www.e-spincorp.com © Since 2005 E-SPIN SDN BHD. All Right Reserved.

TM

TM

Copyright © 2005 - 2011 by E-SPIN Sdn. Bhd. All rights reserved.

E-SPIN ™ is trademark of E-SPIN SDN. BHD. No part of this solution/product/training presentation/handout may be reproduced, stored in a retrieval system, or transmitted in any form or by an means, electronic, mechanical, photocopying, recording, scanning, or otherwise, without either the prior written permission of E-SPIN, or authorization through payment of the appropriate per-copy fee to E-SPIN, tel (603) 7728 2866, fax (603) 7725 4757, or on the web at www.e-spincorp.com

Limit of Liability / Disclaimer of Warranty: While the author have used their best efforts in preparing this solution/product/training presentation/handout, they make no representations or warranties with respect to the accuracy or completeness of the contents and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for any situation. You should consult with a professional where appropriate. Neither the author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

For general information on our other products and services or for technical support, please contact our customer service department at (603) 7728 2866, fax (603) 7725 4757, or email info@e-spincorp.com.

Vendor Profile (What We Did)

• Vendor Competency, Solutions & Project Portfolio Overview

E-SPIN Vulnerability and Security Management Solution Overview

• Vulnerability Management

• Security Assessment

• Penetration Testing

Open Discussion / Clarification (Before End)

• Based on your requirements / concern in hand

• Next step / follow up

TM

TM

Who We Are

• E-SPIN stand for Enterprise Solutions Professional on Information and Network.

• Privately held company established in 2005.

• E-SPIN operates as the regional hub for E-SPIN's operations in Malaysia and perform international trade in Singapore, Thailand, Indonesia, Philippine and other South East Asia (SEA) countries, India, Middle East, Europe, America and Great China Region countries.

• Vision: to be leading enterprise solution provider in deliver enabling and value-added solutions for customer to achieve business technology transformation and remain competitiveness in their respective marketplace.

•Requirement Analysis, Project Coaching, Main/Sub COntracting

•Solutions Development and Plan Presentment

Technology Architect & Solutions Consulting

• Technology Product Distribution & Trading

• Hardware, Software and Services

• Turnkey Project Management & Delivery

Network and System Integration, Distribution • System requirement

analysis and design

• Prototype, mockup module development

• Acceptance test, quality assurance, penetration test

System Development & Application

Integration

• Training, certification and skill transfer

• Project hardware, software and service maintenance support

• Managed outsourcing

Managed Service and Outsourcing

What We Do

TM

Business and Technology Applications

• Network Operation Center (NOC) - Element/Network Management System (EMS/NMS) Network / System / Host / Application / Wireless / Database / Storage / Performance / Bandwidth Monitoring, Alerting, Reporting - Network Configuration Change and Management

• Security Operation Center (SOC) - Event Log Management (ELM), Security Information & Event Management (SIEM/SEM) and Security Incident Response Management System (SIRM) /Cyberwarefare Defence Center

• Virtualization and Cloud Management - Datacenter / Network / Storage / Server / Desktop / Application Virtualization and Private/Public/Hybrid Cloud Virtualization

• Business Process Management (BPM) and Workflow Automation, Business Intelligence, Data Warehousing and KPI / Performance Management System (PMS), Enterprise Resource Planning (ERP), Integrated Enterprise Wide / Custom Scope Business Application Development (Standalone Client/Server, Web Application)

Availability, Storage and Business Continuity

• Data integrity, anti-web, portal and web application defacement and protection, availability assurance

• Data backup, archiving, replication, mirroring, Continous Data Protection (CDP) and Online Storage Protection

• Availability Management, network, System and Data High Availability, Continuous Availability, Continuity Management, Business Continuity and Disaster Recovery (BCDR)

• Storage Management -External storage, Network Attached Storage (NAS) and Storage Area Network (SAN)

• Internet link load, bandiwdth aggregation, application traffic server load balancing, WAN/Web and Datacenter Application Acceleration and Bandwidth Optimization

• Non-stop mission critical system and hardware equipment, Fault Tolerance (FT) hardware and software clustering, auto fail-over and redundacy

Security, Risk and Compliance Management

• Network & Wireless Security, Firewall/VPN/IPS, Identity Access Management, Network Access Control (NAC), Employee PC and Server Activity Monitoring

• Vulnerability Management - Security Assessment, Penetration Testing, Website/Web Application/ Web Services, Network, Server, System, Database, Wireless Vulnerability Assessment (VA), Hostile Source Reverse Engineering and Malware Analysis, Exploitation Research & Testing

• Patch Management, Hardening, Vulnerability Fixing and Risk Mitigration Module Development

• Content Security, Virus, Spyware, Phishing, Web, Email, IM, P2P, Endpoint Blocking and Filtering

• Database Security, Database Intrusion Prevention, Database End User Accountability

• Data Encryption, Steganography, Digital Risk Management (DRM), Secure Data Erasure, Digital Signature and Signing, Managed, Automated, Secure File Transfer (SFTP) and Secure Document Exchange and Storage, IT Governance, Risk and Regulatory Compliance (GRC)

End-to-End Complete One-Stop Solutions

• Technology consulting, requirement assessment, solution development, infrastructure architect and master plan / blue print

• Ongoing industrial education, certification training and professional development (in house or on site)

