VAPT Services by prime

www.primeinfoserv.com | email : info@primeinfoserv.com | Contact : +91 98300 17040www.primeinfoserv.com | email : info@primeinfoserv.com | Contact : +91 98300 17040

www.primeinfoserv.com | email : info@primeinfoserv.com | Contact : +91 98300 17040
INTRODUCTION
▪ Prime Infoserv LLP is an IT-services company with range of solutions on wide
platforms and technologies. The aim is to deliver solutions that enhance
performance, lower costs, reduce risk and build competitive value additions by
improving reliability, speed and agility.
▪ Our Vision is to offer the best products and services to exceed customer
expectations resulting customer delight. The aim is to enable concrete business
growth through a process driven approach along with technology. Prime helps its
clients to transform their business to the next leap in order to improve their
proposition and competitive positioning.
▪ The offerings combine an array of integrated services and products that reveals top-
of-the-range technology with in-depth domain expertise. The approach is based on
solutions & services with OEM agnostic framework.

• Founded by a team of expert professionals with a vision to make a big
difference.
• Our Strategic teaming partnerships provide an ecosystem to deliver
niche and best of breed services in field of IT Solutions.
• Consistent record of over 80% of business coming from repeat
customers.
• Best practices built delivery record of successful project deliveries over
the years.
• A dedicated and passionate team of brilliant professionals focused on
creating lasting value.
ABOUT US

PRIME SERVICE PORTFOLIO
BUILT MANAGE OPERATE
TECHNOLOGY
INTEGRATION
IT
INFRASTRUCTURE
MANAGEMENT
CONSULTING SKILL
DEVELOPMENT
360 Degree Life Cycle Management

• Documentation, Gap Analysis & Remediation:
– Study AS-IS of the infrastructure and create asset inventory, documentation, schematic
– GAP Analysis with best practises and industry benchmarking, Network & Application Audit, VAPT
(Vulnerability Assessment and Penetration Testing),
– Remediation Plan and handholding on the gaps identified.
• Compliance Audit & Certification:
– Quality Management System (ISO 9001:2015),
– Environment Management System (ISO14001:2004),
– Information Security Management System (ISO 27001:2013),
– IT Service Management (ISO 20001:2011),
– Food Safety Management Systems (ISO22000:2005),
– Capability Maturity Model Integration (CMMi) Level 3 & Level 5,
– Payment Card Industry Data Security Standard (PCI-DSS),
– Customer satisfaction management(ISO 10000),
– Occupational health and safety management system (OHSAS 18001),
– Risk management (ISO 31000:2009).
PRIME INFOSEC OFFERINGS

PRIME INFOSEC OFFERINGS
• Gateway & End Point Security
– Unified Threat Management, Firewall, IPS (Intrusion Protection System), IDS (Intrusion Detection
System),
– End Points, Total Protection, Data Leakage Protection (DLP), Anti APT (Anti Persistent Threat – Deep
Security).
• Cyber Forensic
– Turnkey Deployment of Digital Forensic Laboratory & Fraud Investigation Labs,
– Security Analytics & Threat Intelligence,
– Intelligently identify and mitigate cyber threats and risks,
– Security information and event management (SIEM) Solutions.
• Workshops
– ISO 9001, 20000, 27001 Lead Auditor, Implementer and Awareness Workshops
– Certified Information Systems Security Professional (CISSP),
– Certified Information Systems Auditor (CISA),
– Certified Ethical Hacking (CEH),
– Other Technology and Soft Skill Oriented Skill Development Programs.

KEY OEM PARTNERSHIPS

OUR CLIENTS - THEY SPEAK FOR US

VULNERABILITY ASSESSMENT &
PENETRATION TESTING

VA-INTRODCUTION
Vulnerability Assessment is the systematic examination of an information system (IS)
or product to determine the adequacy of security measures. It helps to identify
security deficiencies, provide data from which one can predict the effectiveness of
proposed security measures, and confirm the adequacy of such measures after
implementation.

