All applications and operating systems have in-built vulnerabilities due to improper development of their software code. These vulnerabilities can be used by hackers to launch attacks on the network, websites and servers of enterprises. Such attacks can result in costly downtime, theft of proprietary information and loss of customer data. This can result in loss of image among customers as well as costly lawsuits ﬁled by customers or regulatory agencies. It is important for enterprises to periodically assess these vulnerabilities and patch them to avoid such attacks.
Hackers are getting bolder and more creative in the way they attempt to penetrate the networks and websites of enterprises. Survey data has consistently proved that around 70% of such attacks are from disgruntled or malicious employees. Therefore it is very important for enterprises to test the robustness of their security infrastructure (the ﬁrewall policies, type of IDS etc.) and their Information Security Management System (the password policy, privileges given to employees to access various systems etc.). This is done through periodic 'penetration testing' exercises and action taken on any gaps and weaknesses unearthed.
Mindtree's 'Vulnerability Assessment and Penetration Testing' service uses a combination of state-of-art tools like Accunetix WVS, Metasploit Pro, Nessus Professional, Backtrack etc, and experienced ethical hackers with appropriate certiﬁcations like CEH. It helps enterprises conduct intelligent 'Vulnerability Assessments' and 'Penetration Tests'. Our ethical hackers have many years of experience in this ﬁeld and have exposure to a wide range of industry verticals and operating systems, applications, networks and security devices. They are selected after stringent background checks and their expertise is used to help our customers identify and take action on vulnerabilities and weaknesses in their IT assets and Information Security Management System (ISMS). They can conduct black box, gray box and white hat penetration tests to help customers improve their security infrastructure and information security policies. Mindtree delivers this service through our ISO 27001 certiﬁed cyber lab as well as by deputing our consultants to customer offices. Mindtree also helps customers patch the vulnerabilities unearthed by our consultants.
With the aid of tools used, we provide insightful reports to the top management as well as the IT operations staff of the enterprise. This will help them take both strategic and tactical decisions to make their Information Security Management System (ISMS) future-ready.