Device & Application Cybersecurity Services

Strong & Simple. Just as good protection should be.

Everyday, billions of data bits are siphoned through networks at work and play. These networks are only as reliable as they are secure. Safeguard users and devices within your network and keep unscrupulous actors out through compliance with the latest network security standards.

Independent third party security evaluation and testing services offered by GRL’s cybersecurity lab fall under IEC/ISO 17025 accreditation according to various national, international standards, and best practices. Reports issued at GRL test labs are therefore globally recognised thanks to accreditation by the National Accreditation Body for Labs (NABL) in India, which in turn has Mutually Recognised Agreements (MRA) with ILAC and APLAC. Our scope of accreditation covers wide range of services such as:

Contact us for a customized assessment on your organization's cybersecurity and certification needs.

Contact Us

Why cybersecurity is vital for telecoms

Connected networks and devices

connected networks and devices-1

Telecom products, like IP routers, Wi-Fi access points, IoT devices, home routers, and optical network terminals, are vital for global connectivity. They foster collaboration, enabling effortless communication for businesses and individuals worldwide via various mediums, including traditional telephony, internet-based communication, wireless connections, and physical cables.

The Internet of Things (IoT) inevitably introduces a greater number of connected devices, thereby creating additional entry points for potential attacks. According to the GDPR PrivSec Report, security cameras installed on home networks are identified as the most vulnerable devices, accounting for 47% of the total. Smart hubs constitute 15%, followed by network-attached storage devices at 12%.

Software application security

software application security (1)

Demand for web applications has surged alongside increases in remote work and consumption. Web apps that facilitate these services are more easily deployed across platforms, but also introduce new points of vulnerability that can be exploited. Application security breach can result in severe consequences such as theft of proprietary data, financial loss, damage to reputation, and even legal consequences.

With cyberattacks are progressively growing in sophistication and frequency, web developers must continually update their defenses. Compliance with data protection regulations can help mitigate data risk through robust security measures, regular updates, as well as consistent monitoring of web applications that store sensitive data of both individual users and businesses.

Source code security assessment

code security assessment
 

Source code security assessment involves the creation of policies and implementation of precautionary measures such as regular logging,tracking of warnings and incidents, as well as documentation of access authorization to proprietary code. It is a process carried out by managers, engineers, and developers, and should be regularly reviewed and form the basis of future policies.

In addition, source code security assessment can further be validated periodically by independent external evaluations using latest tools according to industry best practice methods and standards such as CWE 25 and OWSAP top 10.

MAS services in GRL
Market Access Services

Design products that integrate into overseas networks seamlessly by understanding regulations worldwide.

Expand your reach

What does robust cybersecurity testing look like?

Not all cybersecurity protocols are created equal. Good cybersecurity measures not only follow step-by-step protocols, but constantly simulate novel attacks to expose gaps within a system. Just as cyberattackers are always experimenting with new techniques and technology, the constant upgrading of efficiency, performance, and reliability of established systems is also non-negotiable.

Furthermore, in a world where cyber attackers can get AI to do their bidding, periodic checks are simply not enough. Automated patrolling surfaces blind spots and decrypts threats in timely fashion to give business networks their best chance of guarding critical data and responding to real-world threats swiftly and decisively. 

The cybersecurity assessment broadly covers the following aspects:

  1. Access and Authorization
  2. Authentication Attribute Management
  3. Software Security
  4. System Secure Execution Environment
  5. User Audit
  6. Data Protection
  7. Network Services
  8. Attack Prevention Mechanisms
  9. Vulnerability Testing Requirements
  10. Operating System
  11. Web Servers
Icons (2)
Only the latest news

Always stay at the forefront of cutting-edge technology when you subscribe to the GRL newsletter.

Expand your reach

Device security standards

code security assessment (1)
Syncing manufacturers/system integrators with cybersecurity standards and global best practices

In response to economic pressures, industrial automation and control systems (IACS) are increasingly relying on external networks for manufacturing and automation processes. However, the increased number of transfer routes also exposes networks and systems to even more vulnerabilities. 