VA-ILLUSTRATED
Features
▪ Discover and manage all network devices and applications
▪ Identify and remediate network security vulnerabilities
▪ Measure and manage overall security exposure and risk
▪ Ensure compliance with internal policies and external regulations
Why is it required?
▪ To Identify the present vulnerability that exist in your network , like missing patches,
Buffer overflow, Default user names & Password , Un used users, file/folder Sharing
found on the network etc.
▪ Who require it?
▪ Every Company which has computer network requires this service and has critical data
which flows on the network.

HOW VA CAN BE IMPLEMENTED?
▪ Study the scope of IT architecture & components required for assessment with the
boundary of analysis. and formulating the processes and action-plan for
recuperating server’s operation.
▪ Define the scan Policy for each target. Scan Policy to define the level of scan
▪ Information gathering, Finger printing, Port scanning, Password analysis, Attack
stimulation.
▪ Scan the targeted network (s) and host (s), based on the defined scan policy collect
the scan results and analyze for security loopholes, configuration errors, Default
installation settings, overlooked setups, password quality, firmware/software
revisions, Patch fixes, security policy violations etc.
▪ Comparing the configurations with the industry standards and rating them.
▪ Submission of Assessment Reports with suggestions and recommendations to fix
the vulnerabilities.

TYPICAL ROI
▪ Vulnerability Assessment Services help organizations identify, understand, and
address security or compliance issues that affect their internal information
assets. Our in-depth and comprehensive testing also provides organizations with an
accurate snapshot of their security posture along with an excellent baseline to
measure change and ongoing security efforts.
▪ Reducing unnecessary procurement of network which cost to companies
▪ Reducing network management cost
▪ Utilizing full benefits of existing LAN
▪ Reducing downtime by 90%

PT-INTRODCUTION
A penetration test is a method of evaluating the security of a computer system or
network by simulating an attack by a malicious hacker. The process involves an active
analysis of the system for any weaknesses, technical flaws or vulnerabilities. This
analysis is carried out from the position of a potential attacker, and can involve active
exploitation of security vulnerabilities.

PT-ILLUSTRATED
Features
▪ Enables you to see if your networks and web applications can be penetrated from the outside
▪ Gives you a comprehensive list of all security vulnerabilities on your perimeter network
▪ Provides a rapid and efficient inventory of the devices, services, and vulnerabilities of internet-connected
networks
▪ Why is it required?
From a business perspective, penetration testing helps safeguard your organization against failure, through:
▪ Preventing financial loss through fraud or through lost revenue due to unreliable business systems and
processes.
▪ Proving due diligence and compliance to your industry regulators, customers and shareholders.
▪ Who require it?
▪ Every Company which has computer network requires this service and has critical data which flows on the
network.

HOW PT CAN BE IMPLEMENTED?
▪ Study the scope of IT architecture & components required for assessment with the
boundary of analysis. and formulating the processes and action-plan for
recuperating server’s operation.
▪ Define the scan Policy for each target. Scan Policy to define the level of scan
▪ Information gathering, Finger printing, Port scanning, Password analysis, Attack
stimulation.
▪ Scan the targeted network (s) and host (s), based on the defined scan policy collect
the scan results and analyze for security loopholes, configuration errors, Default
installation settings, overlooked setups, password quality, firmware/software
revisions, Patch fixes, security policy violations etc.
▪ Comparing the configurations with the industry standards and rating them.
▪ Submission of Assessment Reports with suggestions and recommendations to fix
the vulnerabilities.

PRIME METHODOLOGY ON VAPT
▪ Identification of Target: Evaluating the risk of getting information about the target.
▪ Port Scanning: Finding open ports on the target host.
▪ System Fingerprinting: Finding what OS and services present on the target.
▪ Identification Of Vulnerabilities: With Vulnerability assessment being conducted via
commercial tools and freeware, security loopholes and possible threats can be
analysed
▪ Exploitation: Potential threats via pre existing vulnerabilities present within the
system are exploited via running appropriate exploits, scripts etc to gain
unauthorised access to systems and simultaneously escalate the attacker’s privilege.
▪ Result Collation and Report Writing: Projecting report in easy understanding way,
and is mapped with SAN TOP 10 Vulnerabilities.

