SISA Information Security Sdn Bhd.

Corporate Overview

Forensics-driven Cybersecurity
True Security | Fanatic Support | Business Value

Disclaimer: The content of this collateral contains confidential information owned by SISA. The recipient shall not directly or indirectly publish, disseminate, or otherwise
disclose, deliver, or make available to third parties any of the Confidential Information in part or full. Any disclosure of the confidential information by the recipient without the
prior consent of the owner shall be treated as breach of such information and shall invite the legal action. 03
 Forensics-driven
www.sisainfosec.com

Cybersecurity

Copyright 2024. SISA All Rights Reserved.

02
 Breaches continue to haunt businesses despite increased investment in
cybersecurity.

As a leading forensic investigator in Financial Services Industry, we leverage our

www.sisainfosec.com

learnings of breach investigations to improve our preventive and detective security

solutions. Our problem-first, human-centric approach combines the power of
forensic intelligence with advanced technology, to deliver uncompromised security.
This helps our customers in improving their cybersecurity posture significantly at a
fraction of the cost.

Copyright 2024. SISA All Rights Reserved.

03
 A Forensics-driven cybersecurity solutions company, trusted by
organizations across the globe for securing their businesses with
robust preventive, detective, and corrective security services and
solutions.
www.sisainfosec.com

1,000+ 2,000+
Active Global
engagements customers
every year served till date

One of the leading global

PCI Forensic Investigators

Copyright 2024. SISA All Rights Reserved.

04
 Global Presence
www.sisainfosec.com

Leicester, UK
Ontario, Canada

Bahrain
Qatar
Texas, USA Gurugram
Saudi Arabia
UAE
Mumbai
Malaysia
Bengaluru
Singapore

NSW, Australia

Copyright 2024. SISA All Rights Reserved.

05
 A few of our customers…
www.sisainfosec.com

Copyright 2024. SISA All Rights Reserved.

06
 SISA’s Stack of Forensics-driven Cybersecurity Solutions

Compliance Security Testing Cyber Resilience Data Governance SISA Training

Payment Data Security Application Security Managed Detection Data Discovery and Payment Data Security
• PCI DSS • Application and Response Solution - Classification - SISA Implementation
• PCI PIN Penetration Testing SISA ProACT Radar
• CREST/CERT-in Approved • CPISI
• PCI 3DS • Monitoring • Card Data Discovery
Security Testing • CPISI Advanced
• PCI P2PE • Attack Simulation • PII (Privacy) Discovery
• API Security Testing • CPISI-D (Developers)
• PCI S3 • Use-case Factory • Data Classification
www.sisainfosec.com

• PCI S-SLC • Secure Code Review • Advanced Threat Hunting • Data Masking/Encryption
• PCI CP (Card Production) Network Security
• Facilitated PCI SAQ Security Incident
• Vulnerability Assessment
• Quarterly Health Check- Data Security as a Detection and Response
• Penetration Testing Digital Forensics and
ups • Configuration Review Service Programs
• Central Bank Compliance Incident Response • CIDR
• Red Teaming Exercise
• SWIFT • Incident Response /
• Firewall Rule Review
Compromise Assessment
• PCI ASV Scan Cybersecurity Awareness
Services
Strategy and Risk • Phishing Simulation
• Forensic Readiness Audit
• CCPA
• Forensic and Incident
• GDPR Hardware and IoT Response Retainer Service Forensic Learning
• HIPAA Security Testing Sessions for Senior
• Payment Forensics
• ISO • Firmware Security Testing
• NIST
Investigation Management
• Hardware/Embedded • Internal Forensics
• SOC 1 Security Testing Investigation
• SOC 2 • IoT Network Security • Ransomware Simulation
• Cloud Security Testing
• IoT/Embedded Application
and Management Layer
Security Testing

Copyright 2024. SISA All Rights Reserved.

07
 Hallmark of Excellence: An Overview of Our Recognitions

ANALYST
RECOGNITIONS
www.sisainfosec.com

SISA’s MDR solution – ProACT named as a
hot vendor in the emerging cybersecurity
segment of
“Tech-enabled Digital Forensics Support and
Managed Services” in HFS OneOffice Hot
Vendors, 2023 Report.
SISA ProACT is the highest rated
Managed Detection and Response
Solution on Gartner Peer Insights. Rated
high for Delivery and Execution, Service
Capabilities, Planning and Transition.
SISA Radar is the highest rated
Data Discovery
and Classification Solution
on Gartner Peer Insights.
100% trusted and
recommended by existing
users.

Copyright 2024. SISA All Rights Reserved.

