AUJAS

An NSE Group Company

ENGINEERS OF CYBERSECURITY
TRANSFORMATION
 NSE IT 5

HQ 229
centers across 2000+
20 Mumbai the country Employees
Years

CMMi Level 5
100% 150+
Subsidiary of ISO 27001 Customers
NSE Certified
 7

NSEIT
Context aware Cybersecurity - How we enable it 4

Build Your Security Transform Your Security

Ensure a strong security Evolve and mature security

foundation to take strategic capabilities to actively protect
decisions and meet and defend against today’s
compliance needs threats
 Build Your Security 5

Ensure a strong security foundation to take strategic decisions and meet compliance needs

Identity and Access Security Security

Management Verification Engineering

Enable controls and privileges to Provide security status quo, secure Custom security solutions, capability
ensure authorized access. digital businesses, identify flaws and enhancements and enable existing
prevent threats. security product integrations.

Risk Managed Detection and Cloud Security

Advisory Response Engineering

Cybersecurity programs to manage risk Real-time threat monitoring and Customized enterprise grade security
and meet compliance standards. hunting capabilities for faster detection services to strengthen cloud
and response across business foundation, manage cloud operations,
infrastructure. and safeguard cloud environments.
 Transform Your Security 6

Evolve and mature security capabilities to actively protect and defend against today’s threats

Automate Security Programs Facilitate Digital Business Improve Responsiveness

Reduce manual interventions, minimize threat Protect API integrity, secure microservices, Enable high granular visibility of compromise
volume and risks, protect against automated make product ecosystems interoperable, and and intrusions, real time monitoring of
attacks, predict behaviors and execute protect DevOps environments. threats and automate incident responses, and
protection measures faster. attack simulations to gauge status quo.

Protect New Frontiers Integrate Silos

Cloud security controls and technologies to Integrate security ecosystems to manage
protect data, manage workloads, meet threats, consolidate security functions, align
compliance, and protect privacy. security policies, ensure faster response and
business continuity.
 Platforms to Build and Transform your Security Posture 7

Saksham - Self-Assessment Registered Device Management Code Sign

Platform Platform Platform

Self-Assessment kit bundles automated SaaS based IOT platform for Automated code signing solution to
test scenarios covering all the security management of registered seamlessly integrate with build and
aspects of the Account Aggregator devices. release systems, protect private keys
Ecosystem using defense-grade key management.

FEATURES FEATURES FEATURES

· Strict adherence to the API request and · Administration portal · Secure API · Easy integration · OS & File type support
response JASON Structures · Functional integration · HSM management · SDK · Multiple signing support · Malware
flow adherence to ensure support · Device monitoring & Telemetry protection · Certificate management ·
interoperability in the ecosystem · data · API registration · Device Enterprise directory integration · Inbuilt
Proper implementation od required data application change management workflows · Reports & dashboards
validations · Proper cryptographic
signature generation
 Strategic services to meet your emerging needs 8

Threat and Vulnerability Risk Management Managed Security Digital Security

Management

Compliance Management Security Automation Security Testing Product Development

 Where we feature our work - impact areas 9

Align with Geographic

Identify Risk and Mature Organizational
Specific Security
Threat Profiles Security Posture
Priorities

Customize Solutions Fortify Extended Meet Regulatory

Based on Business Business Environments Needs
Needs (Digital/Cloud)
 People and Presence 10

1500+
Customers in 22 countries
1000+ 790+
Employees Certified Employees
 11

Solutions to Mitigate
Risk and Vulnerability
The value we deliver at speed and scale
 Security Verification Service 12

Solutions to Mitigate Risk and Vulnerability

INDUSTRY ASK WHAT AUJAS CAN DELIVER

On-Demand Security Assessments

Flexible Assessment Models for App • On Demand Application Security
• Vulnerability Management with SAVP
Security Initiatives • Penetration Tests
• Application Security Program

Threat Simulation
Simulate Attack Patterns and Test Enable war gaming and simulations such as:
• DDoS Simulations
Defense Capability • Spear Phishing Simulations
• Threat Hunting
• Red Teams

Open Source and IP Compliance

Open Source Composition Analysis Leverage platforms to comply with open source
licenses, manage obligations and identify security
vulnerabilities to manage risks

