Security

We maintain a specialized security practice. Here's how we can help.

01

Kernel components on UNIX and Windows

Profound knowledge of OS internals and threat landscape. Contributions to Fortune 25 security solutions.

Our Expertise

Storage filter drivers

Layered file systems for data security

Network filter drivers for attack prevention

ARM-based processor encryption support

02

End-to-end key management, data discovery and data security

Our engineers contribute to on-prem, cloud, and containerized security solutions. We work with industry standards like FIPS, KMIP, PKCS.

Excel in

Encryption

Key management

Data discovery

Securing Interfaces

01

Developer training

Sensitizing developers and test engineers to security issues, so that security issues are considered throughout the development life cycle.

02

Audit processes

Audit of software development and QA practices, source code handling, bug tracking systems, vulnerability management.

03

Process improvement

Suggesting and implementing specific tools for assessing and reporting security quality of the software developed in-house before deployment. Suggesting steps for due diligence and inserting specific obligations from vendors when off-the-shelf or customized software is acquired and deployed.

01

Deployment security

Assess the security of deployed servers, update and patching of software on the servers, instantiating a regular scan of the deployed servers for on-going information security status auditing.

02

Penetration testing

Specific attacks of well-known vectors such as OWASP top 10 and CWE top 25, using appropriate tools and ad hoc techniques.

03

Software audit

Software source code audit for identifying insecure practices and potential vulnerabilities for open source and client-developed software. Software security audit for software deployed where the source code is not available.

04

Access control and separation

Separation of privileges for insider access to various server components and the data contained therein, separation of user data, assessing the secure storage of secrets pertaining to users as well as across user groups, suggestions for changes in architecture and deployment to ensure data access control.

Case studies