08
 Hallmark of Excellence: An Overview of Our Recognitions

AWARDS &
ACCREDITATIONS
www.sisainfosec.com

SISA Training's CPISI becomes the #1st Payment Data Security One of the top three finalists for the
Certification in the world to achieve accreditation by ANSI - a global DSCI Excellence Award for Cyber Security
accreditation body with a rich legacy of promoting standardization Services Company of the Year 2022.
and conformity assessment.

Copyright 2024. SISA All Rights Reserved.

09
 SISA’s Forensics-driven Managed Detection
& Response Solution - ProACT

SISA ProACT is a cloud-

based Forensics-driven managed
detection and response solution Prevent Detect Respond
built with a vision to empower
organizations to improve their
www.sisainfosec.com

security posture and defend against Threat Intel SOAR

rapidly evolving threats.
SISA ProACT is powered by, AI/ML Threat Hunting Incident Response
and behavior-based analytics,
threat hunting, and investigating Attack Simulation Forensic Investigation
capabilities to maximize analyst
& Analysis
efficiency, reduce meant-time-to-
detect (MTTD), Monitoring services
and economically scale to
address ever-increasing AI/ML analytics
demands backed by Industry
Recognized Forensic Use case factory
Capabilities.

Copyright 2024. SISA All Rights Reserved.

10
 SISA ProACT Offerings

Features Standard Advanced Elite

Threat intelligence database & feeds
Prevent Standard Hypothesis based Threat hunting
Actionable Threat Advisories

Global 24X7X365 Monitoring

ProACT AI/ML based Threat detection
User and Entity Behaviour Analytics
Detect Enhanced User Monitoring Service (use cases which are mapped to the MITREATT& CK cyber
www.sisainfosec.com

threat framework.)
Custom use case-based Threat detection
Additional log source integration

Incident creation and reporting

Incident management including follow-up to Problem/Change management
Use case simulation
IR services
Respond Security Orchestration & Automation
Ransomware Prevention Learning Session
Forensics which includes Retainership
Forensic Readiness Assesment
Forensic Learning Session
Automated Daily, weekly and monthly standard reports
Support for Audits
Governance & Weekly/Monthy Meetings
Reporting Quaterly Management review meetings
CxO Ready monthly reports
Dedicated Manager

Copyright 2024. SISA All Rights Reserved.

11
 SISA Radar – Data Discovery and Classification for
Strategic Risk Mitigation
Data Discovery
• Support all major OS
www.sisainfosec.com
including Windows, Linux, IBM
AIX, HPUX, etc.
• Support for more than
17+ databases both SQL
and NoSQL databases.
• Support for scanning of
multi-cloud environments like
Azure, AWS, GCP, etc.
• Scanning of
structured, semi-
structured,
and unstructured data.
• Capability for both
agent-based and agent
less scan.
• NER model and named
data dictionary for Personal
data discovery.
Data Classification Protection
Remediation
• Manual Classification of • Ability to mask, truncate • Enforce policy for files
files based on criticality like and secure delete from and Emails.
public. single console. • Block sending of restricted data to
• Addons for MS • Quarantine data to outside domain through emails.
Office, Outlook, O365 and secure location. • Send data to SIEM solutions
Zimbra. • Integrating with DLP for correlating with other
• Automatic Classification of solutions for restricting access. security events.
files and emails based on
content and preconfigured rules.
• User defined
Classification labels with
visual marking.
• Metadata-based Classification
• Self-trained model
for document and
image classification.
Copyright 2024. SISA All Rights Reserved.
12
 SISA Radar Key Differentiators

Coverage A Accuracy
single tool for Endpoints,
AI based discovery engine
Databases, and Multi-Cloud
with 95% accuracy
environments.

User Friendly UI/UX

Secure Application Tested by
Simplified workflows for Discovery and
www.sisainfosec.com

3rd party vendors and PCI SAQ

Classification, Automated reports and
certified
Dashboards

100% recommended by users on Compatibility for integrating with

Gartner peer insights 3rd party security solutions
70+ reviews with 4.9/5 ratings. Ranked 1st by Integrate with DLP’s, SIEM
ratings on Gartner peer insights

24X7 Support team 90% Forensic Learnings

of our existing clients rated us 9/10 in SISA Radar use cases are
our NPS scores updated based on our
forensic learnings.

Copyright 2024. SISA All Rights Reserved.

13
 SISA Compliance and Security Testing Services

Payment Data Security Strategy and Risk

From initial assessments to certification,
leverage SISA's leadership in the payments
security space to identify and address
compliance gaps throughout PCI compliance
journey.
www.sisainfosec.com
Assess, design, and implement the required
Compliance security controls, methodologies, assessments,
and reporting to comply with global and regional
regulations and security standards.

