Digital Assets Risk Management

Secure your digital assets from external threats

Identify and counter the risks to digital assets

Digital data sprawl puts your organizational security at risk. Our Digital Assets Risk Management services use an external, intelligent context to track down and flag unknown threats. Covering the depths of the darknet or the deep web, we help reduce the impact of potential threats by implementing controls or countermeasures.

Why Digital Assets
Risk Management?

Our advanced security capabilities ensure your digital assets, intellectual property and sensitive data are protected round the clock. You get assured protection through collective security and threat intelligence to react to new and emerging threats, with 24x7 incident response.

Our service offerings

Web Application
Firewalls

Detect and block unwanted threats and intrusions


ShadowMap


Identify and build inventory of organization-wide exposures


Web Application
Testing

Identify dangerous code to avoid business exploits

Risk Monitoring

Targeted and highly specific intelligence to improve your detection capabilities

Bot
Manager

A highly effective framework to manage the malicious or "bad" bots

Web Application Firewalls (WAFs)

Today, skillfully crafted attacks are penetrating unprotected sites and compromising sensitive information without leaving a trace. Our WAF service protects websites and online applications against current and emerging threats, helping you detect and block unauthorized intrusions. These include SQL injection, cross-site scripting (XSS), illegal resource access, malicious bots, and other OWASP Top 10 threats.

Key features

Offered as a
service

  • Easy deployment by just a simple change in your website DNS settings
  • Available in simple commercial models
  • SaaS-based pricing and easy go-live
  • Multiple value-adding services, like DDoS, web app PT, and SSL certificates

Immediate and effective protection

  • Securing web applications and enabling PCI DSS compliance
  • Webserver platform independent
  • Access to global security intelligence
  • Low false-positive ratio

Intuitive and contextual security

  • Automatically learns web application structure and user behavior
  • Protection from zero-day and emerging threats using correlation
  • Integration with VA and PT scanners

Optimized TCO and compliance

  • secureAT provides up to 40% benefit over dedicated appliance solution
  • Almost no management and maintenance overheads are involved
  • Achieve all mandatory and necessary regulatory controls

ShadowMap

This big data analysis and machine learning service continuously maps your shadow IT infrastructure and applications without intriguing your infrastructure, giving you asset visibility and vulnerabilities exposed in public domain.

Key capabilities of the solution include the ability to identify publicly exposed services, applications, assets and security bypass issues, get comprehensive inventory, generate daily differential gap reports, and map client environment across global hosting footprint.

Key Components

Internet-wide scanning

  • Proprietary technology and platform scan all 4 billion global IP addresses daily.
  • Extracts 22 different data points for machine learning analysis.

Big data analysis and ML

  • Massive dataset from the scans is processed to extract key parameters.
  • Algorithms create customer profiles that identify all assets belonging to them.

Risk analysis

  • Additional scripts are run on shortlisted assets to reconfirm their identity.
  • Apart from routine checks, a 20-step process flags all exposed apps, by functionality and risks.

Reporting

  • Comprises scheduled emails alerts, real-time dashboard and API integrations.
  • The reports deliver desired results, and are used to track closures.

Key features

Advanced capabilities

  • Detects new network services, web and mobile applications exposed across the world
  • Virtual host detection identifies hosts and configures mappings even with no DNS entry

Complete integration

  • Modules available for integration with WAF/IPS/SIEM detection and reporting
  • Completely integrates with VA/PT/AppSec scans and third party GRC tools

Unique solutioning

  • Purely external solution that requires no data or agents deployment
  • Service reports can be customized to meet customer specific goals and objectives

Web Application Testing

Application code review identifies vulnerabilities at the core level, and mitigates insecure coding practice. We provide app code review through proprietary in-house and scanning tools, involving human intelligence to review and identify dangerous code to avoid adversaries exploiting your business applications.

Key features

Mapping of logic & workflow

  • We thoroughly understand your applications’ business logic and workflows.
  • Create a logical map of relationships between modules, backend etc.

Fix information with examples

  • Fix info provided in your development language, framework and platform.
  • Detailed instructions, POCs & source code examples are given.

Integrated and wide range of tools

  • Proprietary, open-source and commercial tools bring security and cost efficiency.
  • Output is cross-referenced, correlated and fed to manual auditors.

Expert-led, test-case driven

  • Experts create test cases specific to your business priorities and challenges.
  • Our large internal test case database is referenced based on various identifiers.

Identify vulnerabilities

  • Our approach identifies design & logic issues in applications.
  • Such high-impact issues cannot generally be found through automated scans.

Risk Monitoring

Targeted attacks are taking on sophisticated forms. Organization-specific threat intelligence is required to ensure near-zero false positives, avoid critical information compromise and enhance security posture.

We offer Risk Monitoring as a service, where we provide specific and targeted intelligence to improve detection. We also offer expertise on enhancing preventive capabilities in your existing security products.

Key features

Advanced analytics

  • Predictive analytics deployed early in the
    kill-chain
  • Trend analysis over time

Actionable intelligence

  • Identify your real weaknesses and reduce false positives
  • Augment threat-hunting and incident response

Exposure monitoring

  • Continuous monitoring of the dark/deep web to detect attacks
  • Enrich log data; offer threat intelligence on brand, infrastructure, surface, deep/dark web

Bot Manager

In the age of the internet revolution, industries are adapting bot solutions to make digital platforms interactive, and to reduce time and resources to improve user experience. At the same time, there is a huge traffic of bad bots, which perform fraudulent activities that hamper the performance of legitimate users and increase overall IT cost.

Bot Manager provides organizations with a flexible framework to better manage the wide array of bots accessing their websites every day. It offers the ability to identify bots as they first arrive, categorize them, and apply appropriate management policy for each category. This allows greater control over how each organization interacts with different types of bots, maximizing business benefits while minimizing any negative business or IT impacts.

Key features

Detection on the web

  • Detect non-evasive scrapers targeting web applications
  • Detect large-scale credentials, gift card and coupon checking on browser and native mobile application endpoints

Advanced techniques

  • Multiple categories of bots and detection techniques for customizable configurations
  • Mobile SDK for native mobile app protection

Why NTT-Netmagic?

Extensive global track record

NTT security specialists mitigate billions of security threats every year.

Superior customer experience

Access to comprehensive analytics, service delivery and process development

Financial stability

We're an integral part of a NTT Ltd. - a leading global technology services company.

Deep
investment

We invest in innovative solutions and groundbreaking service development.

Insights