BENEFITS OF VAPT
▪ Enhanced ability to make effective security improvements to existing systems and applications.
▪ Enhanced ability to comply with regulatory requirements.
▪ More efficient allocation of available resources.
▪ Higher return on security investments.
▪ Can Compare Network current posture with SANS TOP 20 Vulnerabilities.
▪ Preventing financial loss through fraud (hackers, extortionists and disgruntled employees) or through lost
revenue due to unreliable business systems and processes.
▪ Proving due diligence and compliance to your industry regulators, customers and shareholders. Non-
compliance can result in your organization losing business, receiving heavy fines, gathering bad PR or
ultimately failing. At a personal level it can also mean the loss of your job, prosecution and sometimes-
even imprisonment.
▪ Protecting your brand by avoiding loss of consumer confidence and business reputation.
▪ Identifying vulnerabilities and quantifying their impact and likelihood so that they can be managed
proactively; budget can be allocated and corrective measures implemented.

TYPICAL ROI FOR PT
▪ Vulnerability Assessment Services help organizations identify, understand, and address
security or compliance issues that affect their internal information assets. Our in-depth
and comprehensive testing also provides organizations with an accurate snapshot of
their security posture along with an excellent baseline to measure change and ongoing
security efforts.
▪ Ethical Hacking help organizations identify, understand, and address security or
compliance issues that affect their External information assets before attackers exploit
them. Our in-depth and detail oriented testing also provides organizations with an
accurate snapshot of their security posture along with an excellent baseline to measure
change and ongoing security efforts.
▪ Reducing unnecessary procurement of network which cost to companies
▪ Reducing network management cost
▪ Utilizing full benefits of existing LAN
▪ Reducing downtime by 90%

BENEFITS-ROI

DEPLOYMENT OF TOOLS
F-Secure Radar, Foundstone, QualysGuard, Nessus, Nmap,
Nikto, SQL Map, GFI Languard, Kismet, CAIN & Abel, Brutus,
Netsparker, Brutus, Netsparker, BURP Suite, W3AF, Paros
Proxy, Webscarab, Skipfish, Acunetix, APPscan, Metasploit,
Wireshark (formerly known as Ethereal), ICROSOFT Baseline
Security Analyzer etc.

SAMPLE REPORTS

SAMPLE REPORTS
0 200 400 600 800 1000 1200 1400 1600
Windows 7
Windows 8.1
Windows 10
Windows Server 2012
Windows XP
High
Med
Low

SAMPLE REPORTS
Assets Vulnerabilities
IP Address Server
Name
Critical High Medium Low Info Remarks
10.147.0.3 File Server 1 1 17 6 41 Critical- Vulnerability in Schannel Could Allow
Remote Code Execution
10.147.0.5 Payroll D.M
Client Server
2 2 5 0 28 Critical- Unsupported UNIX OS,
Critical- Rexecd Service Detection
High- RPC multiple overflows, rlogin service
detection
High- SNMP Agent Default Community Name (public)
10.147.0.11 DLO Server 0 1 13 2 38 High- MS12-020: Vulnerabilities in Remote Desktop
Could Allow Remote Code Execution.

SAMPLE REPORTS
Asset Type Criticality Vulnerability Remediation
File Server Critical MS14-066: Vulnerability in Schannel Could Allow Remote
Code Execution.
The remote Windows host is affected by a remote code
execution vulnerability due to improper processing of
packets by the Secure Channel (Schannel) security package.
An attacker can exploit this issue by sending specially crafted
packets to a Windows server.
Microsoft has released a set of patches for
Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012,
8.1, and 2012 R2.
High NFS Share User Mountable.
Some of the NFS shares exported by the remote server could
be mounted by the scanning host. An attacker may exploit
this problem to gain read (and possibly write) access to files
on remote host.
Configure NFS on the remote host so that only
authorized hosts can mount the remote shares.
The remote NFS server should prevent mount
requests originating from a non-privileged port.
Medium SSL Certificate Cannot Be Trusted.
The server's X.509 certificate does not have a signature from
a known public certificate authority.
Purchase or generate a proper certificate for
this service.

