it needs seasoned experts to outwit the best minds. And given that many of our best brains belong to hackers, we need experts to constantly stay a step ahead of the moves a hacker could make to cause online mayhem.

But let's face it - it's not easy to always stay a few steps ahead of hackers. In this scenario, iViZ's use of artificial intelligence in its on-demand penetration testing solution comes across as a boon for security application developers and vendors, as well as enterprises relying on networks.

Anti-virus software: backdoor entry for hackers?
Hackers apply their devious minds to craft e-mails with malicious payloads. Ideally, an anti-virus solution would detect the malicious content and clean or delete the incoming mail. But as iViZ's Green Cloud Security Vulnerability Research team has discovered, e-mails containing malformed executable headers packed (read ‘compressed') by third party executable packers like UPX (Ultimate Packer for Executables), FSG (Fast Small Good EXE packer), etc, are not handled well by scanners. In other words, the anti-virus software gets confused when it has to process obfuscating code contained in complex executables. As a result, the incoming e-mail either crashes the anti-virus software or executes arbitrary code, resulting in a complete security bypass and remote system compromise.

What makes this situation scary is that it is not as though only lesser-known anti-virus solutions are at risk. iViZ has found security vulnerabilities in well-known commercial solutions such as AVG, F-Prot, Sophos, BitDefender and Avast, as well as open source software like ClamAV.

A debugger for anti-virus software
In this scenario, iViZ's Green Cloud Security is proving a blessing, thanks to its ability to simulate the mind of hackers, and to detect every possible route by which they could compromise applications. As is well known, viruses are forever being churned out by malicious minds, so anti-virus solutions require continuous updates and ongoing penetration testing. Yet manual testing is expensive, time-consuming and limited in scope. Fortunately, since Green Cloud Security is available in the Software as a Service (SaaS) model, vendors can actually tie up with iViZ to conduct regular cost-effective comprehensive checks on their applications.

To protect users, iViZ has pledged itself to the practice of responsible disclosure. In order to avoid panic among users, it first discloses vulnerabilities with technical details and proof-of-concept to the affected vendor. Only thereafter are its findings made public. Even then, proof-of-concept exploits that demonstrate real attacks are not publicly released so as to ensure that its inferences are not misused.

Towards more secure networks
According to Bikash Barai, CEO, iViZ, "Regular periodic penetration testing can help companies combat constantly evolving vulnerabilities and threats. Today there is a need for more educated and alert users, and a vision to look beyond conventional security mechanisms in corporate information security."

Barai's words highlight the utility of iViZ in assessing the safety of applications and networks and hence, corporate information. Green Cloud Security is as capable of testing the safety of off-the-shelf network equipment applications, operating systems and databases, as it is of testing custom-developed dynamic websites and in-house applications. To this end, the solution is especially useful to highly susceptible enterprises engaged in the banking, finance, insurance, IT/ITES, consulting, online retail, e-commerce, manufacturing, telecommunications, R&D and media sectors. Many companies in these sectors are required to conduct mandatory checks of their systems and networks in order to generate compliance reports for standards like PCI (Provincial Competitiveness Index), ISO (International Organisation for Standardisation) 27001, SOX (Sarbanes Oxley Act), HIPAA (Health Insurance Portability and Accountability Act), etc. All this is made easier by Green Cloud Security.

Securing new horizons
Apart from security applications and networks, iViZ has discovered vulnerabilities in the hard disk encryption products of Microsoft BitLocker and McAfee SafeBoot. It has also discovered vulnerabilities in the BIOS (basic input/output system) of HP, Lenovo and Intel products. Thanks to its extensive capabilities, iViZ's Green Cloud Security has to-date been used to conduct more than 1200 penetration tests, and has been adopted by both global and Indian organisations like British Telecom, Makemytrip.com, Yatra.com, Reliance, TCS, and Airtel. The technology has also
been globally recognised by the likes of Intel, the University of California (Berkeley), London Business School, the US Navy, the US Homeland Security, Red Herring and NASSCOM.

Having been so well received, iViZ now plans to extend its product offering to the wireless and mobile space. In the wireless segment alone, the increasing use of Wi-Fi, Bluetooth, IR (infrared), GSM (global system for mobile communications), and RFID (radio-frequency identification) technologies will necessitate more comprehensive security solutions. And iViZ's globally credited vulnerability research team is gearing up to meet these challenges.