SISA TOP 5

FORENSIC DRIVEN 2019-

2020
LEARNINGS

Forensics Driven Cybersecurity JUNE 2020

 ABOUT THE REPORT

With over 14 years of industry presence in

cybersecurity, SISA brings vast domain knowledge
and experience in conducting over 1,000*
engagements, encompassing forensic investigations,
compliance audits, security testing, and security
operations over the years. As a leading forensic
investigator, SISA has successfully investigated several
cybersecurity breaches to understand the root cause
and contain the breaches to reduce the impact on the
organizations.
As technology is evolving, enterprise behaviors are
changing, and the world takes on the digital
transformation journey, the cybersecurity landscape
is becoming more challenging. To add to the current
challenges, COVID-19 has made things more
complicated, as more organizations embrace work
from home solutions and turn to cloud-based tools.
Thus, having observed the pattern of attacks,
organization preparedness to defend or prevent these
attacks, making systems more secure and protecting
businesses from repeat attacks, SISA presents "SISA
TOP 5 FORENSIC BASED LEARNINGS" that all
organizations must consider. Here are the top reasons
why every CXO must read this:
▶ To redefine your cybersecurity approach and
make it a priority to evaluate and reduce your
attack surface.
▶ An understanding of the HOW and WHY of security
attacks.
▶ A few impactful measures that organizations can
consider to improve their security posture.
These learnings are primarily based on our forensic
investigations, supported by various audits, security
testing, incident response, and SOC monitoring
performed between April 1, 2019, to March 31, 2020.

THERE ARE ONLY TWO TYPES OF COMPANIES: THOSE THAT HAVE BEEN HACKED AND THOSE THAT
WILL BE.
– ROBERT MUELLER, FORMER FBI DIRECTOR

Copyright © 2020 SISA TOP 5 FORENSICS BASED LEARNINGS 1

INTRODUCTION

Recently, cyber attackers hacked

the server of a reputed Indian bank
and transferred a huge sum of
approximately 12 million USD. ATM
cash out is a highly planned and
choreographed cyber-attack, where
the attacker compromises a
payment processor or bank’s
payment back end systems to
siphon money across various ATMs.
In 2018, hackers transferred over
130 million USD from a bank by
penetrating its network and
injecting a fake response malware
script. SISA observed that
subsequently, more than 10 global
banks became victims of
cyberattacks in 12 months, and the
attacks were made using the same
attack vector.
WHAT DOES THIS MEAN TO THE ORGANIZATIONS?
HOW PREPARED ARE ORGANIZATIONS AGAINST THESE THREATS?
WHAT DOES IT TAKE TO BE PREPARED TO TACKLE THESE ATTACKS?
Security breaches have significantly Security is essential and always
increased in recent times, and the tops the priority list for most
ingress points for a major number organizations. However, during a
of cyberattacks are through pandemic situation such as
phishing emails. Hackers are COVID-19, where most businesses
continually looking for have taken drastic measures to
opportunities to attack, and it is invoke Business Continuity Plan
said that organizations must think (BCP) and have their entire staff
ahead of time to prevent such working from home, security in
attacks. It takes a small, vulnerable such situations takes center stage.
system to break into and make
lateral movements. Most of these
breaches go undetected until the
actual breach happens.

TECH INVESTMENTS AMID COVID-19

How do you see funding in the following areas getting impacted by Covid-19?

AI 39% 43% 18%

Cloud 14% 50% 36%

Data Analytics 26% 55% 19%

DC Infrastructure 30% 50% 20%

Collaboration 16% 32% 52%

Mobility 14% 37% 49%

Networking 15% 54% 31%

Security 7% 37% 56%

Business Transformation 21% 44% 35%

Less No Change More

About 56% of the CIOs stated that there

will be an increase in spend on security. 56 %
- CIO India survey on COVID-19’s
Source: IDG impact on IT jobs and investments