SIMILAR CUSTOMERS IN THE DOMAIN
West Bengal Electronics Industry Development Corporation Limited (WEBEL), Kerala State
Electronics Development Corporation Ltd (KELTRON), Meghalaya Govt – Health Applications,
Dahabshiil - Africa, Grasim Bhiwani Textiles (Aditya Birla), Brac Bank Bangladesh, Arunachal
Pradesh labor Dept.- Itanagar, Robi Axiata - Bangladesh, Standard Chartered Bank, Beneras Hindu
University, Sify Technologies Limited, TCG (Skytech), Haldia Institute of Technology, Saudi Electric,
Brac Bank – Bangladesh, Medica Hospitality, Esoft Arena – Bangladesh, Sigma Systems –
Banglades, Tata Memorial etc.

INFORMATION SECURITY ASSESSMENT
Company Overview
India’s Leading Textile Brand
Pan India Presence with multiple outlets, branches, distributors
Management Challenges Our Approach Benefits
 Managing overall IT Infrastructure
and Information Security was difficult
 There was gap in process, quality,
skills and manageability
 Define and Develop an Integrated IT
Service Management & Information
Security Management Systems
 Certification by an Independent
Registrar to give their customers
confidence
•Understand the business direction
•Identify refined business requirements;
•Perform IT capability assessment;
•Comprehensive Gap Analysis to identify
and prioritize the Improvement areas
•Identify and select IT alternatives
•Vulnerability Analysis & Risk Assessment
•Establish a Integrated management
Systems framework so that information
security and Service management
becomes a mainstream function within
their IT organization
• Compliance to ISO 27001 &ISO
20000 processes have helped them
build more robust processes for
Information Security and lead to the
Certification of their Data Centre to
ISO 27001 and ISO 20000 for their IT
Support.
• Clear Roadmap for Continual
Improvement of the IQMS
• Best in class Security & Service
Management practices and tools
identified, implemented

INTEGRATED MANAGEMENT SYSTEM FOR
IT SERVICES & INFORMATION SECURITY
Company Overview
 Helping the newly formed IT
Organisation develop IT Service &
Security Management capabilities
aligned with ISO best practices
 Define and Develop an Integrated IT
Service Management & Information
Security Management Systems
 Certification by an Independent
Registrar to give their customers
confidence
• Six month long project delivered in partnership
with our ITSM Consulting Partner and our
Consultants helped in bringing in Information
Security best practices through people and
organisation development.
• Comprehensive Gap Analysis to identify and
prioritize the Improvement areas
• Vulnerability Analysis & Risk Assessment
• Establish a Integrated management Systems
framework so that information security and
Service management becomes a mainstream
function within their IT organization
•Significant Reduction in Security and
Service Management issues
•Clear Roadmap for Continual Improvement
of the IQMS
•Best in class Security & Service
Management practices and tools identified,
implemented leading to successful
certification to ISO 20000 & ISO 27001
The Leading Telecom Player in Bangladesh
The Client organisation is the leading telecommunications service provider in Bangladesh with more than 31 million subscribers.