Security Testing

Application Network Red Teaming Phishing Hardware and IoT

Security
From web and mobile to
platform-hosted, close
vulnerabilities in
applications while mitigating
risks to meet regulatory
compliance requirements.
Security Exercise Simulation Security Testing
Identify common and critical Evaluate your threat Test and track user Eliminate blind spots and
security flaws and detection, incident enable end to end protection
behavior and response to
misconfigurations in response and mitigation phishing attacks and of your devices with risk-
enterprise network to skills by simulating real- identify training needs of based testing approach
prioritize and eliminate world threats with a team tailored to meet the needs of
your workforce.
vulnerabilities in the of expert ethical hackers your IoT ecosystem
network.

Copyright 2024. SISA All Rights Reserved.

14
 Why SISA for Compliance and Security Testing Services?

Recognized by PCI SSC as a PCI QSA, Secure 500+ cybersecurity specialists

A PCI GEAR Committee
Software Assessor, Secure SLC Assessor, PCI with over 70+ certified
member and an active
ASV, P2PE-QSA, PFI penetration testers with industry-
participant in PCI Community
and PCI PIN Security Assessor. standard certifications

A proprietary payment
State-of-the-art R&D facility with More than a decade of
industry-specific checklist based on
access to advanced hardware & experience in Secure Code
threat modeling of payment systems,
software tools to execute complex Review, Network VAPT, ASV
www.sisainfosec.com

including regional regulatory

attack scenarios. scans, and Application PT
requirements/guidelines

CREST (Council of Registered Ethical

CERT-IN empaneled PCI Approved Scanning Security Testers) accredited
organization Vendor (ASV) organization with approved
Penetration Testing methodology.

SISA Assistant – a propriety project

management tool to seamlessly navigate
your compliance and security audits. Get
automated workflows for simple
remediations and report management

Copyright 2024. SISA All Rights Reserved.

15
 SISA Institute
With over 15+ years of proven track record, SISA Institute is a pioneer in
ANAB-accredited payment industry security certifications and has been at the
forefront of tackling the cybersecurity skill gap by providing top-notch
education and training for payment Industry security professionals.

We are the first Payment Data Security Certification in the world to achieve
accreditation by ANAB. We adhere to the stringent requirements,
www.sisainfosec.com

internationally recognized standards, and best practices established by ANSI.

10,500+ 40+
Professionals countries
trained

Copyright 2024. SISA All Rights Reserved. 2

 SISA Training and Certification Programs

SISA’s tailored training and certification programs equip payment industry professionals with cutting-edge knowledge and skills, enabling
individuals and organizations to proactively secure digital transactions and foster a resilient and secure digital financial ecosystem.

Empowers individuals who Recognizes professionals

demonstrate profound CPISI Advanced - demonstrating advanced
CPISI - Certified knowledge and skills in PCI experience and proficiency in
Certified Payment
Payment Industry
www.sisainfosec.com

implementation policies and Industry Security security frameworks including

Security Implementer procedures, transforming PCI DSS, ISO, NIST, SWIFT,
Implementer -
them into Payment Security Advanced and HIPAA, endorsing a
Implementation Soldiers. comprehensive understanding of
new technologies and security
implementations.

Validates individuals exhibiting

CPISI D - Certified proficient knowledge and skills in Recognizes individuals who
CIDR - Certified demonstrate the expertise to
Payment Industry developing secure applications,
Payment Security proactively hunt threats,
Security Implementer aligning with PA DSS and OWASP
Incident detector & execute stealthy penetration
- Developer standards, encompassing best
responder testing, and identify payment
practices, compliance, risk
assessment, and practical case risks using network and OS logs.
studies to fortify software
development.

Copyright 2024. SISA All Rights Reserved.

16
 Why SISA for Training and Certifications?
ANAB accredited payment
industry security certifications
for tomorrow’s leaders (CPISI,
www.sisainfosec.com
CPISI-Advanced and
CPISI-Developer).
Exam content approved by an
Independent Global Advisory
Board to uphold global
standards.
With over 380 workshops and Integration of real-world
10,500+ certified professionals case studies, regular
across 40 countries, our vast instructor check-ins, and
experience in the field is monthly webinars.
unrivaled.
We partner with external Training delivered in
psychometric and research formats tailored to your specific
agencies for ongoing needs
improvement of exam - Onsite training, Live-
relevance and quality. Online training, and Hybrid Self-
paced training.
Copyright 2024. SISA All Rights Reserved.
17
Thank You!

www.sisainfosec.com
Thank You!

Follow Us: