View
0
Download
0
Category
Preview:
Citation preview
www.e-spincorp.com © Since 2005 E-SPIN SDN BHD. All Right Reserved.
TM
TM
Copyright © 2005 - 2011 by E-SPIN Sdn. Bhd. All rights reserved.
E-SPIN ™ is trademark of E-SPIN SDN. BHD. No part of this solution/product/training presentation/handout may be reproduced, stored in a retrieval system, or transmitted in any form or by an means, electronic, mechanical, photocopying, recording, scanning, or otherwise, without either the prior written permission of E-SPIN, or authorization through payment of the appropriate per-copy fee to E-SPIN, tel (603) 7728 2866, fax (603) 7725 4757, or on the web at www.e-spincorp.com
Limit of Liability / Disclaimer of Warranty: While the author have used their best efforts in preparing this solution/product/training presentation/handout, they make no representations or warranties with respect to the accuracy or completeness of the contents and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for any situation. You should consult with a professional where appropriate. Neither the author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.
For general information on our other products and services or for technical support, please contact our customer service department at (603) 7728 2866, fax (603) 7725 4757, or email info@e-spincorp.com.
Vendor Profile (What We Did)
• Vendor Competency, Solutions & Project Portfolio Overview
E-SPIN Vulnerability and Security Management Solution Overview
• Vulnerability Management
• Security Assessment
• Penetration Testing
Open Discussion / Clarification (Before End)
• Based on your requirements / concern in hand
• Next step / follow up
TM
TM
Who We Are
• E-SPIN stand for Enterprise Solutions Professional on Information and Network.
• Privately held company established in 2005.
• E-SPIN operates as the regional hub for E-SPIN's operations in Malaysia and perform international trade in Singapore, Thailand, Indonesia, Philippine and other South East Asia (SEA) countries, India, Middle East, Europe, America and Great China Region countries.
• Vision: to be leading enterprise solution provider in deliver enabling and value-added solutions for customer to achieve business technology transformation and remain competitiveness in their respective marketplace.
•Requirement Analysis, Project Coaching, Main/Sub COntracting
•Solutions Development and Plan Presentment
Technology Architect & Solutions Consulting
• Technology Product Distribution & Trading
• Hardware, Software and Services
• Turnkey Project Management & Delivery
Network and System Integration, Distribution • System requirement
analysis and design
• Prototype, mockup module development
• Acceptance test, quality assurance, penetration test
System Development & Application
Integration
• Training, certification and skill transfer
• Project hardware, software and service maintenance support
• Managed outsourcing
Managed Service and Outsourcing
What We Do
TM
Business and Technology Applications
• Network Operation Center (NOC) - Element/Network Management System (EMS/NMS) Network / System / Host / Application / Wireless / Database / Storage / Performance / Bandwidth Monitoring, Alerting, Reporting - Network Configuration Change and Management
• Security Operation Center (SOC) - Event Log Management (ELM), Security Information & Event Management (SIEM/SEM) and Security Incident Response Management System (SIRM) /Cyberwarefare Defence Center
• Virtualization and Cloud Management - Datacenter / Network / Storage / Server / Desktop / Application Virtualization and Private/Public/Hybrid Cloud Virtualization
• Business Process Management (BPM) and Workflow Automation, Business Intelligence, Data Warehousing and KPI / Performance Management System (PMS), Enterprise Resource Planning (ERP), Integrated Enterprise Wide / Custom Scope Business Application Development (Standalone Client/Server, Web Application)
Availability, Storage and Business Continuity
• Data integrity, anti-web, portal and web application defacement and protection, availability assurance
• Data backup, archiving, replication, mirroring, Continous Data Protection (CDP) and Online Storage Protection
• Availability Management, network, System and Data High Availability, Continuous Availability, Continuity Management, Business Continuity and Disaster Recovery (BCDR)
• Storage Management -External storage, Network Attached Storage (NAS) and Storage Area Network (SAN)
• Internet link load, bandiwdth aggregation, application traffic server load balancing, WAN/Web and Datacenter Application Acceleration and Bandwidth Optimization
• Non-stop mission critical system and hardware equipment, Fault Tolerance (FT) hardware and software clustering, auto fail-over and redundacy
Security, Risk and Compliance Management
• Network & Wireless Security, Firewall/VPN/IPS, Identity Access Management, Network Access Control (NAC), Employee PC and Server Activity Monitoring
• Vulnerability Management - Security Assessment, Penetration Testing, Website/Web Application/ Web Services, Network, Server, System, Database, Wireless Vulnerability Assessment (VA), Hostile Source Reverse Engineering and Malware Analysis, Exploitation Research & Testing
• Patch Management, Hardening, Vulnerability Fixing and Risk Mitigration Module Development
• Content Security, Virus, Spyware, Phishing, Web, Email, IM, P2P, Endpoint Blocking and Filtering
• Database Security, Database Intrusion Prevention, Database End User Accountability
• Data Encryption, Steganography, Digital Risk Management (DRM), Secure Data Erasure, Digital Signature and Signing, Managed, Automated, Secure File Transfer (SFTP) and Secure Document Exchange and Storage, IT Governance, Risk and Regulatory Compliance (GRC)