Africa’s Largest & Fastest growing Financial Services Company along with Group
A leading financial services group with it’s group telecom company across Africa
INTEGRATED MANAGEMENT SYSTEM FOR
IT SERVICES & INFORMATION SECURITY
Company Overview
 Client was building Mobile Money
Application Platform with secured IT
infrastructure in DC-DR Landscape.
 The infrastructures comprises Sun
Servers, EMC VNX Storage, Cisco
Switches, Juniper firewall, APC online
UPS, Solaris OS, Oracle Database and
Jboss, Weblogic etc as application
framework.
 They wanted to have efficient
Information Security Design,
Deployment , Gap Analysis.
• Configuration of Juniper Firewall with Active
Passive Fail-over with Access Policy ,Deep
Packet Inspection , VLAN, DMZ & Trusted Zone
classification , Site to site VPN Successfully
published mobile money application through
the public IP.
• Necessary documentations created and
training/orientation/handholding carried out
for the customer team.
• A dedicated service delivery team working
from Prime onsite with PMP and ITIL best
practices.
• No Single point of failure infrastructure
• High availability and secured heterogeneous
IT infrastructure
• Improved end-user experience and
availability of skilled resources by Prime
Managed Service Team in Remote NOC,
India
• Higher service availability and improved
problem response and resolution

VALUE ADDITIONS
▪ ISO 9001 and ISO 27001 Certified Organization
▪ Multiple Resources with ISO 27001 , CEH, CISSP, CISA kind of certifications
▪ Prior Experience of handling similar projects for Indian E-Governance like Webel,
Keltron, Arunachal Govt, Meghalaya Govt.
▪ Prime Follows ISO 27001 benchmarking for Information Security, ISO 20000 for IT
Service Management and PMI Standard for Project Management
▪ Prime conducts VAPT under several international benchmarking like NIST SP 800-39,
FISMA, ISO 27001:2013 standards, SANS TOP 20 and OWASP Top 10 etc.
▪ Core team having expertise in Working Large System Integrators, Telco ,
Government , Certification Authority and ITES segment.

Expertise on Tools
 Industry renowned tools like Found stone, Retina,
Arcsight, Qualiys Guard, Sentinel, RSA Envision,
Core Impact, Immunity Canvas etc.
 Open Source Tools like Airmon, Airodump-ng,
Aireplay-ng, MBSA, Acunetix, Nessus, Nmap, Nikto,
SARA, Cain and Abel, Burp Suite, Brutus, Xprobe,
THC_AMAP, SINFP, Hping2, Wireshark, Network
Stuff, Scanrand, Hmap, Superscan, BackTrack,
Metasploit integration, Kismet, Ophcrack, Ettercap,
Wireshark, BeEF etc
Key Customers
 Aditya Birla (Jayashree Textile and Grasim)
 West Bengal Electronics Industry Development Corporation Limited
(WEBEL).
 Kerala State Electronics Development Corporation Limited (KSEDC),
 Meghalaya and Kerala Government Data Centre,
 Arunachal Labour Dept.
 Dahabshiil, Africa
 Brac Bank, Bangladesh
 Robi Axiata, Bangladesh
 Peerless Securities, Guiness Securities
Value Additions
 Core Competency
 Cost Effectiveness
 Well-defined and Consistent service levels
 Knowledge base of latest IT Vulnerabilities and
threats
 High Quality Human Resources
 Past Experience with similar assignments
 Subject matter expertise in various domains
Team Strength
 Core team comprises of CISA / CISM / CA /DISA (ICAI) / MCSE /
CCNA / CISSP / CEH / CHFI with extensive industry experience
encompassing, systems and application development, information
systems assurance, finance, IS security and IT Audits.
 ISO 27001, 20000, 9000 LA,
 Auditors from Certifying Authority background (BSI, KPMG, TUV
etc.).

If you are thinking of information security,
We can guide you like five elements of life!

Mobile : +91 98300 17040, +91 90624 67427
Email : smukherjee@primeinfoserv.com , info@primeinfoserv.com
, sales@primeinfoserv.com
Web : www.primeinfoserv.com
PRIME INFOSERV LLP
(AN ISO 9001:2015 AND 27001:2013 CERTIFIED ENTERPRISE)
DL-124, 1st Floor, Salt Lake, Sector – II, Kolkata – 700091, India
Phone : +91 33 4008 5677
CONTACT US

VAPT Services by prime

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Ähnlich wie VAPT Services by prime

Ähnlich wie VAPT Services by prime (20)

Mehr von Prime Infoserv

Mehr von Prime Infoserv (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

VAPT Services by prime