 

Abiding by international cybersecurity standards can allow manufacturers to safely develop and integrate products, as well as allow system integrators to access the IT infrastructures and service processes that they need. With pre-certification and certification experts in cybersecurity testing, our lab technicians can help you abide by the cybersecurity gold standard to ensure that your systems and data remain airtight even against the most lethal threats.  

 

Today, many national authorities and regulators are bringing security requirements under compliance regime such as European Union's Radio Equipment Directive (RED) which expects IoT devices to meet Basic security requirements before being marked with CE marking and placed in the European Union market. 

code security assessment (2)
NCCS/ComSeC security certification (India)

As part of Mandatory Testing and Certification of Telecommunication Equipment (MTCTE), Indian Telecom Security Assurance Requirements (ITSAR) is a set of security guidelines and standards established by the NCCS. ITSAR ensures the security and integrity of telecom networks in India and is applicable to all telecom service providers in India. Areas covered by ITSAR include network security, data privacy, and lawful interception. 

 

For full details about the NCCS and the role it plays in cybersecurity, click here.

code security assessment (3)
ETSI EN 303 645 requirements

In 2020, ETSI published the latest ETSI EN 303 645 standard which outlines guidelines and baselines for security standards in IoT device manufacturing and consumer use. The standard applies to all consumer IoT devices that are connected to network infrastructure, including the Internet or home network, as well as their interactions with associated services.

 

It is important to note, however, that non-consumer IoT devices, such as those primarily intended for use in manufacturing, healthcare or other industrial applications, do not fall under the ETSI EN 303 645. Prime examples include manufacturing, healthcare, and other industrial devices.

code security assessment (9)
13 provisional items of cybersecurity

Concretizing international cybersecurity standards are the 13 cybersecurity provision items that international standards bodies and organizations have agreed to be essential hallmarks of secure cybersecurity systems. While by no means an exhaustive, this list will help organizations establish a solid foundation to combat cybersecurity threats.

 

  1. No universal default passwords
  2. Implement a means to manage reports of vulnerabilities
  3. Keep software updated
  4. Securely store sensitive security parameters
  5. Communicate securely
  6. Minimize exposed attack surfaces
  7. Ensure software integrity
  8. Ensure that personal data is secure
  9. Make systems resilient to outages
  10. Examine system telemetry data
  11. Make it easy for users to delete user data
  12. Make installation and maintenance of devices easy
  13. Validate input data
code security assessment (8)
8 fundamental data protection rights

Accompanying the 13 cybersecurity provision items are eight fundamental data protection rights that cyber defenses must achieve. Because each organization and industrial system is unique, enshrining the outcomes of cybersecurity is essential to ensuring that defenses put in place achieve their intended outcomes even after modifications and customizations are made.

 

  1. Right to information: Users have the right to ask a company for information about what personal data is being processed and why. For example, a user can request a list of processors who are authorized to view their data, which can be helpful for understanding who has access to their information.
  2. Right to access: Users are entitled to view their personal data and request copies of it. This can be especially helpful for verifying identity or understanding how a company is using their information.
  3. Right to rectification: If a user believes that their personal data is not accurate or up-to-date, they have the right to request that it be modified. This can help ensure that the information being held about them is correct and current.
  4. Right to withdraw consent: If a user previously gave consent for a company to use their personal data, but they change their mind, they have the right to withdraw that consent. This means that the company must stop processing their data for that purpose.
  5. Right to object: Users can object to the processing of their personal data if they have a specific reason for doing so. This might be related to a legal dispute or other unique circumstance.
  6. Right to object to automated processing (decision): If a user feels that a decision made about them based on automated processing is unfair, they can object to it. They can ask for their request to be reviewed manually, so that a human can take a closer look at their situation.
  7. Right to be forgotten: This right allows users to ask for their personal data to be deleted, which can be helpful if they no longer have a relationship with the company holding their data. However, it's important to remember that this isn't an absolute right and there may be other legal requirements that the company has to follow.
  8. Right for data portability: Users have the right to ask for their personal data to be transferred to another controller or provided back to them in a machine-readable electronic format. This can be helpful if they're switching service providers, for example, or if they just want to have a copy of their data for their own records.

