. For example, in complex security threat scenarios, attackers exploit multiple security weaknesses that individually are not critical, but in the aggregate, they allow an attacker to compromise business critical data. iViz’s solution uses artificial intelligence techniques to address this issue.

Barai explains this with the help of an example. “While conducting one conventional penetration testing exercise during the year 2006, it dawned on us that even as a security expert; we cannot comprehensively detect all multi-stage attack path possibilities. Especially, once a network is successfully broken into, we tend to become complacent and the mental incentive to find all and every ways to penetrate diminishes. To overcome this barrier related to basic human instinct, we explored the usage of artificial intelligence to simulate all multi stage attack possibilities. We have developed a technique to compute all possible permutations and combinations of attack paths in a complex network or a system. Such a simulation process has high complexity and demands very huge infrastructure and huge amount of time. We optimized the process using different techniques, which has made it possible for us to detect such attacks.”

iViz has partnered with security consulting firms to lower their operational cost and increase their scale of operations. Many organizations have already partnered with the firm since they can now do business at any scale while maintaining almost zero operational cost.

As the cloud-model is built for scale, it scores heavily over traditional models.

“Any known security firm can conduct penetration testing using consultants and tools. However, the problem is with the cost, scalability, uniformity in quality and manageability of vulnerabilities. Most of the security firms would not be able to handle customers who have 600 applications that need to be tested four times a year. They will not be able to hire enough people to do the job,” explains Barai.

Due to the high costs, customers do not test all their applications, which in turn, results in partial security. The cloud-based model enables firms to test hundreds or thousands of applications in parallel which is not possible in the case of the consulting approach.

For iViz, the scale of opportunities on the global stage is huge, as globally there are more than 165 million online websites that need protection. “The security testing market is more than 3 billion USD in size. Our vision is to build a 100 million USD company in this space,” says Barai.

About Author

Srikanth RP

Executive Editor

An award-winning journalist with more than 14 years of experience, Srikanth RP is Executive Editor with InformationWeek India. Srikanth is passionate about writing on topics which clearly show the business impact of technology.

comments powered by Disqus

Subscribe for Newsletter

Stay connected to the best business technology content every week. Subscribe to our daily newsletter now!

Slide Shows

Upcoming Demand Webcast

Intelligence-driven incident response for today’s enterprise

RSA’s Critical Incident Response Solution (CIRS) integrates the key elements for incident response capability that is intelligence-driven and risk-focused. CRIS incorporates a variety of integrated security tools that provide for security operations management.Attend this webcast and you get a closer look at how RSA’s Critical Incident Response Solution (CIRS) integrates the key elements to give your organization an effective and efficient incident response capability. Date: 14 May, 2014 Time: 3:00-4:00pm