Defencely: Generating Manual Threat Detection Reports with Zero False Positive or Negative

Ritesh A. Sarvaiya, CEO

Businesses find it imperative to put in place a comprehensive vulnerability assessment program which could provide them with the knowledge, awareness, and accurate risk background, necessary to understand threats to their environment and react accordingly. For threat analysis and execution of security strategies, businesses have been deploying automated security scanners. Automated scanners have become an integral part of identifying vulnerabilities. However, they have some inherent deficiency. It is very common for automated scanners to miss the vulnerabilities most of the time. One of the most important concerns of vulnerability assessment solution is that accurate testing and automated scanner based testing reports are found to have poor accuracy. Reports generated from the scanner based testing, due to their inaccuracy, have a high probability of showing false positive and false negative cases. False positive and negative reports generate false alarm which is said to be more dangerous, as it creates a false sense of security. It does not help, rather puts the company in potential danger of overlooking or misidentifying vulnerability, also costing time and resources.

Coming into the picture and rescuing businesses from the risks created by automated scanners is Defencely, a security solution provider established in 2012. The company has made a track record of providing zero false positive or negative reports till date, since its inception. The company provides manual threat detection service to its clients, generating unique hand crafted threat reports with its team of security researchers who have more than 5 to 10 years of experience in this field. It is working with small, medium and large enterprises in financial and e-commerce domains, taking care of web, mobile, EXE application Security. The company is also serving other clients with the need for network and web infrastructure security by hiring subject matter experts.

Recounting the journey of Defencely as a manual security solution provider, Ritesh A. Sarvaiya, CEO of the company says, “In past years of working with enterprise clients, we haven’t sent a single report which has false positives or false negatives.”

Providing Comprehensive hand Crafted Reports
Majority of the Defencely's clients were earlier working with automated scanner /tools companies. After signing up with Defencely, the clients felt a remarkable difference between the earlier automated scanner based reports and the accurate, hand crafted reports by Defencely. Each of the
handcrafted reports by the company contains Vulnerability Explanation, Inception of Threat Point and Proof of Concept. In the reports, the company also adds a detailed note on how to mitigate the threat. With its comprehensive reports, the company helps the client identify and mitigate threat with ease. The clients started to see real time security value addition across Web /Mobile/EXE applications. Having achieved this, the company credits and takes pride in its policy of ‘complete transparency’, which it maintains with its clients.

" In past years of working with enterprise clients, we haven’t sent a single report which has false positives or false negatives "

Ensuring Better Security of the Application
Introducing its unique approach towards identification of security vulnerabilities, Defencely deploys its team of dedicated security researchers for testing application. The team named as Out of Box Security Researchers is led by Shritam Bhowmick, a security expert and Co-founder of the company. Talking about the team’s unique approach towards testing application, he explains, “Our security researchers test the application in a phased manner in order to ensure that each of OWASP 10 & WASC 26 threats are tested manually.”

“Each security researcher of the team has its own way of breaking into an application,” says Shritam. He believes more researchers doing the testing will ensure better security for the application. And to facilitate this, the company has divided its researchers into three groups. The first group of security researchers tests the application and shares hand crafted reports with client, which includes mitigation inputs. After the threats are mitigated, the same group re-checks the system for error free patching and sends confirmation to the client. The same procedure is followed by the second and third group of security researchers. “We conduct such tests as per requirement of the client, or as defined in the SOW Document. Normally whenever any new module gets added or code changes are conducted within the application, we follow this procedure,” says Shritam.

Additionally, Defencely has Business Logic Threat Experts who understand the Business Applications and find the Business Logic Vulnerability, which can affect Business big time. “According to me, Business Logic threats are future of application Security,” adds Shritam.

Providing Customer Delight
To provide its clients with better services, the company has also established a dedicated mitigation helpline, wherein, if a client is not able to patch the threat, the company’s dedicated Mitigation help line which works from Monday-Saturday morning till 11.00 PM provides them the needed support.

Addressing Future Security Needs
As its future endeavor, Defencely is coming up with CISO as a Service concept, providing affordable CISO services to SMBs. Also, for delivering Product/Service requirements of the clients, the company is developing 360 Degree Security Solutions in partnership with other companies.