End-to-End Complete One-Stop Solutions
• Technology consulting, requirement assessment, solution development, infrastructure architect and master plan / blue print
• Ongoing industrial education, certification training and professional development (in house or on site)
• Software and application portal development / integration, customization. migration, project implementation, main / sub contracting and maintenance support
• International Sales, Trade, Regional Distribution and Global Sourcing
• Managed service and solution hosting, Solution-as-a-Service (SaaS) Subscription
• Data Center, Infrastructure Facility, Command Center/Station/Terminal, NOC/SOC, Video Wall, Support Ticket System, Mobile and Email Messaging
• Wired and Wireless TCP/IP Network, 900 Mhz / 2.4 Ghz / 5 Ghz Spectrum Analysis, Visualize, Site Survey Map, Performance Troubleshooting, Network Forensics and Security
TM
TM
Value Proposition
Single Vendor Complete Solution
Project Consulting, Coaching,
Management
Training and Certification, Transfer of
Technologies
Buy / Rent / or Pure Service
Warranty, Update,
Maintenance Support
Vulnerability Fixing, Hardening,
Mitigation Module
Development
MOF Certified Government Supplier & Consultant
Authorize Distributor Partner for
Performance Guarantee /
Principal Support
TM
Tender / RFP Paperwork
Technical Proposal / Solution Architect / Blue Print
Media Kit/License Certificate
Training Certificate
Support Agreement Contract
Training / Seminar Handout
Vulnerability Fixing / Software Development
Assessment Report Technical Reference
TM
System / Network Turnkey Project
Deployment, Management, Testing and Commissioning
Development / Customization /
Network and Security Helpdesk Support
Center
Technology / Project Consultancy and Solution Advisory
Special Project Customized Training,
Transfer of Technologies
Skill Certification / Professional Qualification Examination
Solution and Project Coaching / Solution / Technology Architect
Onsite / On Premises Advanced Training, Education, Seminar
Offiste Technical Training, Skill based Technical Hand on /
Workshop
TM
Service Outsourcing /
MSP
Distribution & Trading
Equip. & App. Renting / Leasing
Certified / Training /
Technology Transfer
Project Independent Consultant /
Sub Con
TM
E-SPIN Value Added Services
Professional Qualification | Skill Certification
Product In Depth Training
Vulnerability Fixing | Mitigation Module
Development
System Hardening | Patching
Project Consulting | Solutions Development
Local Technical Support (phone | email | remote |
onsite)
Single Sourcing Hardware | Software| Service
Security Assessment Outsourcing | Subcontracting
Extended Security Assessment
Core Security Assessment
Network /Server & System
Web App (Web,
App, Db. Server).
Forensics Analysis
Database In Depth
Packet / Wireless/
Log
Malware Analysis/ Reverse
Engineering
Exploitation Testing & Research
Secure Development
Security Audit
Security Mmgt.
System Admiin.
Incident handling
Intrusion Analysis
Penetration Testing
TM
Client SOC/NOC/Network/Cyber warfare Defense Center Integration
TM
SOC/SIEM and EMS/NMS NOC / Cyber Warfare Defense Center Terminal Workstation Integration
Client SOC/NOC/Network/Cyber warfare Defense Center Integration
TM
SOC/SIEM, EMS/NMS NOC, Cyber Warfare Defense Center Terminal Workstation Integration
Client SOC/NOC/Network/Cyber warfare Defense Center Integration
TM
Interactive Voice Response (IVR)
Integrated Support Ticket System
Mobile and Gateway SMS Integration
SOC/SIEM, EMS/NMS NOC, Cyber Warfare Defense Center Terminal Workstation Integration
WHO is doing WHAT and WHEN on your monitoring network
TM
E-SPIN Complete end to end complementary Flow Network and Security Monitoring, Probe/TAP, Collector, Visualization and Reporting from 10MB to 10GB
Threat Analysis
Intrusion Monitoring
Malware Detection
Content Filtering
Vulnerability Identification
Compliance Testing
Vulnerability Scanning
Operations Availability
Analysis
Vulnerability Management
Baseline Development
Incident Response Team
Asset Inventory and Classification
Event Correlation
Reporting
Remediation
Asset and Patch Management
Classification of Threats
Incident Response
Classify threat based on probability and potential damage
Developing and maintaining an on-going process
Uncovering weaknesses before they can exploited
Isolating and resolving asset security issues once identified
TM
TM
Case studies
Hacking web clients
Attacking web application management
Attacking web datastores
Input validation attacks
Attacking session state management
Attacking authorization
Attacking the authentication
Surveying the application
Web server hacking
Profiling
TM
The end to end components of a typical web application architecture
Client analysis
Transport analysis
Web server / web
service analysis
Web / application
server analysis
Source code
analysis
Exploitation analysis
Database server
analysis
Potential weak sports
TM
Elements of the entire database security lifecycle
• Noninstrusive
• Policy-based actions
• Anomaly detection
• Real-time prevention
• Granular access controls
• Centralized governance
• Compliance reporting
• Sign-off management
• Automated esclations
• Secure audit warehouse
• Data mining for forensics
• Long term retention
• Vulnerability assessment
• Configuration assessment
• Behavioral assessment
• Baselining
• Configuration lock-down and change tracking
• Discover all databases, applications, and clients
• Discover, and classify sensitive data
Discover and
classify
Assess and
harden
Monitor and
enforce
Audit and
report
Enterprise databases
TM
TM
TM
TM
TM
TM
TM
TM
TM
TM
TM
TM
TM
TM
Recommended