MySOC – We Play All !

People often confuse a SIEM solution as a SOC offering by default since it solicits the critical assets information to determine the sizing of a commercial Security Information Event Management (SIEM) solution. Whereas a Security Operating Centre is much more than a regular SIEM can provide, though it forms the "core" of the entire solution.Its imperative, you have to be careful while choosing the heart of a SOC solution, which are available commercially, as well as many pick n choose Open Source variants.

Choosing "In-house" or "Outsourced" SOC

One of the important aspect of SOC solution is to have an in-house managed SOC or getting SOC services from a MSP. There could be pros and cons of both the options, we leave it upto you if you wish to get into "building and investing in tools and resource and maintain them, in terms of renewal of commercial tools" and "hiring-firing of critical SOC resources" or "simply look at trusting a experienced MSP who can offer great 24x7 or 9to9 kind of services and always available on call". Just remember, the MSP offer could be "on-cloud" or "on-premise" depending on where the heart lies. We at Clyst.IT Services can help you set-up SOC in your own premise, or we do end-to-end services on-prem or on-cloud.

The SOC Gamut

Every organisation may have different needs when it comes to implementation of a SOC. For some it may be just for compliance purpose as their regulator mandates, but most of them will be actually looking at pro-active Security. Though we are not suggesting of having a inferior adoption of SOC solution, but you can always avoid the High adoption Capex !


MyPhish – The Phishing Simulator

Create the Human Firewall

Empowering your Users using the critical IT infrastructure forms an important part of CyberSecurity resilience. Every Security framework, guidelines and data Security standard talks of “User awareness” as they are easy targets for a hackers. Luring them into opening an attachment or clicking on a link becomes the first and easy step for them to enter your network.

This is where a Phishing Simulator comes into play. Regularly sending your own users Phishing mails, so that they can be trained if they are compromising and develop a habit of checking sender email and domain details before opening any attachment even from a “known name” sender.

• Get custom templates

• Cloud based campaign launch

• Get comprehensive report

• Educate your weakest link

One time Service involves running 3 campaigns in a regular short period of time. Clyst team recommends following sequence: First one with IT Team communication / HR Portal mail Second with local Intranet / HR Portal or Social Engineering, like Facebook, Twitter Third with your Corporate Banking

MyPhish can also be availed as a Saas model, call it “Phishing as a Service”, where we can share report for Users improvement trend over a period of time.

Spoof-Marc’D – DMARC-DKIM based Anti-Spoofing

DMARC-DKIM-SPF based strict Anti-spoof protection

One of the core usage of Internet for any Enterprise is for Email communication , apparently becoming one core Technology susceptible to different kinds of hacks. One of the oldest and easy hack is to send spoof mails from your domain ID and try to gain trust of the recipient and gain access of the system or some financial gains.

DAMRC, DKIM and SPF based Anti-Spoof solution, whre all these 3 mechanism forms to verify legitimate (trustworthy) email and reject untrustworthy emails from reaching the Inbox, making your domain safer and indirectly upkeep the Brand reputation of your Organisation.

This Service includes strict configuration of DMARC, DKIM and SPF settings, followed by monitoring of mail traffic and ensure no false positives are occurring. Making decision on the untrustworthy mails to be delivered, or quarantine or inaction forms the basis of this service. A well set configuration is dependent of multiple factors and an Automatic well working rejection of only untrustworthy emails can be achieved in a period of short time. At the same time, a very popular company domain with more number of Inbox may need a regular monitoring services to ensure the mail communications are trustworthy. Citing these, we at Clyst have two offerings;

• A one-time Service, which involves achieving the perfect settings in a period of 3 months, after which the Clients can opt-out of regular monitoring.

• A SaaS based service, which becomes a continuous month on month monitoring and fine-tuning service to maintain integrity and brand reputation of the organization.

Cyber X-Posture –Firewall Audit and more…

Firewall Audit, a must !

Having a Firewall your networks perimeter is just one aspect of Security, and covers you from majority of well know and simple Cyber-attacks on your network. Having said that, it is not enough and sometimes leads to complacency and a notional security that a one-time configured Firewall, however well it is configured, is protecting you against any impending cyber-attacks. Considering the fact that the Threat attack vectors are more innovative and however Big or Small your organisation is, a hacking attempt is inevitable. As per Gartner, through 2020, 90% of firewall breaches were caused by firewall mis-configurations, a number which they believe will be 99% by 2023. Means we are talking of the just mis-configurations, no flaws of the Firewall, be it any brand.

“Through 2023, 99% of firewall breaches will be caused by firewall misconfigurations, not firewall flaws.”

- Gartner

Firewall misconfigurations usually accumulate over time, and if you don’t do a regular AUDIT, you are looking at an cyber risk.

Temporary rules created for unscanned access, disabling threat checks on Firewall Rules, creating “any port” or “any source” kind of rules are typical reasons for a Firewall becoming non-compliant.

Our own experience tells us that 80% of the Firewalls we audit, have 45% or less compliance, and this is a big gap.

At Clyst, we have designed Cyber-X-Posture , which is the Firewall Audit Service, include finding OSINT based risk information for the organisation where the particular Firewall in connected. OSINT, Open Source INTelligence is information available in public domain about any company, their website, their FQDNs and even a simple information if they have any Windows or Linux servers accessible on RDP or Telnet or SSH.

