As technology becomes essential for meeting the needs of customers, employees, suppliers and other stakeholders, an organisation’s cyber security must build both resilience and trust. In addition to protecting your mission-critical assets and ensuring business continuity after a cyber-attack, how can you protect the data that stakeholders entrust to you?

While there is no ‘one-size-fits-all’ cyber security action plan, business-led protection strategies need to be embedded in governance models, operational processes and culture.

Our Services

1. Security Testing and Configuration Review - Provides an in‑depth review of an organization’s technical security posture across various areas from offensive security testing or vulnerability assessment and penetration testing (VAPT) to configuration review
 
Service elements:
 

— Infrastructure VAPT

— Application VAPT (web, mobile, API)

— Code Review

— Configuration Review – Cloud, Servers, DB, N/W Devices

Potential client benefits:

  • In-depth review of an organization’s security posture from an attacker perspective
  • Assessment of organizations’ configuration hardening with respect to leading standards such as CIS
  • Periodic review of cyber security controls implemented
2. ERP Security Assessment - Focuses on clients ERP (SAP, Oracle EBS, MS Dynamics) environment from the perspective of security
 
Service elements:
 

— Segregation of duties

— Code Review

— Vulnerability Assessment

Potential client benefits:

  • Optimize efforts for ERP security assessments
  • Ensure secure implementation of ERP solutions
3. Red Team Assessment - Provides clients with an outside in view of their security processes across people and technology emulating an attacker’s perspective to break into the environment and gain access to crown jewels
 
Service elements:
 

— Social engineering

— Scenario-based assessment / Attack Simulation

— Active Directory attacks

— Malware Injection

Potential client benefits:

  • Improved Return on Investments for cyber security initiatives
  • Cyber as competitive advantage and revenue generation opportunity
  • Effectiveness of security tools around detect, respond and recover
4. IoT/OT Security Assessment - Provides an in‑depth review of an organization’s industrial control system security across their environment
 
Service elements:
 

— OT Risk Assessment and OT Asset Discovery / Inventory

— IoT Security Framework

— Scenario based Assessment

— Hardware Security Assessment

— Automotive Security

Potential client benefits:

  • In-depth review of an organization’s industrial control system / embedded security posture
  • Prepare inventory of the existing assets in OT environment
  • Identification of vulnerabilities across existing and new assets and Attack paths from external / IT environment
  • Hardware security assessments for products
5. Cloud Security Testing - Provides an in‑depth review of an organization’s technical security posture across various areas from offensive security testing to configuration review
 
Service elements:
 

— Data Lake Security Reviews

— Configuration Review – cloud services (IAM, KMS, Compute, RDS)

— Container Security Review

— Kubernetes Security Review

— DevSecOps

Potential client benefits:

  • Data Lake Security Reviews
  • Security Benchmarks / Baselines – cloud services (IAM, KMS, Compute, RDS)
  • Enhanced security posture for containers, Kubernetes 
6. Product Security Assessment - Provides an in‑depth review of products built by an organization from a cyber security perspective for both software and hardware products
 
Service elements:
 

— Product security assessment (application scenario-based assessment, secure code review, open source vulnerability review)

— Hardware security assessment

Potential client benefits:

  • In-depth review of an organization’s product suite from the perspective of cyber security
  • Help organizations comply to security testing guidelines defined by regulators such as UIDAI, RBI, IRDAI, CERT-IN, NPCI
  • Assess the attack paths for software / hardware products
7. Remediation Support - Provide a strategic plan on how to improve your vulnerability management program (with a primary focus on remediation)
 
Service elements:
 

— Vulnerability Management Program

— Risk Prioritization and Operations

— Vulnerability tracking and triaging

— EOL / EOS Tracking

Potential client benefits:

  • Develop/Update the governance activities including monitoring, reporting, tracking and compliance/adherence to new processes
  • Aid in categorization of vulnerabilities, grouping of vulnerabilities, prioritization of certain vulnerabilities and program manage the remediation program to reduce aging
8. External Attack Surface Management - Focuses on client’s external attack surface and provide contextual threat intelligence using KPMG proprietary tools such as Digital Signals Insights Platform
 
Service elements:
 

— Attack Surface Management and continuous discovery

— Threat intelligence

— Brand Protection

— Executive Protection

— Takedown

Potential client benefits:

  • Understand the external attack surface for the organization around domain intelligence, credential leaks, sensitive data discovery, phishing, code leaks
  • Contextual threat intelligence based on IOCs derived from the wild

Key Contacts

Atul Gupta blog posts
Atul Gupta
Partner and Head - Digital Trust and Cyber
KPMG in India
Profile | | Phone
sony-anthony blog posts
Sony Anthony
Partner and Co-Head Cyber Defense and Incident Response, Global Head – Cyber in Deals
KPMG in India
Profile |
Chandra Prakash blog posts
Chandra Prakash
Partner and Co-Head Cyber Defense and Incident Response
KPMG in India
Profile |