SISA TOP 5

FORENSIC DRIVEN 2019-

2020
LEARNINGS

Forensics Driven Cybersecurity JUNE 2020

 ABOUT THE REPORT

With over 14 years of industry presence in

cybersecurity, SISA brings vast domain knowledge
and experience in conducting over 1,000*
engagements, encompassing forensic investigations,
compliance audits, security testing, and security
operations over the years. As a leading forensic
investigator, SISA has successfully investigated several
cybersecurity breaches to understand the root cause
and contain the breaches to reduce the impact on the
organizations.
As technology is evolving, enterprise behaviors are
changing, and the world takes on the digital
transformation journey, the cybersecurity landscape
is becoming more challenging. To add to the current
challenges, COVID-19 has made things more
complicated, as more organizations embrace work
from home solutions and turn to cloud-based tools.
Thus, having observed the pattern of attacks,
organization preparedness to defend or prevent these
attacks, making systems more secure and protecting
businesses from repeat attacks, SISA presents "SISA
TOP 5 FORENSIC BASED LEARNINGS" that all
organizations must consider. Here are the top reasons
why every CXO must read this:
▶ To redefine your cybersecurity approach and
make it a priority to evaluate and reduce your
attack surface.
▶ An understanding of the HOW and WHY of security
attacks.
▶ A few impactful measures that organizations can
consider to improve their security posture.
These learnings are primarily based on our forensic
investigations, supported by various audits, security
testing, incident response, and SOC monitoring
performed between April 1, 2019, to March 31, 2020.

THERE ARE ONLY TWO TYPES OF COMPANIES: THOSE THAT HAVE BEEN HACKED AND THOSE THAT
WILL BE.
– ROBERT MUELLER, FORMER FBI DIRECTOR

Copyright © 2020 SISA TOP 5 FORENSICS BASED LEARNINGS 1

INTRODUCTION

Recently, cyber attackers hacked

the server of a reputed Indian bank
and transferred a huge sum of
approximately 12 million USD. ATM
cash out is a highly planned and WHAT DOES THIS MEAN TO THE ORGANIZATIONS?
choreographed cyber-attack, where
HOW PREPARED ARE ORGANIZATIONS AGAINST THESE THREATS?
the attacker compromises a
payment processor or bank’s WHAT DOES IT TAKE TO BE PREPARED TO TACKLE THESE ATTACKS?
payment back end systems to
siphon money across various ATMs. Security breaches have significantly Security is essential and always
In 2018, hackers transferred over increased in recent times, and the tops the priority list for most
130 million USD from a bank by ingress points for a major number organizations. However, during a
penetrating its network and of cyberattacks are through pandemic situation such as
injecting a fake response malware phishing emails. Hackers are COVID-19, where most businesses
script. SISA observed that continually looking for have taken drastic measures to
subsequently, more than 10 global opportunities to attack, and it is invoke Business Continuity Plan
banks became victims of said that organizations must think (BCP) and have their entire staff
cyberattacks in 12 months, and the ahead of time to prevent such working from home, security in
attacks were made using the same attacks. It takes a small, vulnerable such situations takes center stage.
attack vector. system to break into and make
lateral movements. Most of these
breaches go undetected until the
actual breach happens.

TECH INVESTMENTS AMID COVID-19

How do you see funding in the following areas getting impacted by Covid-19?

AI 39% 43% 18%

Cloud 14% 50% 36%

Data Analytics 26% 55% 19%

DC Infrastructure 30% 50% 20%

Collaboration 16% 32% 52%

Mobility 14% 37% 49%

Networking 15% 54% 31%

Security 7% 37% 56%

Business Transformation 21% 44% 35%

Less No Change More

About 56% of the CIOs stated that there

will be an increase in spend on security. 56 %
- CIO India survey on COVID-19’s
Source: IDG impact on IT jobs and investments