Threat Modeling
Security Architecture Review Proactive identification of threats and risks in early
stage of development lifecycle to build robust and
secure software
 Managed Detection and Response 13

Solutions to Mitigate Risk and Vulnerability

INDUSTRY ASK WHAT AUJAS CAN DELIVER
Threat Intelligence
Consumes internal & external threat intel, supports
Forecast and Anticipate Threat Vectors
STIX / TAXII & unstructured intel feeds, yields
consumable & actionable threat intelligence

Attack Simulation & Analytics

Proactive Threat Discovery Actionable threat intelligence, threat hunting and
managed deception

Effective Monitoring and Incident SIEM Services & Operations

Control integration, process mapping, relevant
Management reporting, operations & continuous improvement

ML Powered Attack Prevention & Quarantine

Endpoint Detection and Containment Signature less malware prevention & quarantine

Security Orchestration, Automation &

Reliable and Automated Detection and Response (SOAR)
Service catalog-based process design & continuous
Response improvement framework, Runbook automation,
incident response, visualization and orchestration
 Identity and Access Management 14

Solutions to Mitigate Risk and Vulnerability

INDUSTRY ASK WHAT AUJAS CAN DELIVER
Risk Aware IAM
Risk Based Approach to IAM Transform IAM using preventive and detective controls.
Onboard apps and ensure continuous audit readiness

Robotics Driven IAM

Rapid Automation Robotics to increase IAM coverage and provide
automation. Run and build IAM using robots

IAM Cloud Transformation

Cloud IAM Services and solutions for moving IAM to cloud and
manage cloud based IAM workloads

PAM Quick Start

Secured Privileged Access Robotics to rapidly deploy and manage solutions for
privileged access controls

PAM For DevOps

DevOps Program Support Solutions for key and secret management, auto
commissioning of instances with PAM

IAM For Microservices

Consumer Identity Management Decentralized, scalable, interoperable access control
solutions for microservices based on open protocols
 Security Engineering 15

Solutions to Mitigate Risk and Vulnerability

INDUSTRY ASK WHAT AUJAS CAN DELIVER
Secure Development
Develop Secure software Integrate security engineering into development models
through design, build and release of security controls

Ecosystem Engineering
Rapid Product Ecosystem Expansion Build integrations between security products and
platforms for data exchange and response capabilities

Software and Code Signing Platform

Protect Integrity of Released Software An integral solution to establish software authorship
identity and software integrity during release

Custom Security Development

Tailormade Mission-Specific Solutions Develop specialized use cases and tools not supported
by industry products

Rapid Product Engineering

Security Product Engineering Design, build, release, repeat security products at
various stages of their maturity lifecycle
 Cloud Security Engineering 16

Solutions to Mitigate Risk and Vulnerability

INDUSTRY ASK WHAT AUJAS CAN DELIVER

Cloud Security Foundation

Help establish and manage security for digital
Securing Digital Business businesses, including Microservices, DevOps, IoT,
Databases, and Apps

Cloud Risk Services

Compliance and Privacy Guard Rails Build, establish, manage security risks and
compliance guard rails into everyday operations

Cloud Security Engineering

Security Enablement Engineer and orchestrate cloud workloads including
monitoring, event detection, response, and reporting

Cloud Data Governance and Privacy

Data Security and Regional Compliance Services and solutions to help customers manage
cloud data security and privacy requirements
 Risk Advisory 17

Solutions to Mitigate Risk and Vulnerability

INDUSTRY ASK WHAT AUJAS CAN DELIVER

Cybersecurity Strategy
Cybersecurity Program Transformation Help you establish, transform, manage cybersecurity
programs, risk and compliance initiatives

GRC Automation
Cybersecurity Process Automation Engineer the configuration and integration of GRC
solutions to deliver enterprise scale automation

Third Party Risk Management

Drive risk management through onsite and remote
Cybersecurity Process Automation third-party risk assessments and third-party risk
automation platform

Data Protection Services

Cybersecurity Process Automation Help you establish or align security and privacy
programs with regulatory requirements such as GDPR
 Technology Partnerships 18

To Accelerate Security Transformation and Reduce Time to Value

 Aujas - Helping you take on risk, threats, vulnerabilities 19

Reasons to Engage with Aujas

Advanced Tools & Strong Project Customer-Centric

Cost Effective Solutions
Technologies Management Approach

Highly Responsive Experienced Workforce Proven Expertise

AWARDS 20
 Case Study - Identity Security Program for an Indian Pharma 21

Organization
CUSTOMER OVERVIEW
Client is an innovation led fully bio pharma that manufactures pharma ingredients that are sold in over 120 countries. Client has a
publicly listed subsidiary operating in contract research services.