Copyright © 2020 SISA TOP 5 FORENSICS BASED LEARNINGS 2

 INTRODUCTION

It is highly likely that the focus and
spend to secure the systems is
going to increase with changing
work environments. Because the
shift from a secured and less
vulnerable infrastructure (where
carrying devices like mobiles,
tablets, or pen drives was
restricted) to unsecured remote
working environments, makes the
systems more vulnerable . With a
vast transformation in mass work
from home movements, it is highly
likely that the systems have
become more vulnerable to threats.
Malware (including ransomware)
and account compromises are
stated to have increased with new
work environments.
The average cost of a data breach
has reached to $3.92 million, which
is an alarming number for any
organization. In this situation,
taking proactive security steps, and
following security best practices
can protect organizations from the
dreadful cyber attacks.
Due to COVID-19 and work from The foundation of any organization
home mandates, organizations are building a relationship with its
heavily investing in cloud-based customers is trust. When security is
tools. We may also see a surge in compromised, then the foundation
digital transformation, leading to of trust becomes weak. Loss of
the adoption of cutting-edge business is a high price that most
technologies such as Artificial organizations pay for a security
Intelligence, workplace breach. There are multiple
collaboration tools, mobility, etc. As overarching reasons why
organizations gear up for rapid organizations fail to detect or
digital transformation, it is respond to cybersecurity attacks.
pertinent that they also adopt a
holistic security approach that
takes care of all endpoints and
infrastructures with no loose ends.
It only takes a small loophole for an
attacker to ingress into a corporate
network.
For instance, in the wake of the
COVID-19 situation, SISA warns
organizations of online skimming.
The nature of these attacks is
dangerous and hard to detect.
Threat actors use various ways to
inject malicious JavaScript into the
target websites and is triggered
when the victim submits payments
on the website.

THREE ESSENTIAL STEPS ORGANIZATIONS NEED TO TAKE:

MULTI-LEVEL TRAINING AVOID MAGIC BOX SYNDROME RIGHT SKILLSET

Extensive training programs for
employees, starting with the basics
of cybersecurity to best practices, is
a mandate. As much as external
threats are happening, internal
mistakes could be equally
dangerous.
Investing in a security product alone
does not ensure an organization's
security. An adequate understanding of
the environment and implementing it
rightly to meet the needs of your
organization is pertinent.
Security skill is in short supply, and
often, getting the right skill set is a
challenge. Proactively forming
experts' team or relying on external
experts can be considered.

THIS DOCUMENT IS THE ESSENCE OF OUR UNDERSTANDING OF THE ATTACK PATTERNS, THE EVOLVING SITUATIONS,
AND THE POTENTIAL NEW NORMAL THAT THE FUTURE HOLDS FOR MOST ORGANIZATIONS.

Copyright © 2020 SISA TOP 5 FORENSICS BASED LEARNINGS 3

1
Frequent Patching
What it is?
Application releases constitute new updates and
upgrades both from application functionality and
security. Application security updates are highly
critical for organizations. Most often, updating
security patches has multiple dependency factors
such as reconfiguration of infrastructure, downtime,
proper testing, etc. Fearing business impact, most
organizations tend to delay updating the security
patches, which leads to security systems becoming
more vulnerable to threats. Holistic and increased
security infrastructure is essential with the technical
evolution and prevalence of cloud applications.
Copyright © 2020 SISA TOP 5 FORENSICS BASED LEARNINGS
Observations
Organizations are concerned about downtime or
other dependency factors. Thus most organizations
tend to delay the installation of patch upgrades.
However, what they don't realize is that with every
delay, the window of opportunity for hackers is
increasing. Organizations must plan for these updates
to be conducted swiftly and regularly for minimal
disruptions. SISA observed that typically
organizations have a patch cycle of three to six
months, depending on the scale of the
organizations. Also, the observations showed that
organizations tend to ignore the cloud
infrastructure for patch management. When
organizations enable work from home and usage of
cloud solutions, virtual machines must also get
patched. Delay in security patching has become
more relevant, especially during COVID-19 situations
where most organizations' employees are working
from home for longer durations. Often organizations
perceive that security is the primary responsibility of
the cloud service provider; however, the end-user
organization holds an obligation towards security
patching as one of the key responsibilities.
4
 1. FREQUENT PATCHING

Mitigations

Frequent patch management is
essential to safeguard systems or
applications. Benchmarking against
CIS (Center for Internet Security)
provides necessary guidance to
ensure that infrastructure is on par
with the latest security norms.
With the increased usage of cloud
applications, the environment is
now gone beyond Data centers.
Organizations must adopt holistic
security that goes beyond
traditional datacenters and
operating systems. But the
approach must include network
devices, OEMs, Hyper-Vs, 3rd party
applications, etc.
Most organizations adopt a
differentiated approach, where
patches on mission-critical
applications take place promptly,
but there exists a lesser priority on
non-mission critical applications.
However, paying attention to all
non-mission critical applications
and ensuring quarterly patches at
the minimum is essential to avoid
security lapses, as often these
applications become the primary
ingress points into corporate
networks for attackers.