• Software and application portal development / integration, customization. migration, project implementation, main / sub contracting and maintenance support

• International Sales, Trade, Regional Distribution and Global Sourcing

• Managed service and solution hosting, Solution-as-a-Service (SaaS) Subscription

• Data Center, Infrastructure Facility, Command Center/Station/Terminal, NOC/SOC, Video Wall, Support Ticket System, Mobile and Email Messaging

• Wired and Wireless TCP/IP Network, 900 Mhz / 2.4 Ghz / 5 Ghz Spectrum Analysis, Visualize, Site Survey Map, Performance Troubleshooting, Network Forensics and Security

TM

TM

Value Proposition

Single Vendor Complete Solution

Project Consulting, Coaching,

Management

Training and Certification, Transfer of

Technologies

Buy / Rent / or Pure Service

Warranty, Update,

Maintenance Support

Vulnerability Fixing, Hardening,

Mitigation Module

Development

MOF Certified Government Supplier & Consultant

Authorize Distributor Partner for

Performance Guarantee /

Principal Support

TM

Tender / RFP Paperwork

Technical Proposal / Solution Architect / Blue Print

Media Kit/License Certificate

Training Certificate

Support Agreement Contract

Training / Seminar Handout

Vulnerability Fixing / Software Development

Assessment Report Technical Reference

TM

System / Network Turnkey Project

Deployment, Management, Testing and Commissioning

Development / Customization /

Network and Security Helpdesk Support

Center

Technology / Project Consultancy and Solution Advisory

Special Project Customized Training,

Transfer of Technologies

Skill Certification / Professional Qualification Examination

Solution and Project Coaching / Solution / Technology Architect

Onsite / On Premises Advanced Training, Education, Seminar

Offiste Technical Training, Skill based Technical Hand on /

Workshop

TM

Service Outsourcing /

MSP

Distribution & Trading

Equip. & App. Renting / Leasing

Certified / Training /

Technology Transfer

Project Independent Consultant /

Sub Con

TM

E-SPIN Value Added Services

Professional Qualification | Skill Certification

Product In Depth Training

Vulnerability Fixing | Mitigation Module

Development

System Hardening | Patching

Project Consulting | Solutions Development

Local Technical Support (phone | email | remote |

onsite)

Single Sourcing Hardware | Software| Service

Security Assessment Outsourcing | Subcontracting

Extended Security Assessment

Core Security Assessment

Network /Server & System

Web App (Web,

App, Db. Server).

Forensics Analysis

Database In Depth

Packet / Wireless/

Log

Malware Analysis/ Reverse

Engineering

Exploitation Testing & Research

Secure Development

Security Audit

Security Mmgt.

System Admiin.

Incident handling

Intrusion Analysis

Penetration Testing

TM

Client SOC/NOC/Network/Cyber warfare Defense Center Integration

TM

SOC/SIEM and EMS/NMS NOC / Cyber Warfare Defense Center Terminal Workstation Integration

Client SOC/NOC/Network/Cyber warfare Defense Center Integration

TM

SOC/SIEM, EMS/NMS NOC, Cyber Warfare Defense Center Terminal Workstation Integration

Client SOC/NOC/Network/Cyber warfare Defense Center Integration

TM

Interactive Voice Response (IVR)

Integrated Support Ticket System

Mobile and Gateway SMS Integration

SOC/SIEM, EMS/NMS NOC, Cyber Warfare Defense Center Terminal Workstation Integration

WHO is doing WHAT and WHEN on your monitoring network

TM

E-SPIN Complete end to end complementary Flow Network and Security Monitoring, Probe/TAP, Collector, Visualization and Reporting from 10MB to 10GB

Threat Analysis

Intrusion Monitoring

Malware Detection

Content Filtering

Vulnerability Identification

Compliance Testing

Vulnerability Scanning

Operations Availability

Analysis

Vulnerability Management

Baseline Development

Incident Response Team

Asset Inventory and Classification

Event Correlation

Reporting

Remediation

Asset and Patch Management

Classification of Threats

Incident Response

Classify threat based on probability and potential damage

Developing and maintaining an on-going process

Uncovering weaknesses before they can exploited

Isolating and resolving asset security issues once identified

TM

TM

Case studies

Hacking web clients

Attacking web application management

Attacking web datastores

Input validation attacks

Attacking session state management

Attacking authorization

Attacking the authentication

Surveying the application

Web server hacking

Profiling

TM

The end to end components of a typical web application architecture

Client analysis

Transport analysis

Web server / web

service analysis

Web / application

server analysis

Source code

analysis

Exploitation analysis

Database server

analysis

Potential weak sports

TM

Elements of the entire database security lifecycle

• Noninstrusive

• Policy-based actions

• Anomaly detection

• Real-time prevention

• Granular access controls

• Centralized governance

• Compliance reporting

• Sign-off management

• Automated esclations

• Secure audit warehouse

• Data mining for forensics

• Long term retention

• Vulnerability assessment

• Configuration assessment

• Behavioral assessment

• Baselining

• Configuration lock-down and change tracking

• Discover all databases, applications, and clients

• Discover, and classify sensitive data

Discover and

classify

Assess and

harden

Monitor and

enforce

Audit and

report

Enterprise databases

TM

TM

TM

TM

TM

TM

TM

TM

TM

TM

TM

TM

TM

TM