BUSINESS NEED OUR SOLUTION

❑ Client's business operations involve research and formulation of ❑ Aujas designed and executed Identity and Access Management program to
drugs. identify, prevent and review the accesses of users on core systems and
applications.
❑ As part of trade confidentiality, it is required to protect
unauthorized access of users on the research documents, drug ❑ Under the program, Aujas integrated birthright applications and shared folder
formula and drug test results. accesses using IBM's IAM system.

❑ The accesses of these data are controlled through applications'

accesses and shared folders
 Case Study - Identity Governance and Administration for an American 22

Pharma Organization
CUSTOMER OVERVIEW
Client is an American provider of pharma services. It conducts clinical trials on behalf of its pharma clients to expedite the drug approval
process.

BUSINESS NEED OUR SOLUTION

❑ Client leverages 200+ applications for serving its pharma ❑ Aujas’ IAM consultants and engineering team prepared an IAM program for
customers. These applications are used by business groups for rapid protection of identities.
clinical trials and researches.
❑ Aujas designed and implemented Microfocus IGA solution to manage users’
❑ Client’s business is operated by 30,000 full time and contractor accesses at all stages of users’ lifecycle in the organization, such as user
employees. onboarding, user offboarding, access reviews and users’ access requests for
business operations.
❑ Business need was to ensure safe and authorized access of
applications and business data. It was required to regularly review ❑ The access governance framework setup by Aujas assisted in getting real time
and eliminate unnecessary accesses to enforce the Least Privilege understanding of who has what access. This helped in reviewing and
principle. remediating the unnecessary accesses to eliminate the access risk to business
data.
 Case Study: Telecom Major 23

Customer Overview

Client is a leading provider of prepaid, postpaid mobile, 4G services and mobile money services with a presence in 14+ countries.

Key concerns
❑ Protect customer PII
GRC Function track to Governance
❑ Manage ISMS activities including internal and Risk & Compliance activities, 3rd Party
external audits vendors audits, Policies review and
❑ Manager 3rd party security program Governance update
❑ Manage and support security tools like DLP, EDR, Reactive Proactive
AV etc. Security Analytics Identity & Access
Advanced threat detection,
❑ Identify suspicious activities within the ecosystem security intelligence
Management of employee, contractor &
privilege identities and role based access
❑ Perform threat hunting for external and internal
threats. Data Protection Risk & Compliance
❑ Perform process improvement for preventive Data privacy, rights, encryption, Internal Audits, 3rd party assessments,
classification, masking, tokenization risk & compliance management
measures.
❑ Reactive approach to threat detection and
Security Incident Response Threat Management
response Security incident detection, response VA/PT, code review and
❑ Poorly tested versions released that cause serious and management vulnerability management
issues for end users. This ranges from system
Security Operations Secure Application
malfunctioning, performance degradation to BSOD Defense grade storage &
Security exception requests,
errors change management transport encryption, biometric
❑ Identify vulnerabilities in the applications/network API & Secure SDLC
❑ Lack of skilled resources
 Case Study – Spear Phishing Exercise for a large Bank in India since past 10 24

Years.
BUSINESS NEED OUR SOLUTION
❑ Gauge the maturity of the organization regarding its security ❑ Aujas was entrusted with the responsibility to create Phishing scenarios,
awareness posture, and subsequently, develop effective phishing install Phishnix in the client's environment, provide end to end training and
awareness training initiatives. maintenance. .

