Cyber defence

Provides an in‑depth review of an organization’s technical security posture across various areas from offensive security testing or vulnerability assessment and penetration testing (VAPT) to configuration review
 

Service elements

• Infrastructure VAPT

• Application VAPT (web, mobile, API)

• Code Review

• Configuration Review – Cloud, Servers, DB, N/W Devices

Potential client benefits:

• In-depth review of an organization’s security posture from an attacker perspective

• Assessment of organizations’ configuration hardening with respect to leading standards such as CIS

• Periodic review of cyber security controls implemented

Focuses on clients ERP (SAP, Oracle EBS, MS Dynamics) environment from the perspective of security

Service elements:

• Segregation of duties
• Code Review 
• Vunerability Assessment

Potential client benefits:

• Otimize efforts for ERP security assessments
• Ensure secure Implementations of ERP solutions 

Provides clients with an outside in view of their security processes across people and technology emulating an attacker’s perspective to break into the environment and gain access to crown jewels

Service elements:

• Social engineering
• Scenario-based assessment / Attack Simulation
• Active Directory attacks
• Malware Injection

Potential client benefits:

• Improved Return on Investments for cyber security initiatives 
• Cyber as competitive advantage and revenue generation opputunity
• Effectiveness of security tools around detect , respond and recover

Provides an in‑depth review of an organization’s industrial control system security across their environment

Service elements:

• OT Risk Assessment and OT Asset Discovery / Inventory
• IoT Security Framework
• Scenario based Assessment
• Hardware Security Assessment
• Automotive Security

Potential client benefits:

• In-depth review of an organization's industrial control system / embedded security posture
• Prepare inventory of the existing assets in OT environment
• Effectiveness of security tools around detect , respond and recover

• Hardware security assessments for products

   

Provides an in‑depth review of products built by an organization from a cyber security perspective for both software and hardware products

Service elements:

• Product security assessment (application scenario-based assessment, secure code review, open source vulnerability review)
• Hardware security assessment

Potential client benefits:

• In-depth review of an organization's product suite from the perspective of cyber security
• Help organizations comply to security testing guidelines defined by regulators such as UIDAI, RBI, IRDAI, CERT-IN, NPCI
• Assess the attack paths for software/ hardware products

Provide a strategic plan on how to improve your vulnerability management program (with a primary focus on remediation)

Service elements:

• Vulnerability Management Program
• Risk Prioritization and Operations)
• Vulnerability tracking and triaging
• EOL/EOS Tracking

Potential client benefits:

• Develop/Update the governance activities including monitoring, reporting, tracking and compliance/adherence to new processes
• 20 Aid in categorization of vulnerabilities, grouping of vulnerabilities, prioritization of certain vulnerabilities and program manage the remediation program to reduce aging

Focuses on client’s external attack surface and provide contextual threat intelligence using KPMG proprietary tools such as Digital Signals Insights Platform

Service elements:

• Attack Surface Management and continuous discovery
• Threat intelligence
• Brand Protection
• Executive Protection
• Takedown

Potential client benefits:

• Understand the external attack surface for the organization around domain intelligence, credential leaks, sensitive data discovery, phishing, code leaks
• Contextual threat intelligence based on IOCs derived from the wild