WIXLIB

ENTERPRISE SECURITY & RISK MANAGEMENT (ESRM)Securing the EnterpriseOrganizations want to grow business rapidly through adopting new technologies.Our job is to help CISOs enable that growth by managing risk accordingly and not hindering that business momentum.Connect with us: ESRM@TechDefcon.comclick here for website

ESRM Capabilities OverviewDelivery Approach End-to-end Intelligent Enterprise securityservices Guide clients through digitaltransformation while keeping them secure Deep know-how of security productsCustomer profileBy vertical Telecommunication services Banking & Financial services Manufacturing Healthcare Energy & Utility Retail Media & EntertainmentFortune Global 500 ClientsESRM Capabilities Our Partnerships Comprise of: 1 of Top 30 Security Consultingcompanies in Gartner’s Market Guide,2016 750 dedicated security specialists 140 large enterprise clients including5 Fortune 20 clients 15 years practice of Cyber SecurityServices Track record of successful delivery of500 large security outsourcingprojects 60 Security OEMS and MSSP PartnersSecuring Enterprises Across VerticalsBy geography7 Telecommunications5 Banking & Financialservices4 Manufacturing3 Technology

TechDefcon.com Risk Management DNA Cloud security strategy Cloud Security with zones,firewalls, IPS, CASB, federation,monitoring, forensicsVulnerability managementPenetration testingPolicy complianceAntimalware, encryption, HSM Advanced persistent Threatmgmt. Vulnerability Engineering Vendor risk managementprogram Risk bases assessment models Data protection program, DLP,DAM, Encryption, tokenization, IAM strategy & policy definition Identity governance & admin Role based access governance Designing defensive network Internal and external SSO, Micro segmentation, NAC Public, private and hybrid cloudready design RSA Archer automation or ITGRC, ERM, Audit and BCM eDiscovery and Forensics Privilege identity managementwith multi-factor support Risk based authentication Security policy compliance Data classification, discoveryand protectiontechniques i.e. biometric Password vaults and serviceaccounts managementWe offer Advisory, Protection , Monitoring & Remediation servicesin our risk based portfolio

AUTHENTICATION FOR SWIFTCopyright 2016 Tech Mahindra. All rights reserved.4

The Problem1NO PROTECTION ON SWIFT LOGINS BEYONDUSERNAME/PASSWORD2PRONE TO IDENITY TAKEOVERSTHE MANDATERef: delines

Case StudyCase Study (2FA): SWIFTProblemTop 5 largest Bank of Added Benefits Compliance with SWIFT India Integration-ReadyMandateProtecting 500 Users forplugin for SWIFT Vulnerable to GlobalSWIFT with Mobile SoftSWIFT hacks No inclination for OpenSource Products likeGoogle AuthenticatorToken and HardwareTokensapplication Compliance Mandateachieved ahead of timeThe Solution has responded to global threat of SWIFT hacking by building a quick ready-tointegrate plugin for SWIFT application. With bank hesitant to try anything open such as GoogleAuthenticator for a critical financial application such as SWIFT, the solution provided a quick andfast manner to protect our SWIFT users and thereby, complying to SWIFT mandate quickly.

COMPREHENSIVE AUTHENTICATIONSUITE FOR TEMENOSCopyright 2016 Tech Mahindra. All rights reserved.7

COMPREHENSIVE AUTHENTICATION SUITEFOR TEMENOSOUR AUTHENTICATIONSOLUTION

Case StudyCase Study (2FA): Bank in Cambodia –TemenosProblem Authentication forCambodia’s First &Temenos Product TCIB Internet Banking 13,000 users1FA (Username/Password) 2FA Hardware Tokens 2FA Mobile Soft TokenswithPUSH OOB, protected withPIN and Biometric TouchIDForemost BankAdded Benefits Cost EffectiveScalableTemenos CertifiedFuture-ReadyRisk- based AdaptiveAuthentication Behavioral Analytics Biometrics eKYC

Case Study: Bank in the UK – ProtectPCI dataChallenges Brand new bank selected FISERV toCase Studyprovide a hosted core bankingsystem and card processing service.Requirements Protect all PCI data between theDigital Bank’s estate and FISERVbefore it hits Bank’s estate in theclear. Ensure clear data is sent back toFISERV for processing. Solution must be hosted in a PCIcompliant environment and fullymanaged 24/7. Data must be format preserved andtokenised in order that all systemsremain out of scope for PCI audit. Solution must be able to scale as thenew bank grows in complexity. Bank subsequently found thatFISERV do not provide any datasecurity or PCI compliance with thehosted service. Bank did not want any of their ITestate to contain clear PANs inorder to reduce their scope for PCIaudit.Solution Enterprise SecurityAdministrator Data SecurityGateway Tokenise anddetokenise all PANsbetween Fiserv andthe Bank

Business Apps Integration withCompliance Automation toolCopyright 2016 Tech Mahindra. All rights reserved.11

Information Security’s Blind SpotBusiness Applications, Cloud & ERPERPBusiness atewaysNetworkPhysicalSecurity ToolsDevicesIdentityManagement

Why are Business Applications a Blind Spot forSecurity?WHO?WHAT?WHEN?WHERE?HOW?Current tools focuson the potentialSECURITY ISSUEInfrastructureVulnerabilities IntrusionsPerimeterVirusesIdentitiesSecurity solutionsshould focuson the actualBUSINESSIMPACTERPCloudBusiness AppsFinancialsCritical DataMaster re

A single pane of glass for Information SecurityBusiness ContextSecurity AnalyticsStrategic ReportingGovernance across networks,devices, applications and peopleAdvanced analytics linkingbusiness and IT contextActionable security riskfor your businessEtc.ERPCloudNEDBTWIAMOMobile gh integration with your Compliance Automation tool, the controls monitored by the solution can be reported into it’scontrol repository. In addition, the control exceptions detected through the correlation and contextualization of transaction and userdata can be compiled and reported to it where it can be consolidated for compliance evidence.

