The Silicon Review ^Asia

“Engineering centric approach ensures consistent security measures across the information security lifecycle with high levels of reliability and trust”.

IT security is an integral part of any organization to protect computer systems from damage to software, hardware, electronic data, and disruption of services. Due to increased reliance on the computer system and wireless network, the complexity of the cybersecurity technology is also on the rise. Security has evolved from being just technical into much more holistic in today’s scenario. In a computing network, security services are mostly outsourced from Managed SOC services. Most of the IT security is in-house, but a majority of the IT professionals want to, or partner with a managed security services provider. Businesses reach out to service providers to deal with information security like customer data theft, malware, resource constraints, and skill shortages.

MSS provides a systematic approach to manage the organization’s security needs, and Varutra Consulting is one such firm that provides security services and training to create and strengthen the security posture of organizations. The company was founded in 2013 by Kishor Sonawane to offer technical security services.

Recently, Infoshare Systems Inc, a US-based industry leader in custom software services, acquired Varutra. (To know more about Infoshare Systems Inc: www.infosharesystems.com)

Varutra is based in Pune and has additional offices located in Mumbai, Hyderabad, Indianapolis, and California, and services the clients across the globe. In addition, the company is a CERT-In Empaneled organization certifying governments’ organizations, banks, public sector organizations and provide them cyber security clearance certificates as per CERT-In guidelines.

Kishor Sonawane: Interview Excerpt

Mobile Security

The use of mobile technologies such as smartphones and tablets within an enterprise creates a unique set of challenges that must be addressed in order to ensure that sensitive information accessed, stored, and/or transmitted by these devices is properly protected. Varutra, a pure-play information security consulting services, solutions, and training company, utilizes its extensive knowledge base with technical and operational skills to examine the issues and challenges unique to the security and management of mobile technologies and the information these devices store and process. Varutra has developed patents filed security scanner called as MASTS (Mobile Applications Security Testing Suite) to cater mobile applications security assessment covering android and iOS platforms. This product has static and dynamic analysis capabilities with black box and gray box penetration testing approaches.

Managed SOC

Varutra Managed SOC services are equipped with Threat and Defense capabilities offering 24x7 monitoring services and protecting the client organization by adopting proactive and rapid reactive processes such as incident response. Complete Vulnerability Management, Cyber Security Advisory services are come under Managed SOC Services using internally developed Dashboard applications which comes as a part of the services.

Application Security

Having secure software is one of the biggest needs businesses have today. Web applications are now a must-have component in organizations with the uptime of 24/7 offering secure data access to customers, employees, partners, and suppliers. In order to have effective application security, it is important to revamp the entire software development mechanism by adopting a secure development life cycle and the right combination of testing methods to make the software self-resilient to safeguard the data. Varutra application security testing experts adopt an end-to-end approach for application security. Our methodologies incorporate various elements of application security across all stages of the software development life cycle (SDLC) to enhance overall security posture of critical business applications. Varutra offers customized services to our clients as per their environment and application type (thick client/thin client). Varutra specializes in performing the following services in the application security space. Varutra being leaders into Applications Security uniquely positioned to perform applications penetration testing, secure code analysis, secure SDLC consultancy to vulnerability patching services with our secure development teams. Gartner has recognized Varutra Vulnerability Assessment and Penetration Testing services with Mobile AppSec Testing in its market guide.

Infrastructure Security

Infrastructure Assessment analyzes how your current infrastructure is performing and provides you with a fully customized report illustrating the comparative cost and performance metrics of updating your current storage environment. Wireless networks are an integral part of an organization’s network infrastructure but they are exposed to internal/external threats. Varutra’s wireless security audit methodology is a result of research, proven techniques, advance testing tools and rich experience of our security experts in this area to ensures the maximum coverage over all possible threats from various dimensions. Varutra service model is developed to provide long term, affordable and highly qualitative and reliable services into penetration testing, red team attacks, threat hunting, digital forensics, cloud security assessments, IoT Pentest, etc.

Cyber Security Maturity Assessment

Our Cyber Security Maturity Assessment will focus on formalizing the client organization’s current security posture quantitatively and delivering a cyber-security maturity assessment report along with a tool for recurring internal assessments. The company’s unique methodology combines best practices from various industry standards including COBIT 5, NIST SP 800, OWASP Top 10, CIS Controls, ISO/IEC 27001:2013 (ISO 27001), etc. Varutra would conduct an objective review of the organization’s existing defensive posture as well as the specific controls that are currently in place to protect critical assets, infrastructure, applications, development and testing practices, and data.

Cloud Security & Reverse Engineering

With our engineering-centric, innovative approach and working as a client extended team instead of a vendor has made us trusted brand into InfoSec space since the inception of the company.

Varutra’s Security Assessment services help organizations reduce exposure to risk, protect data assets and minimize the impact of security-related events on business activity. Our services are highly customizable to suit the clients’ needs as per the cloud services and deployment model they have adopted for the business. Varutra offers the reverse engineering service where target software or product is reverse engineered to extract its design and implementation details, understand its internal interactions with different software components. The entire process is carried out to uncover security issues and vulnerabilities, to exploit its weaknesses and to strengthen its defenses.

Cloud computing has its own challenges when it comes to Information Security. It is of utmost importance to protect the critical data and systems in the cloud. Varutra offers Cloud Vulnerability Assessment, Cloud Penetration Testing services for the information systems and applications running in the cloud. The company also offers a unique Cloud Security Audit, which is a comprehensive analysis and review of the security of Information Systems from the perspective of working on the internal controls and policies. This analysis is essential to determine the security and effectiveness of the controls, which are in place.

Kishor Sonawane: A Formidable Leader

Kishor is an Information Security Professional with over two decades of experience. He has worked in multiple prestigious pure-play information security firms at various senior positions such as project manager to practice head. He has performed comprehensive security assessments including application security, mobile application security testing, and network security for multiple international and domestic clients in various business verticals. He specializes in penetration testing, network security assessment, web, and mobile application security assessment, and social engineering activities. He has also provided training in Information Security conferences. Kishor is currently engaged in the business road map, development, growing Varutra presence across geographies and bring automation equipped with Artificial Intelligence, machine learning capabilities to address the upcoming challenges into InfoSec domain.

“Trusted, reliable, highly customizable and inclusive approaches enable our clients to conduct their business with gained confidence at optimal security costs”.