Deep Armor: Building Secure Products for Global Enterprises

Sumanth Naropanth

Deep Armor offers world-class cybersecurity services for cutting-edge technologies in Cloud, Web Applications & Services, Mobile and IoT domains. The company expertise in information security processes as well as technical security assessments, threat modeling and penetration testing. Deep Armor’s trainings for Security Development Lifecycle (SDLC), Practical Exploitation of IoT Ecosystems, Mobile Security and Security for Modern Cloud Platforms have been very well received by locals and international audiences.

Product companies, SaaS solution providers, financial institutions and the government sectors – all use technology heavily in the world today. Where there’s code, there’s a risk of cyber-attacks. Deep Armor offers consulting services to help these institutions design, implement and test highly secure and privacy-aware solutions for its customers.


The Foundation of Deep Armor

Information security has become indispensable for almost all industries over the last couple of decades. Best practices for end-to-end security for traditional software and hardware solutions such as client applications, web applications, operating systems, etc. have matured over the years. But with the advent of e-Commerce, Online & Mobile Banking, Mobile Wallets, SaaS business models using modern cloud, and IoT platforms, the company sees brand new security challenges, on both – technical as well as process fronts. Deep Armor was founded to address this niche area of security for upcoming technologies. The company’s mission is to help corporates – large and small, build and ship secure products. For example, small & medium-sized businesses lead the pack in disruptive IoT & Cloud businesses, but often lack the necessary expertise in these areas. Marginalizing security can prove to be very expensive to large and small businesses alike. Security incidents and data breaches can have a major business impact and even threaten the existence of such firms. Deep Armor steps in as the experts to assess, advise and make their products secure and compliant.

The company is a little over a year old. Almost everyone understands the need for incorporating security into product life cycles in this day and age. Deep Armor has worked with global Fortune 50 companies, security software manufacturers, as well as local startups, and have offered its services to them. Running a business out of India enables the company to offer highly skilled services and scale quickly at very attractive costs to their global clients.


Driving Force of Deep Armor

Sumanth Naropanth is the Founder & CEO of Deep Armor. He started the company out of a passion for information security, and to offer high-quality, deep technical services from India. Cybersecurity is a growing subject of conversation in India, and Sumanth established the company to make an impact in the tech landscape of the country.

Sumanth has built global security teams from ground zero and has led technical security assurance and incident response efforts for large corporations, including Intel, Palm/HP and Sun Microsystems. He has trained dozens of security analysts, who have gone on to work for him and report hundreds of security vulnerabilities in critical market products. Original research led by Sumanth and his team in the domains of Cloud & Web Security, Data Privacy, Mobile & next generation IoT has presented their thoughts at numerous prestigious security conferences globally including Black Hat, AppSec, Troopers, FIRST and so on.

Sumanth is a core team member of a workgroup that is building a new framework (called CPVSS) for scoring privacy vulnerabilities. Backed by multiple Fortune 100 companies, Sumanth and his team is working with the CVSS Special Interest Group to adopt this framework as a global industry security & privacy standard.


Significant Contributions to the Industry

Businesses are rapidly moving towards cloud, and security is struggling to keep pace with it. Most modern-day use cases, such as E-Wallets, Online Shopping, Mobile Banking, Wearables, Industrial IoT, etc. use the web and modern cloud environments (such as AWS, Azure, GCP, etc.) extensively. The cloud is a silo for terabytes of data belonging to users, financial sectors, government, and businesses. These platforms crunch through all this data and offer it in various ways to the end users as value-add features. A vast percentage of data collected and stored is personal, personally identifiable, and sensitive from business and government perspectives. “It is therefore imperative that cloud solutions are securely architected, implemented and deployed. Unauthorized access and manipulation of data may affect critical infrastructure, financial services and human safety. Privacy of a large number of users may also be at risk,” said Sumanth.