Organizations must follow top

business imperatives for successful
patching like regular system
rebooting to address patch updates.
Define SLAs on patch update with
third party vendors incase of
dependent applications, embrace
automation to better manage the
voluminous data and IT assets.
Vulnerability assessment must be
carried out frequently to ensure
security.

ALMOST HALF OF RESPONDENTS (48%) REPORT THAT THEIR ORGANIZATIONS FACED ONE OR MORE
DATA BREACHES IN THE PAST TWO YEARS. 60% OF THESE RESPONDENTS SAY THESE BREACHES
COULD HAVE OCCURRED BECAUSE A PATCH WAS AVAILABLE FOR A KNOWN VULNERABILITY BUT NOT
APPLIED.
– PONEMON INSTITUTE LLC, COSTS AND CONSEQUENCES OF GAPS IN VULNERABILITY RESPONSE

Copyright © 2020 SISA TOP 5 FORENSICS BASED LEARNINGS 5

2
Address Application
Vulnerabilities
Overview
Often as an initial intrusion point, most hackers tend
to target vulnerable applications like HRMS systems,
CRM, etc. Hacking one of these applications is not the
end game; hackers leverage these ingress points to
make lateral movements, to access more confidential
and sensitive IT assets/ data. Hence, paying utmost
importance to security, starting from inception to
deployment is highly critical and often, takes back
seat during rushed release cycles of an application.
While solutions like Web Application Firewall (WAF)
can be used to counter application security issues,
addressing the root cause via its development code is
still an essential and unavoidable aspect to make an
application secure.
Copyright © 2020 SISA TOP 5 FORENSICS BASED LEARNINGS
Observations
SISA’s forensic investigations conclude that
application security vulnerabilities are one of the
top contributors to breaches. Also, SISA observed
that Application Vulnerabilities resulted in most
common exploits, including SQL injection,
command injection, and insecure cryptographic
storage. Open source components and their usage
are prevailing in the industry. When codes are loosely
used without vetting for proper security, then the
possibility of opening the application with security
loopholes is far higher. While DevOps has created
noise in the industry for its agility and faster releases,
it also comes with its set of challenges of ignored
security. Considering the nature of DevOps,
organizations tend to make more frequent and faster
releases. With various release pressures, security is
often ignored, or not channelized, through proper
testing mechanisms. Besides, frequent application
changes, including new features and opening APIs,
SOAP requests, lead to the exploitation of hosted
application libraries. Security is not just about
technology; it is also the culture. Oftentimes, security
does not come as a practice. Resources are more
focused on feature-based development of
applications and pay less attention to security
practices leading to the development of vulnerable
apps. Security flaws are often discovered at grass root
levels and must be rectified at the development
stage. Lack of trained resources on secure coding is a
great contributor to issues in applications.
6