❑ To reduce the phishing susceptibility rates with proper awareness and ❑ Planning the entire activity with the help of senior management and banks
real time training. technical team. Creation of phishing scenarios which were based on
current trends. Designed and tested to simulate real- world conditions.
❑ To provide resilience against phishing and ransomware attacks which
has become the most rampant form of cybercrime and an exponentially ❑ Improvement in awareness level of the employees and contractors. By
increasing threat to organizations. conducting routine phishing simulations, phish rates drop to around 20%.

❑ Adhere to data protection and privacy regulations that now strongly ❑ Trending analysis report was presented to the Management. Management
encourage an organisation to carry our security awareness training. had a holistic view about their current security posture.

❑ Phishnix helps them to comply with the cyber awareness guidelines

What Client has to say about Aujas provided by RBI.
❑ “The Trending Analysis report has given us good insight on the Banks
security awareness level. Campaigns and Scenarios are on a par with the
current Phishing threats which makes the exercise quite lucrative.”
 Case Study - Application Security Program for a Large Telecom Operator in 25

Asia-Pacific
BUSINESS NEED OUR SOLUTION
❑ Identify all the weaknesses and vulnerabilities in applications ❑ Aujas defined an SLA Driven, end to end management of application
security program (web & mobile), security code review, configuration
❑ Articulate and document the specific remediation requirements for the review, security architecture review on the entire application portfolio.
identified weaknesses and vulnerabilities.
❑ Aujas has introduced a workflow based, VM requisition assessment,
❑ Provide advisory support to non-security team to fix identified issues escalation, tracking, and reporting solution.

❑ Manage Security Overrides for firewall, USB and internet access ❑ Aujas provided advisory support to fix identified issues

❑ Establish minimum baseline audit for critical applications (multiple ❑ Aujas conducted re-test to make sure that all identified issues are
departments) to ensure they are following minimum security standards appropriately closed.

❑ Aujas reviewed requests for security exceptions and approved as required

What Client has to say about Aujas
❑ Aujas reviewed minimum baseline security standard for applications and
❑ “You have displayed great proficiency in identifying critical security underlying infrastructure to comply with minimum baseline security policy.
vulnerabilities and helping application owners during closure. On behalf
of the organization, I would like to appreciate your dedication and
seamless effort. You as a team doing brilliant job and maintaining positive
environment for the organization. Always keep your positive attitude and
working spirit up & high.”
 Case Study – Red Teaming for an IT Outsourcing Company 26

BUSINESS NEED OUR SOLUTION

❑ The IT Outsourcing company had its own team for Vulnerability Assessment ❑ Aujas has identified multiple new vulnerabilities on the network side which
and Penetration Testing(VAPT) but they wanted to measure how well a had direct impact on client but were ignored previously during their VAPT
company’s people and networks, applications and physical security controls exercise.
can withstand an attack from a real-life adversary.
❑ Aujas has found vulnerabilities on their critical systems and applications
❑ The IT Company had major client base from Europe and wanted a CREST which had received clearance during their previous audits.
certified company to conduct Red Teaming.
❑ Our Reports were the main distinguishing factor as it focussed on the
❑ Identify all the weaknesses and vulnerabilities in the organisation through weaknesses and vulnerabilities from a real attacker perspective.
cyber attacks and social engineering.
❑ Aujas provided advisory support to fix identified issues
❑ Articulate and document the specific remediation requirements for the
identified weaknesses and vulnerabilities. ❑ Aujas conducted re-test to make sure that all identified issues are
appropriately closed.
❑ Provide advisory support to non-security team to fix identified issues
❑ Aujas reviewed requests for security exceptions and approved as required
What Client has to say about Aujas
❑ “Thanks and appreciate the efforts put by your team in letting us know
our security posture. We have understood the findings and shall be
implementing the suggested strengthening controls in order to secure
the things. Excellent support of the team throughout .”
27
28
 CLIENT REFERENCES 29

Following are references with whom Aujas can arrange for reference call as and when required:

Name of the Person Organization Designation Email ID

Anuprita Daga Yes Bank CISO Will be shared as per request
Pranali Taskar ICICI Bank AGM – Information Will be shared as per request
Security
 30

THANK YOU
Submitted By
Vishesh Rathod
Business Development Executive
Contact No
8082282757
Email
[email protected]
Website
www.aujas.com