MIFID II COMPLIANCECopyright 2016 Tech Mahindra. All rights reserved.15

MiFID II Regulation is based on 5 themesOperatingConditionsThe new rules require enhanced record keeping, detailed analysis of group-wide conflicts andamendments to the governance frameworkInvestorProtectionMiFID II aims to enhance the level of investor protection for all clients and counterparties. The new rulesinclude detailed provisions covering financial promotions (i.e. marketing), client categorisation, bestexecution and disclosureTransparencyThe scope and volume of financial transactions to be reported under MiFID II (both publically andprivately), has materially increased to cover all traded instrumentsElectronicTradingMiFID II places greater responsibility on regulated firms to demonstrate that electronic trading isconducted in a safe and controlled manner.MarketStructureRevised market structure requirements to enhance the visibility of “dark pools”; i.e. trading conductedaway from the public markets

Aligning MiFID II with other regulationsSource: EY MiFID II: Time to take action Wealth & Asset Management Report

Regulation Management ProcessRegulatory Intake, Collaboration & Execution1Regulatory CitationsRequirements2 Capture, intake and reporting ofregulations Version control and gapanalysis Delta change management Leverage publicly available content &subscriptions from UCF, LexisNexis,Thomson Reuters, etc. Pre-built reports anddashboards Regulatory alerts and Control Definition Central repository for regulatorycontent, requirement and reporting Dynamic, multi-threadedworkflow capabilities Best practice control mapping &content creation Review all or part of citations,requirements or controls at anytime Unified control framework for allregulatory agencies Comment and interact from start tofinish Share and review best practices4ComplianceITControl Management5 Map controls back to citationsRegulatory Reporting Manage, monitor and test controls* Capture, store and import report results Automatically execute control tests againstoperational systems & business applications Manage and maintain findings & evidence

Case Study: Large Spanish Bank, also inthe UKCase StudyRequirements Analyze regulatory changes Automate the RCM process. Using RegManas a system of record to keep audit trail ofall the activities done for regulatory changemanagement and reporting to board andregulator Capture changes from ESMA and otherfeeds from the authorities, ThomsonReuters feeds, and process otherunstructured content in pdf and tsReduceComplianceCostsImprovementEstimateDetail Reduce time spent by external legal councils onregulations20-30% Reduce time spent by internal legal teams onanalysis of regulatory and legislativerequirements40-50% Reduce cost to implement controls50-70% Reduce cost of manual workflow approvals40-80% Reduce manual steps for compliance40-80% Reduce testing and monitoring costs40-80% Reduce internal audit costs5-10% Assess regulatory obligations and reporting Reduce fines and penalties40-80% Report on degree of compliance throughCompliance management (automatedcontrols) Reduce cost of point solutions to support theregulatory response process40-70%TOTAL 7.8-13.9 M

PORTFOLIO OF SERVICESCopyright 2016 Tech Mahindra. All rights reserved.20

Disruptive Advanced Security offeringsCLICK ANY BOX12Brand & Executive Threat on)9AutomatedPhishingResponseUnifiedGRC, DLP, SOC17OT tum Sciencebased SecurityProtect againsttampering &ransomware1113Cognitive SecurityAnalytics68InstantaneousEndpoint visibilityThreat Hunting &MitigationHacker AttackSimulation5De-identification ofCloakingPHI/PII Datacommunication incritical assetsMobile-firstSecurity315DeceptionDisarmament &Reconstruction1. Proactive and preventative Brand & Executive Protection offered through our Digital Risk Monitoring2. Threat Scorecard Rating, an innovative dark-web rating service that provides a view of the company’sconfidential information uploaded on the internet & dark-web, and potential vulnerabilities unknown to theenterprise3. Simulate hacker attacks keeping continuously executing breach methodologies to proactively find theholes in your environment4. De-identify PHI/PII data permitting unhindered and secure predictive analytics on the data; secureentire big data lake while allowing tenants to see their own data5. Cloak communication between critical assets to protect against Man-In-The-Middle (MITM) & DDoS6. Protect not only against theft but also tampering and ransomware in real-time throughcomprehensive Data & Endpoint Protection Platform7. Secure smartphones, tablets, applications, mobile fleets, and more through accurate detection ofcomplex patterns using predictive cloud-based mobile security8. Instantaneously secure and manage millions of endpoints in seconds; gain visibility and control tomake better decisions9. Automatically detect and block email phishing attacks in real-time, with or without humanintervention, followed by an enterprise-wide remediation response10. Deploy unified threat protection with the best threat intelligence, threat hunting & mitigating11. Detect, deflect, defeat cyber-attacks with algorithmically deployed unique deception traps, toinitiate the kill-chain and threat hunting process12. Biometric Authentication for real-time transaction security combined with user behaviourauthentication & risk-based authentication13. Cognitive security analytics to replicate human intelligence at machine scale with Natural LanguageProcessing (NLP), and automated research, prioritization and remediation capabilities14. Seamlessly address both malicious & inadvertent data/information exfiltration with a real-timedashboard view of the entire Enterprise and/or Cloud including GRC enforcement, DLP & SOC15. Deception disarmament & reconstruction to process all files, analyze the content, and rebuildduplicate files with clean and sanitized content16. Harness unique quantum science properties and cryptography to ensure data confidentialitythrough encryption based on Random Number Generation17. OT Network visibility for Industrial Control Networks in real-time