Mitigations
Thorough vetting of open source
codes and not a mere copy-pasting
is essential.
The change in the mindset of
developers play a significant role, as
developers are more focused on
features. While it is an essential
aspect of application development,
but security goes on a back burner.
However, paying attention to
security right from design plays an
important role. A developer’s
mindset must change to embed
security right from inception.
Web interfaces and web services
must be included as part of web
application security testing.
Similarly, a Web Application Firewall
(WAF) must be configured to
monitor all web interfaces and
services.
THE HIGHEST SECURITY RISKS TO THE ORGANIZATION CAME FROM A CUSTOMER-FACING WEB
APPLICATION (49%) FOLLOWED BY INTERNAL BUSINESS APPLICATIONS AT 22% AND THE REST FROM
MOBILE APPLICATIONS AND EMBEDDED DEVICES (IOT).
– RSA
Copyright © 2020
2. ADDRESS APPLICATION VULNERABILITIES
As part of DevOps, Continuous
Integration (CI) and Continuous
Delivery (CD) must embed security
from the beginning of the
development cycle, thereby
following DevSecOps’ best
practices. Proper testing
mechanisms using automation
would help speed up processes,
ensure security, and employee
productivity.
It is suggested for application
developers and penetration testers
to follow the OWASP testing guide
that helps in testing web
applications and web services.
Security testing is usually
conducted in the UAT (User
Acceptance Test) environment to
ensure the smooth functioning of
production systems. However, fixes
discovered in the UAT environment
must be replicated in the
production environment and is a
highly critical measure to ensure
application security.
SISA TOP 5 FORENSICS BASED LEARNINGS
Security by design is often
neglected. Most applications are
tested for security during the
testing phase. Imbibing best
practices like 3Ds – secure by
design, secure by development,
and secure by deployment is highly
critical.
Following the process of
continuous testing by including
security best practices such as Red
Team Exercise, Black Box
Penetration Testing Activities, etc.
would help organizations in taking
that additional measure towards
securing their applications.
Including all web interfaces,
respective roles, and web services
as part of application security
testing is also essential.
7
3
Intelligent Monitoring
What it is?
With every action on the system, a log gets recorded.
These logs are monitored to detect security threats.
When the logs are not effectively monitored, then the
systems are more susceptible to breaches. With
specific pre-defined rules in place, the logs are
continuously monitored for any potential threats.
However, as technology is evolving the monitoring of
activities has become more intelligent. AI-driven
monitoring, or in other words, intelligent monitoring,
is gaining traction and goes beyond basic automation
and can monitor even unstructured data, including
user behavior.
Copyright © 2020 SISA TOP 5 FORENSICS BASED LEARNINGS
Observations
Any organization posed with a threat has a small
window of opportunity to tackle the threat. SISA
observed that, on an average, an intruder resides in
the company network for about 180 days. While 180
days may seem like much time, it is not a simple task
to detect intruders unless the organization has robust
threat monitoring systems. One of the key
contributing factors to security threats are
heterogeneous environments. With a workforce
spread across the globe, increased use of devices,
both personal and professional, BYOD policies, and
increased adoption of cloud technology, the extent of
monitoring has significantly expanded. Are
organizations prepared to handle such an extensive
network of devices?
Most organizations have log monitoring based on
simple rules and basic automation. Adoption of
AI-driven intelligent threat monitoring helps
organizations be more proactive than reactive to
threats. The advancement in technology can now
help organizations in threat hunting to identify
attacks based on TTP (Tactics, Techniques, and
Procedures).
8
 3. INTELLIGENT MONITORING

Mitigations

Organizations must conduct a Monitoring should not be just As technology becomes

holistic tagging and logging of all
devices in their infrastructure and
not just their critical systems. It is
one of the crucial steps to detect
attacks and to ensure all devices
are under the radar of monitoring.
reviewing of reactive correlation
alerts from SIEM soutions. SISA
recommends proactive threat
hunting as a mandatory
component in the organizations’s
SOC monitoring process.
sophisticated and endpoints
increase in numbers, the system
becomes more vulnerable to
threats. Hence, basic rule-based
automation will not suffice to
fine-comb all threats. Adoption of
AI and moving towards intelligent
threat monitoring solutions like
Managed Detection and Response
(MDR), takes organizations to meet
larger goals of monitoring and go
deeper.

Alert fatigue is a result of extensive

log monitoring and frequent alerts.
By continuous revisiting and
refining of rules to manage and
meet the changing needs of an
organization, helps to improve the
process as well as potentially
decrease the alert fatigue.

BY 2022, 50% OF ALL SOCS WILL TRANSFORM INTO MODERN SOCS WITH INTEGRATED INCIDENT
RESPONSE, THREAT INTELLIGENCE, AND THREAT-HUNTING CAPABILITIES, UP FROM LESS THAN 10% IN
2015.
– GARTNER

Copyright © 2020 SISA TOP 5 FORENSICS BASED LEARNINGS 9

4
Diligent Access
Management
What it is?
Access management to applications is compromised
when an attacker gets hold of access credentials by
brute forcing or other means. Shared user IDs, service
accounts that are outside the scope of password
policies, and privileged user accounts are typical
targets for breaches. Knowing these threats and
diligent definitions of access privileges can help an
organization reduce its cybersecurity risks.
Copyright © 2020 SISA TOP 5 FORENSICS BASED LEARNINGS
Observations
Lack of clear definition of access privileges and
scenarios based on which a user is granted access
has led to a series of breaches and is one of the most
significant contributors. SISA observed that the
other common reason leading to breaches is the
use of poor passwords or careless management of
passwords. Weak passwords, like using birthdate,
company name, home numbers, etc. that one can
easily guess leading to hackers gaining access to
critical applications. Other critical initiatives that
organizations do not follow actively are monitoring
and reviewing access logs periodically and
implementing Two Factor Authentication.
10
 4. DILIGENT ACCESS MANAGEMENT

Mitigations

Organizations procure software and Securing the passwords by using Multifactor authentication is a
often have shared users. Repeated password vaults and using strong critical mitigation factor to avoid
usage of access credentials can password credentials is essential. breaches.
lead to weakening of the system
security, and hence, organizations
must avoid shared user access.