Deep Armor’s work in the awareness and adoption of new defensive frameworks for hardening Cloud, Mobile and IoT platforms can greatly help in reducing security vulnerabilities in next-generation products. Using its innovative processes and frameworks, the company has discovered and reported hundreds of vulnerabilities in a variety of such solutions for a number of clients globally and in India. Indian companies (large corporates to small startups) working on these solutions can adopt their frameworks for building secure solutions. Deep Armor is a core contributor to the National IoT Security Workgroup in India, and is actively assisting in the standardization of security requirements and best practices for IoT, Mobile and Cloud technologies.


Offering Highly Tailored Security Tools

At Deep Armor, the company believes that traditional Security Development Lifecycle (SDLC) models do not work very well for next-generation technologies. In this age of Agile software development and Continuous Integration, Continuous Deployment and Continuous Delivery, where the project timelines are squeezed and there are no longer well-defined exit-criteria for releases, there is a need of new, next-generation security best practices that work well with such modern development frameworks. Deep Armor’s practices are built for these forward-looking technologies, and can easily integrate with product life cycles with minimal impact.

The company relies on industry security standards, including but not limited to OWASP, NIST and CWE, as the foundation of its Security Development Lifecycle. Deep Armor uses a variety of tools to do their work, but the company believes that finding high-impact, high-quality security vulnerabilities needs a skilled security analyst who can think differently — like an attacker in the field. In the vulnerability assessment engagements, Deep Armor’s analysts brainstorm such custom attack vectors and factor them into their evaluation plan, thereby ensuring that they have a very thorough coverage in its execution. The company also develops its own exploits, proof-of-concept code and custom tools whenever required.

“Most SaaS vendors deploy their solutions on Cloud environments such as AWS, Google Cloud Platform and Azure today. Securing such solutions can be a daunting task. It requires deep understanding, not only of the APIs and micro-services but also the infrastructure and services offered by the cloud service provider. Deep Armor has developed highly tailored security tools for the assessment of mobile applications and cloud infrastructure,” added Sumanth.


Out-of-the-box Thinking

Deep Armor is a company that has an extreme focus on technical excellence. When the company works with the clients, it strives to understand their product thoroughly and take steps to secure their solutions holistically. Deep Armor’s security analysts are trained to think like cyber-attackers, and have years of experience in applying such out-of-the-box thinking during security assessments of market products. The company not only discovers and reports security vulnerabilities in its clients’ products, but also work hand-in-hand with them on the resolutions and code fixes, and ensure that their products are sufficiently secure.

Deep Armor is actively involved in several global Steering Committees, Work Groups and Standards & Certification bodies. The company not only offers its expertise in these forums but also learns about the latest product technologies, threats and requirements. This helps Deep Armor to be at the forefront of innovation in Cloud, Mobile and IoT security.


Awards and Achievements

In the very first year of its existence, Deep Armor executed several local and international projects and played a key role in shipping secure products for high-profile clients. Deep Armor was one of the four finalists worldwide at the IoT Security Foundation’s Security Champions Awards in 2018. For the work done and innovations proposed in the IoT security space, Sumanth was one of the nominees at the IoT India Congress Thought Leadership Awards of 2018.


Spearhead of Security

Designing security for Cloud, Mobile and IoT, especially when they all come together, is very hard. There are such use cases almost everywhere in our daily lives – be it, shopping with a mobile device, transferring money online, using an ATM or a brand-new wearable device. It’s hard to build robust software features when one has a large number of components, standards and software stacks integrating to offer a unique set of use cases. So, the industry is going to continue to throw curve-balls at us for the foreseeable future. Deep Armor continues to learn and grow every day. The company’s mission is and has always been, to be at the forefront of security for these bleeding-edge technologies. While the company continues to pioneer in its services wing, it also sees the need for advanced tools and frameworks for cloud infrastructure, mobile and IoT ecosystem security assessments. Deep Armor continues to explore such business opportunities to offer their skills to a variety of customers.