Global application security standards

There are several regulations and standards that organizations comply with when it comes to application security specific to their industry and geographic location. Compliance ensures the protection of sensitive data, maintenance of customer trust, and avoidance of legal and financial consequences resulting from non-compliance.
code security assessment (4)
Open Web Application Security Project (OWASP)

OWASP is a worldwide nonprofit organization focused on improving software application security. They provide valuable resources, tools, and knowledge resources aimed at making application security accessible to both individuals and organizations.

 

One of the key contributions of OWASP is the OWASP Top Ten, a widely recognized document that highlights the ten most critical security risks faced by web applications. Today, the list is used to guide developers, security professionals, and organizations to prioritize their efforts in addressing these vulnerabilities.

 

In addition, OWASP also offers a wide range of projects, tools, and resources that cover various aspects of application security. These include secure coding practices, vulnerability testing frameworks, educational materials, and community-driven initiatives to foster collaboration and knowledge sharing.

 

As an advocate for security awareness, OWASP plays a crucial role in raising the security standards of web applications worldwide by acting as a guiding light for those seeking to enhance their security posture amidst an evolving threat landscape.

code security assessment (5)
Common Weakness Enumeration (CWE)

CWE is an initiative focused on identifying and categorizing software vulnerabilities through a standardized language and framework designed to empower effective communication and collaboration among software developers, security professionals, and researchers.

 

CWE maintains the CWE List, a comprehensive archive of common software weaknesses used by developers for identifying, mitigating, and preventing security vulnerabilities. Each weakness in the list is assigned a unique identifier and has its potential impact, examples, and recommended mitigation strategies detailed.

 

Additionally, the CWE List also outlines how software weaknesses such as coding errors, design flaws, configuration issues, and security oversights that can be exploited by attackers. This allows developers and security practitioners to enhance the overall security of software systems and mitigate the risks associated with common vulnerabilities.

code security assessment (6)
Vulnerability Assessment and Penetration Testing (VAPT) - NIST SP 800-115

The National Institute of Standards and Technology (NIST USA)s  NIST SP 800-115 - Technical Guide to Information Security Testing and Assessment provides step-by-step guidelines for organizations to systematically plan, identify, analyze, implement, and maintain the best security practices across an organization.


VAPT stands for Vulnerability Assessment and Penetration Testing is one of those techniques defined under the NIST SP 800-115, and provides a security testing approach for identifying and addressing vulnerabilities. VAPT’s analysis combines both vulnerability assessment and penetration testing that can be customized for various industry segments. Through compliance with VAPT guidelines, organizations can swiftly identify and close security loopholes using commonly available commercial security tools and the manual evaluation of experts.

GRL connectivity services

Test smart home devices and components for compatibility, compliance, and excellence in data transfer and power delivery.
Ethernet
Matter CSA
MFi
Thread

Resources

The latest news and developments within the test engineering market.

New Matter Standard_Smart Homes and Automated Devices_Technical Blog_GRL
How The New Matter Standard is Revolutionizing Smart Homes & Automation Devices

With Matter, smart home devices can now be connected and hosted on a common platform. Manufacturers can now work together to create devices that can not only connect to the same smart home networks, but are also compatible with one another. 

Read more

Thought Leadership Blog Images
How the New Qi2 Standard Will Change the Future of Wireless Charging

Faster, safer, and more reliable wireless charging may no longer be a pipe dream. With new regulations from international bodies and shifts in demand, here's how Qi wireless charging technology will change the way we charge the devices that are used to work, live, and play.

Read more

COPYRIGHT 2023 GRANITE RIVER LABS INC. ALL RIGHTS RESERVED.

Privacy Policy