Implementing robust Privileged access management Creation of Access Control Matrix,

authentication mechanisms
between application and database
using proper key management and
encrypting database string is
necessary.
solution must be implemented that mapping all users and their
provisions temporary access on a privileges helps the organizations
need basis and for finite or defined to track and monitor the access
duration. privileges, continuously.

Ensure that access audits are in

place and are conducted
periodically. Also, it is necessary to
review access privileges to meet
changing needs.

THE AVERAGE NUMBER OF PRIVILEGED ACCESS POLICY VIOLATIONS FOR A YEAR IS 3.2, AND THE
AVERAGE COST TO THE ORGANIZATION TO RESPOND AND REMEDIATE THE POLICY VIOLATION IS $5,580.
– ENTERPRISE MANAGEMENT ASSOCIATES (EMA) SURVEY

Copyright © 2020 SISA TOP 5 FORENSICS BASED LEARNINGS 11

5
Proper Incident Response
& Forensics
What it is?
There are two kinds of organizations, one that has
been breached and the other one that does not know
about the intruder residing in their systems. Hence,
organizations either detect or respond to the cyber
attacks. Incident response is an organized approach
to addressing and managing the aftermaths of an IT
incident, computer incident or security incident.
However, the question is, are organizations prepared
to tackle and respond to such attacks? It is pertinent
for organizations, to adopt the right approach and
have a proper response mechanism in place, and
most importantly, to execute this without causing any
major disruptions and responding promptly.
Copyright © 2020 SISA TOP 5 FORENSICS BASED LEARNINGS
Observations
The objective of incident response is to detect threats
and handle the situation in a way, which limits
damage and reduces recovery time and costs. Most
companies tend to pause their Incident Response
activities, once they detect and contain a threat.
However, SISA observed that preliminary forensics
is required for organizations to understand the
pattern of attacks and prevent future attacks.
Because, once the intruder has got a firm
understanding of the environment, then the
likelihood of this intruder penetrating the systems
again are high. Organizations conducting forensics,
possess a better understanding on the nature of an
attack, identifying the intruder, understanding the
source, contributing factors, and potentially avoid a
relapse.
12
 5. PROPER INCIDENT RESPONSE & FORENSICS

Mitigations

Running forensics in third-party
managed infrastructure can be
challenging due to high
dependency on the infrastructure
providers and could potentially
delay the response time. Thus,
organizations must have defined
agreements with these providers
for necessary support during the
forensics activity.
Security is a very niche skill. Most
often, finding the right skill set to
address the security threats is due
to lack of proper skills within an
organization. Finding the right
talent or engaging with
cybersecurity experts on a
retention basis would be essential.
Organizations must follow an
incident response plan,
encompassing four critical phases,
preparation, detection and
analysis, containment, eradication,
and recovery and post-event
activity (ref: NIST).

An organization’s incident response

plan must be tested and
documented. Further, conducting
cybersecurity drills, at least once a
year, Tabletop Testings about once
a month, etc. should be mapped
with Business Continuity Plans
(BCP).

OF THE SEVERAL FORENSIC AUDITS CONDUCTED, SISA OBSERVES THAT 9 OUT OF THE 10 COMPANIES
DO NOT HAVE A DEFINED GAME PLAN TO DEAL WITH SUSPECTED COMPROMISE IN THE ENVIRONMENT.
– SISA

Copyright © 2020 SISA TOP 5 FORENSICS BASED LEARNINGS 13

 CONCLUSION

Securing your organization is not about introducing

complicated and expensive infrastructures or
solutions. It is a myth that deploying a security
solution will solve security challenges. An
organization's security is defined on the basis of
process, people, and technology. It is not a one-time
solution but rather a continuous commitment of
learning, self-assessing, planning actions, and
revisiting the plans frequently to ensure that it
continues to meet organizational needs. The five
learnings can act as a foundational metrics for an
organization's security posture. We recommend you
to assess your organization’s security stance against
the five learnings and deploy necessary action items
immediately.

