Cyber defence

As technology becomes essential for meeting the needs of customers, employees, suppliers and other stakeholders, an organisation’s cyber security must build both resilience and trust

Cyber defence

Cyber security must build both resilience and trust


As technology becomes essential for meeting the needs of customers, employees, suppliers and other stakeholders, an organisation’s cyber security must build both resilience and trust. In addition to protecting your mission-critical assets and ensuring business continuity after a cyber-attack, how can you protect the data that stakeholders entrust to you?

While there is no ‘one-size-fits-all’ cyber security action plan, business-led protection strategies need to be embedded in governance models, operational processes and culture.

Our Services

  1. Security Testing and Configuration Review:

    Provides an in‑depth review of an organization’s technical security posture across various areas from offensive security testing or vulnerability assessment and penetration testing (VAPT) to configuration review
     

    Service elements

    • Infrastructure VAPT
    • Application VAPT (web, mobile, API)
    • Code Review
    • Configuration Review – Cloud, Servers, DB, N/W Devices


    Potential client benefits:

    • In-depth review of an organization’s security posture from an attacker perspective
    • Assessment of organizations’ configuration hardening with respect to leading standards such as CIS

    • Periodic review of cyber security controls implemented

     

  1. ERP Security Assessment:

    Focuses on clients ERP (SAP, Oracle EBS, MS Dynamics) environment from the perspective of security

     

    Service elements:

    • Segregation of duties
    • Code Review 
    • Vunerability Assessment

     

    Potential client benefits:

    • Otimize efforts for ERP security assessments
    • Ensure secure Implementations of ERP solutions 

     

  1. Red Team Assessment:

    Provides clients with an outside in view of their security processes across people and technology emulating an attacker’s perspective to break into the environment and gain access to crown jewels

     

    Service elements:

    • Social engineering
    • Scenario-based assessment / Attack Simulation
    • Active Directory attacks
    • Malware Injection

     

    Potential client benefits:

    • Improved Return on Investments for cyber security initiatives 
    • Cyber as competitive advantage and revenue generation opputunity
    • Effectiveness of security tools around detect , respond and recover

     

  1. IoT/OT Security Assessment:

    Provides an in‑depth review of an organization’s industrial control system security across their environment

     

    Service elements:

    • OT Risk Assessment and OT Asset Discovery / Inventory
    • IoT Security Framework
    • Scenario based Assessment
    • Hardware Security Assessment
    • Automotive Security

     

    Potential client benefits:

    • In-depth review of an organization's industrial control system / embedded security posture
    • Prepare inventory of the existing assets in OT environment
    • Effectiveness of security tools around detect , respond and recover
    • Hardware security assessments for products

       

  1. Cloud Security Testing:

    Provides an in‑depth review of an organization’s technical security posture across various areas from offensive security testing to configuration review

     

    Service elements:

    • Data Lake Security Reviews
    • Configuration Review - cloud services (IAM, KMS, Compute, RDS)
    • Container Security Review
    • Kubernetes Security Review
    • DevSecOps

     

    Potential client benefits:

    • Data Lake Security Reviews
    • Security Benchmarks / Baselines - cloud services (IAM, KMS, Compute, RDS)
    • Enhanced security posture for containers, Kubernetes

     

  1. Product Security Assessment

    Provides an in‑depth review of products built by an organization from a cyber security perspective for both software and hardware products

     

    Service elements:

    • Product security assessment (application scenario-based assessment, secure code review, open source vulnerability review)
    • Hardware security assessment

     

    Potential client benefits:

    • In-depth review of an organization's product suite from the perspective of cyber security
    • Help organizations comply to security testing guidelines defined by regulators such as UIDAI, RBI, IRDAI, CERT-IN, NPCI
    • Assess the attack paths for software/ hardware products

     

  1. Remediation Support

    Provide a strategic plan on how to improve your vulnerability management program (with a primary focus on remediation)

     

    Service elements:

    • Vulnerability Management Program
    • Risk Prioritization and Operations)
    • Vulnerability tracking and triaging
    • EOL/EOS Tracking

     

    Potential client benefits:

    • Develop/Update the governance activities including monitoring, reporting, tracking and compliance/adherence to new processes
    • 20 Aid in categorization of vulnerabilities, grouping of vulnerabilities, prioritization of certain vulnerabilities and program manage the remediation program to reduce aging

     

  1. External Attack Surface Management

    Focuses on client’s external attack surface and provide contextual threat intelligence using KPMG proprietary tools such as Digital Signals Insights Platform

     

    Service elements:

    • Attack Surface Management and continuous discovery
    • Threat intelligence
    • Brand Protection
    • Executive Protection
    • Takedown

     

    Potential client benefits:

    • Understand the external attack surface for the organization around domain intelligence, credential leaks, sensitive data discovery, phishing, code leaks
    • Contextual threat intelligence based on IOCs derived from the wild

     

Key Contacts

Atul Gupta

Partner and Head - Digital Trust and Cyber

KPMG in India

Sony Anthony

Partner and Co-Head Cyber Defense and Incident Response, Global Head – Cyber in Deals

KPMG in India

Chandra Prakash

Partner and Co-Head Cyber Defense and Incident Response

KPMG in India


Connect with us

Contact our specialists for more information

connect with us