Copyright © 2020 SISA TOP 5 FORENSICS BASED LEARNINGS 2

 INTRODUCTION

It is highly likely that the focus and Due to COVID-19 and work from The foundation of any organization
spend to secure the systems is home mandates, organizations are building a relationship with its
going to increase with changing heavily investing in cloud-based customers is trust. When security is
work environments. Because the tools. We may also see a surge in compromised, then the foundation
shift from a secured and less digital transformation, leading to of trust becomes weak. Loss of
vulnerable infrastructure (where the adoption of cutting-edge business is a high price that most
carrying devices like mobiles, technologies such as Artificial organizations pay for a security
tablets, or pen drives was Intelligence, workplace breach. There are multiple
restricted) to unsecured remote collaboration tools, mobility, etc. As overarching reasons why
working environments, makes the organizations gear up for rapid organizations fail to detect or
systems more vulnerable . With a digital transformation, it is respond to cybersecurity attacks.
vast transformation in mass work pertinent that they also adopt a
from home movements, it is highly holistic security approach that
likely that the systems have takes care of all endpoints and
become more vulnerable to threats. infrastructures with no loose ends.
It only takes a small loophole for an
Malware (including ransomware)
attacker to ingress into a corporate
and account compromises are
network.
stated to have increased with new
work environments. For instance, in the wake of the
COVID-19 situation, SISA warns
The average cost of a data breach
organizations of online skimming.
has reached to $3.92 million, which
The nature of these attacks is
is an alarming number for any
dangerous and hard to detect.
organization. In this situation,
Threat actors use various ways to
taking proactive security steps, and
inject malicious JavaScript into the
following security best practices
target websites and is triggered
can protect organizations from the
when the victim submits payments
dreadful cyber attacks.
on the website.

THREE ESSENTIAL STEPS ORGANIZATIONS NEED TO TAKE:

MULTI-LEVEL TRAINING AVOID MAGIC BOX SYNDROME RIGHT SKILLSET

Extensive training programs for Investing in a security product alone Security skill is in short supply, and
employees, starting with the basics does not ensure an organization's often, getting the right skill set is a
of cybersecurity to best practices, is security. An adequate understanding of challenge. Proactively forming
a mandate. As much as external the environment and implementing it experts' team or relying on external
threats are happening, internal rightly to meet the needs of your experts can be considered.
mistakes could be equally organization is pertinent.
dangerous.

THIS DOCUMENT IS THE ESSENCE OF OUR UNDERSTANDING OF THE ATTACK PATTERNS, THE EVOLVING SITUATIONS,
AND THE POTENTIAL NEW NORMAL THAT THE FUTURE HOLDS FOR MOST ORGANIZATIONS.

Copyright © 2020 SISA TOP 5 FORENSICS BASED LEARNINGS 3

1
Frequent Patching

What it is? Observations

Application releases constitute new updates and Organizations are concerned about downtime or
upgrades both from application functionality and other dependency factors. Thus most organizations
security. Application security updates are highly tend to delay the installation of patch upgrades.
critical for organizations. Most often, updating However, what they don't realize is that with every
security patches has multiple dependency factors delay, the window of opportunity for hackers is
such as reconfiguration of infrastructure, downtime, increasing. Organizations must plan for these updates
proper testing, etc. Fearing business impact, most to be conducted swiftly and regularly for minimal
organizations tend to delay updating the security disruptions. SISA observed that typically
patches, which leads to security systems becoming organizations have a patch cycle of three to six
more vulnerable to threats. Holistic and increased months, depending on the scale of the
security infrastructure is essential with the technical organizations. Also, the observations showed that
evolution and prevalence of cloud applications. organizations tend to ignore the cloud
infrastructure for patch management. When
organizations enable work from home and usage of
cloud solutions, virtual machines must also get
patched. Delay in security patching has become
more relevant, especially during COVID-19 situations
where most organizations' employees are working
from home for longer durations. Often organizations
perceive that security is the primary responsibility of
the cloud service provider; however, the end-user
organization holds an obligation towards security
patching as one of the key responsibilities.

Copyright © 2020 SISA TOP 5 FORENSICS BASED LEARNINGS 4

 1. FREQUENT PATCHING

Mitigations

Frequent patch management is With the increased usage of cloud Most organizations adopt a
essential to safeguard systems or applications, the environment is differentiated approach, where
applications. Benchmarking against now gone beyond Data centers. patches on mission-critical
CIS (Center for Internet Security) Organizations must adopt holistic applications take place promptly,
provides necessary guidance to security that goes beyond but there exists a lesser priority on
ensure that infrastructure is on par traditional datacenters and non-mission critical applications.
with the latest security norms. operating systems. But the However, paying attention to all
approach must include network non-mission critical applications
devices, OEMs, Hyper-Vs, 3rd party and ensuring quarterly patches at
applications, etc. the minimum is essential to avoid
security lapses, as often these
applications become the primary
ingress points into corporate
networks for attackers.