Post the report, we also help in guiding the IT Team remediate open and immediate critical list items. We recommend any organisation should be doing a Firewall Audit once in a quarter.

Cyber-X-Posture features Basic Advance
General Compliance Highlights - Systems, Access, Firmwares& Defaults
Advance Compliance Highlights - Firewall Policy, Security Policy
Logging and Reporting
Firewall Rule Analysis Basic Advance
Malware Protection, Network Protection Review
Protection Policy review
OSINT based report Basic Advance
Report explanation on email/call
Traffic Analysis -
Compliance reference (ISO27Kx, PCI-DSS….) -
e-meeting with Security Expert on report details and remediation guidance -
VAPTrite™ –Security Assessment & Audits

Vulnerability Assessment and Penetration Testing

Security Assessments, or as they are most commonly known as VAPT, Vulnerability Assessment and Penetration Testing, by many Regulatory bodies trying to imbibe a Security culture in organisations under their purview. Most of the guidelines on Data Security Standards talk of getting a Security Assessment done for the entire Network.

Difference between an Assessment and Audit

A common industry practice of doing VAPT involves Security scanning of the target Systesm, Servers, Network and Critical Infrastructure assets, this falls under the category of Assessment, with or without Penetration Testing. But an Audit, typically means someone is getting access of the critical assets, for eg. , a Firewall, and check for any weak configuration checks leading to closing of any gaps or vulnerability due to misconfigurations.

Our tagline for VAPTrite says “customised Vulnerability Assessment and Penetration Testing”, making it in accordance with a Clients requirement. A full blown top of the line VAPTService will involve:

• Two ITERATION

• Covers Network, Servers, all Applications (Web/Mobile, DB, Cloud)

• GREY BOX (Profile based)

• Audit of Critical Assets

• Includes mitigationwindow

• Remediation guidance help during the mitigation period

• Final Report, after second ITERATION

• Cert-In Certified Auditor signed

At Clyst, we are committed to provide Reports which are more Remediation driven, as even a smallest of Vulnerability with a strong exploit likelihood is dangerous to leave exposed. Our USP is our expertise in understanding these reports, not just making the reports, and giving right guidance for closure of high risk vulnerabilities.

NetSPA – The Network VA

Network Security Posture Assessment - NetSPA

NetSPA is more of a entry level Assessment Service for an Network, and it ensures each Network Devices and Systems are assessed for any latest critical vulnerabilities and ensure 100% trust of entire Network.

Why regular Systems check should be mandatory?

The most common and well know Operating System, Microsoft, as we all know comes up with regular updates and Service patches to overcome bugs and vulnerabilities. This directly means that, whenever a OS provider comes up with a patch the whole world knows what all loop holes a particular version of the OS have, and can be exploited.

A service like NetSPA basically points to any updates that maybe missing from Systems, and other well-known networking devices like Managed Switches, Routers, Wifi-Access points, Wifi-controllers, IP-EPX and AV conferencing systems.

If your Security Assessment is only focussed on Critical assets, NetSPA is the right way of ensuring nothing is awry at network level.

NetSPA requires some network level tool installation and scanning, post which our Analysts give a detailed final report. The Report carries a “RISK DASHBOARD”, pointing to what and how your network systems and devices are performing on Risk Score.

Policy Mentoring – All the Alphabetic Compliance

Compliance enactment and adherence

ISO27Kx, FISMA, HIPAA, NIST, PCI-DSS are some common and well know Standards, some specific to Data security, and some covering a much bigger aspect of overall governance and operations of an organisation.Organisations falling under certain compliances, or getting into an Compliance implementation for securing some commercial contracts is common and important from Cyber Security standpoint.

The Cyber Security aspect of any compliance revolves around well-known IT practice and Standard operating procedures of IT Team. How they handle critical Servers, its maintenance, to how a new User in network is assigned IT assets and username creation, storage maintenance and so on.

The ABCD of Compliance

With so many compliances, all pointing to similar aspects of IT operations and Data security standards leaves one perplexed and undecided of what to look for when a “ABC..” compliance needs to be done.

We at Clyst have expert, certified consultants with whom we work, and our strength is in getting these Policies implemented in its authenticity. Being around and working with many BFSI clientele who fall under Regulators like RBI, SEBI, IRDA in India, we can definitely consult each and every organisation on the basics to maintain and upkeep any Compliance Certification.

vCISO –The Virtual CISO

A Virtual Chief Information Security Officer

IT and Security consultancy was always available in form of individual Consultants or System Integrators, who would help IT Team of an organisation adopt certain Technology, and help in implementing the same. This similar role is spun to be part of mainly “Information Security” (or Cyber Security) activity from an organisations standpoint.

This has become a compliance point for most of Banking, Finanacial Services and Insurance companies falling under different Regulators. So having a dedicated in-house CISO is mandatory, or alternatively they could have a virtual (outsourced) CISO accomplishing the same purpose.

At Clyst, we have many who can don this role of a CISO, but what we offer is a Single point of contact based service. A brief of our vCISO service

• SPOC based service

• Security Architecture design

• Policy framework and implementation

• Critical POC support