SISA’S RECOMMENDED SECURITY APPROACH FOR TOP 5 LEARNINGS

SELF-ASSESSMENT ACTIONING REVISITING

Understanding and assessing your
organization's security
infrastructure against these five
learnings
▶ Frequent Patching
▶ Application vulnerabilities
▶ Intelligent Monitoring
▶ Access Management
▶ Incident Response and
Forensics
Upon identifying areas of
improvement, draw an action plan
to implement security best
practices and solution to
strengthen organization's security
and mitigate threats
▶ One thing to continue
▶ One thing to stop
▶ One thing to start
Revisiting your security action
plans frequently to ensure the
continuity and alignment with the
oranizational needs and goals
Frequent communication of these
security plans and educating
people about them on a consistent
basis

Copyright © 2020 SISA TOP 5 FORENSICS BASED LEARNINGS 14

 OUR OFFERINGS
STRATEGIC ADVISORY

SISA IS A 1. Risk Assessment [Enterprise, Functional and

Technical Risk Assessment]
2. Cloud Security Assessment
FORENSICS-DRIVEN 3. ISO 27001
4. Privacy [GDPR, CCPA, etc]
CYBERSECURITY SECURITY BEST PRACTICES TRAINING
1. CPISI
COMPANY WITH 2. CPISI-D
3. CIDR
CLIENTELE ACROSS 55 4. CPISI-PIN
5. Payment Security Awareness [PSA]
COUNTRIES. 6. CISRA
AUDIT AND ASSURANCE
1. PCI DSS [Includes FSAQ]
As a PCI Security Standards Council accredited 2. PCI PIN
forensic investigator, we leverage our deep forensics 3. PCI 3DS
4. Pay Sec [SSF]
intelligence in our goal to 10X our customer security 5. P2PE
posture in every engagement. We at SISA, strive to 6. Regulatory Compliance [UIDAI, RBI PSS, SAR Audits]
deliver this through true security, on-time delivery,
MANAGED DETECTION AND RESPONSE [S-SOC]
and fanatic support brand promises in each of our 7 1. Synergistic SOC Monitoring
different offerings: 2. Brand Monitoring

▶ Strategic Advisory SECURITY TESTING - TSS LABS

▶ Audit and Assurance 1. Red Team
2. Application Security Testing
▶ Security Testing [TSS Labs] 3. Network Pen Testing
▶ Security Best Practices Training 4. Vulnerability Assessment
5. Vulnerability Management
▶ Managed Detection and Response [S-SOC] 6. Secure Code Review
▶ Cyber Security Products CYBER SECURITY PRODUCTS
▶ Security Incident Response and Forensics [SIRF] 1. Tipper [Data Discovery and Privacy Ops Tool]
2. Hunter (Beta)
3. RA [Formal Risk Assessment Tool]
4. Monitor (Beta)
5. Eagle Eye (Alpha)
SECURITY INCIDENT RESPONSE AND FORENSICS - SIRF
1. Payment Forensic Investigations
2. Internal Forensic Investigations
3. Fast Incident Response
4. SIRF Retention Agreement

ALL THE ABOVE STREAM OF OFFERINGS PERIODICALLY INCORPORATE OUR LEARNINGS FROM FORENSIC INVESTIGATIONS. THIS HELPS US
STRENGTHEN OUR CUSTOMER SECURITY POSTURE, THEREBY REDUCING THE BREACH EXPOSURE OF OUR CUSTOMERS DRAMATICALLY.
GLOBAL PRESENCE
AMERICAS
SISA Information Security Inc.
Las Colinas The Urban Towers,
222 West Las Colinas Boulevard,
Suite 1650, Irving, Texas 75039, USA.
UAE
SISA Information Security FZE
P.O.Box 37495,
Ras Al Khaimah,
United Arab Emirates.
BAHRAIN & AFRICA
SISA Information Security WLL.
Gulf Business Center,
Suite # 1119 at Al Salam tower,
11th Floor, Building 722, Road 1708,
Block 317, Kingdom of Bahrain.
EUROPE
SISA Information Security Ltd.
81 Bellegrove Road,
Welling, Kent - DA16 3PG,
United Kingdom.
KSA
SISA Information Security
Novotel Business Park, Tower 2,
1st Floor, Unit No. 43, 32232-6140,
Dammam, Saudi Arabia.
AUSTRALIA
SISA Information Security Pty. Ltd.
'9A' , 139 Minjungbal Drive,
Tweed Heads South, NSW 2486,
Australia.
ASIA PACIFIC
SISA Information Security Pte. Ltd.
101 Cecil Street, #17-09,
Tong Eng Building,
Singapore (069533).
SAARC
SISA Information Security Pvt. Ltd.
No. 3029, 13th Main Road,
HAL II Stage, Indiranagar,
Bangalore - 560008, India.