iViZ’s

Chennai (INDIA): Most businesses across the world are repeatedly compromised by hackers, in spite of effective information security practices and assessment tools. To address this problem, Gartner has recommended “penetration testing [ethical hacking] that goes beyond simple vulnerability assessment and should be conducted regularly.”

Most enterprises use conventional penetration testing, which is time-intensive, manual, expensive and prone to human errors. Manual scanning cannot comprehensively identify all possible ways a network may be compromised by hackers. Labour-intensiveness puts a burden on the company’s resources and, hence, it defaults on regular testing.

iViZ, an information security company, has launched “iViZ’s automated multistage attack simulation,” a fully-automated, on-demand, comprehensive penetration testing solution for applications, networks and compliance.

Fast, accurate

iViZ penetration testing tool offers easy and affordable testing. An enterprise can avail itself of it anytime using a software-as-a-service based subscription model without buying or installing any software, says Bikash Barai, co-founder and chief executive officer. It is a fast, accurate and multistage attack path provider, giving comprehensive solutions.

Built-in compliance

It has a built-in compliance reporting for third-party certification from various international organisations. iViZ technology has been used to detect vulnerabilities in several products of Microsoft , McAfee, Intel, HP, Lenovo, AVG and Sophos.

iViZ’s on-demand penetration testing uses an artificial engine to check the intelligence of human hackers and plug the holes in the software that are missed by scanners and in manual approach. It can automatically conduct social engineering attacks to measure security awareness and also train the users.

Expensive tools no more

According to Mr. Barai, normal tools and manual methods miss out on several indirect ways in which hackers break into a network. The software-as-a-service (SaaS) approach adopted by iViz to provide on-demand penetration testing eliminates the need for expensive tools and professionals.

The subscription-based, on-demand solution addresses security and cost-effectiveness, he says. iViZ charges customers a subscription fee for conducting penetration testing. Based on the number and frequency of scans and servers or applications, customers can opt for a regular periodic subscription or choose a one-time service. The pricing, Mr. Barai says, largely dependents on the size of applications and frequency of tests.

A one-time testing for an application could cost between Rs. 30,000 and Rs. 3 lakh. It could cost more for any complex product. A yearly subscription with a package of monthly or weekly tests, could be more attractive.

The idea of creating the on-demand penetration testing was born when iViz started to provide security testing and audit to companies with significant IT exposure.

Artificial intelligence

Conventional penetration testing fails to detect the complex multistage attack-paths. The company, therefore, explored the use of artificial intelligence to simulate all multistage attack possibilities. A prototype was built and stabilised after it was tested in several environments.

This technology is currently under “patent pending” with the United States Patents & Trademark Office.

Today, the product has been installed in Airtel, Reliance, British Telecom, ING Vaisya, Fiat, Sasken, CNN IBN, CNBC, Makemytrip, Yatra, and the Defence Ministry.