Cyber Security and Privacy Foundation Pte Ltd.(CSPF), Singapore (http://cysecurity.co/), has released the latest version of Reeja Vajra Cloud. Reeja Vajra provides Automated Threat Monitoring via the Cloud. Reeja Vajra has been successfully deployed at several clients in the banking/financial services sectors in India and overseas.
The proprietary Reeja Vajra technology now incorporates machine learning, advanced algorithms, recognition and comparison engines and an advanced shell detector. The essential deliverables of latest version of Reeja Vajra includes Daily Network Vulnerability Identification, Application Vulnerability Identification, Webserver & Frame work level vulnerabilities, Random APT attack vector identification, Defacement monitoring and Reputation service (Including Similar domain Monitoring for phishing). Reeja Vajra Cloud incorporates four modules : APMS – Anti Phishing, Malware, Spamming Module (Anti Fraud Service), WRSS – Web Reputation and Security Scan Module and AVA – Automated Vulnerability Assessment for IP Address and DF 24 – a defacement monitor.
As J Prasanna, founder and CEO of CSPF, says, “despite Organisations & governments around the world deploying latest Web application firewalls, other firewalls, intrusion prevention systems, SIEM and being certified under ISO270001, they continue to get hacked almost at will. Are these technologies really working?”
CSPF in earlier days analysed the main reason for hacks actually taking place as:
- Lack of security researchers in organisations with intuitive understanding of hacking
- Insecure Web applications and Mobile apps forming the attack surface area
- Absence of co-ordination between application and network teams
- Application teams lack knowledge to fix vulnerabilities identified by VAPT teams
- VAPT teams from external vendors/consultants who run script tools and don’t actually find vulnerabilities.
- Risk management teams not having a say in IT teams
The proprietary Reeja Vajra technology now incorporates machine learning, advanced algorithms, recognition and comparison engines and an advanced shell detector. The essential deliverables of latest version of Reeja Vajra includes Daily Network Vulnerability Identification, Application Vulnerability Identification, Webserver & Frame work level vulnerabilities, Random APT attack vector identification, Defacement monitoring and Reputation service (Including Similar domain Monitoring for phishing). Reeja Vajra Cloud incorporates four modules : APMS – Anti Phishing, Malware, Spamming Module (Anti Fraud Service), WRSS – Web Reputation and Security Scan Module and AVA – Automated Vulnerability Assessment for IP Address and DF 24 – a defacement monitor.
CSPF in earlier days analysed the main reason for hacks actually taking place as:
- Lack of security researchers in organisations with intuitive understanding of hacking
- Insecure Web applications and Mobile apps forming the attack surface area
- Absence of co-ordination between application and network teams
- Application teams lack knowledge to fix vulnerabilities identified by VAPT teams
- VAPT teams from external vendors/consultants who run script tools and don’t actually find vulnerabilities.
- Risk management teams not having a say in IT teams
Reeja Vajra, as a Dedicated SaaS platform, was born of these findings to assist CISOs who want “real safety”, going beyond standard technology deployments.
The benefits of Reeja Vajra include -
- APMS, non intrusive scan to identify compromises in corporate IT infrastructure
- AVA IP/AVA WRSS which identifies vulnerabilities on Web/OS/network level
- DF24 to identify when a website/service is down, or a defacement by hackers
- AP24/AP24CTL which can identify phishing site/brand abuse very quickly using neural network/machine learning with computer visioning
- Manual APT testing once a month to enable white hat hackers to identify vulnerabilities missed by automated scans
- All vulnerabilities found by automated/manual tests are moved to a bug track list for SOC of organisation to fix
- Daily report and weekly report generation
- CISO dashboard shows the current Cyber Threat Index and different graphical views of the vulnerabilities of the organisation.
- CSPF team works with the application team/vendors to train them on application security aspects of programming
- The entire focus is find vulnerabilities, prioritise them and work with Application team/network team to fix them. This helps to bring down overall vulnerabilities which can be exploited by hackers to zero and maintain this on a consistent basis
Background on CSPF
CSPF is a highly specialised cyber defense boutique that utilises proprietary technology and products to provide strategic consulting, services and protection against potential attacks on critical front end and back end IT infrastructure from organised criminal, mafia, hacker or state backed groups. CSPF provides services in Vulnerability Assessment and Advanced Persistent Threats (APTs) Assessment. CSPF's core focus includes banking & financial services, critical infrastructure and governments.
CSPF is an evolution of a journey in information security that started in 1992. It is part of an eco-system that includes an information security news portal (E-Hacker) and a foundation dedicated to developing cyber security awareness and defense skills. CSPF choose to incorporate in Singapore in order to internationalise the organisation and to optimally harness software talent in India as well as other parts of the world. Cyber threat is global and the counter response also has to be global in nature.