Organizations must follow top

business imperatives for successful
patching like regular system
rebooting to address patch updates.
Define SLAs on patch update with
third party vendors incase of
dependent applications, embrace
automation to better manage the
voluminous data and IT assets.
Vulnerability assessment must be
carried out frequently to ensure
security.

ALMOST HALF OF RESPONDENTS (48%) REPORT THAT THEIR ORGANIZATIONS FACED ONE OR MORE
DATA BREACHES IN THE PAST TWO YEARS. 60% OF THESE RESPONDENTS SAY THESE BREACHES
COULD HAVE OCCURRED BECAUSE A PATCH WAS AVAILABLE FOR A KNOWN VULNERABILITY BUT NOT
APPLIED.
– PONEMON INSTITUTE LLC, COSTS AND CONSEQUENCES OF GAPS IN VULNERABILITY RESPONSE

Copyright © 2020 SISA TOP 5 FORENSICS BASED LEARNINGS 5

2
Address Application
Vulnerabilities

Overview Observations
Often as an initial intrusion point, most hackers tend SISA’s forensic investigations conclude that
to target vulnerable applications like HRMS systems, application security vulnerabilities are one of the
CRM, etc. Hacking one of these applications is not the top contributors to breaches. Also, SISA observed
end game; hackers leverage these ingress points to that Application Vulnerabilities resulted in most
make lateral movements, to access more confidential common exploits, including SQL injection,
and sensitive IT assets/ data. Hence, paying utmost command injection, and insecure cryptographic
importance to security, starting from inception to storage. Open source components and their usage
deployment is highly critical and often, takes back are prevailing in the industry. When codes are loosely
seat during rushed release cycles of an application. used without vetting for proper security, then the
While solutions like Web Application Firewall (WAF) possibility of opening the application with security
can be used to counter application security issues, loopholes is far higher. While DevOps has created
addressing the root cause via its development code is noise in the industry for its agility and faster releases,
still an essential and unavoidable aspect to make an it also comes with its set of challenges of ignored
application secure. security. Considering the nature of DevOps,
organizations tend to make more frequent and faster
releases. With various release pressures, security is
often ignored, or not channelized, through proper
testing mechanisms. Besides, frequent application
changes, including new features and opening APIs,
SOAP requests, lead to the exploitation of hosted
application libraries. Security is not just about
technology; it is also the culture. Oftentimes, security
does not come as a practice. Resources are more
focused on feature-based development of
applications and pay less attention to security
practices leading to the development of vulnerable
apps. Security flaws are often discovered at grass root
levels and must be rectified at the development
stage. Lack of trained resources on secure coding is a
great contributor to issues in applications.

Copyright © 2020 SISA TOP 5 FORENSICS BASED LEARNINGS 6

 2. ADDRESS APPLICATION VULNERABILITIES

Mitigations

Thorough vetting of open source As part of DevOps, Continuous Security by design is often
codes and not a mere copy-pasting Integration (CI) and Continuous neglected. Most applications are
is essential. Delivery (CD) must embed security tested for security during the
from the beginning of the testing phase. Imbibing best
development cycle, thereby practices like 3Ds – secure by
following DevSecOps’ best design, secure by development,
practices. Proper testing and secure by deployment is highly
mechanisms using automation critical.
would help speed up processes,
ensure security, and employee
productivity.

The change in the mindset of It is suggested for application Following the process of
developers play a significant role, as developers and penetration testers continuous testing by including
developers are more focused on to follow the OWASP testing guide security best practices such as Red
features. While it is an essential that helps in testing web Team Exercise, Black Box
aspect of application development, applications and web services. Penetration Testing Activities, etc.
but security goes on a back burner. would help organizations in taking
However, paying attention to that additional measure towards
security right from design plays an securing their applications.
important role. A developer’s Including all web interfaces,
mindset must change to embed respective roles, and web services
security right from inception. as part of application security
testing is also essential.

Web interfaces and web services Security testing is usually

must be included as part of web conducted in the UAT (User
application security testing. Acceptance Test) environment to
Similarly, a Web Application Firewall ensure the smooth functioning of
(WAF) must be configured to production systems. However, fixes
monitor all web interfaces and discovered in the UAT environment
services. must be replicated in the
production environment and is a
highly critical measure to ensure
application security.

THE HIGHEST SECURITY RISKS TO THE ORGANIZATION CAME FROM A CUSTOMER-FACING WEB
APPLICATION (49%) FOLLOWED BY INTERNAL BUSINESS APPLICATIONS AT 22% AND THE REST FROM
MOBILE APPLICATIONS AND EMBEDDED DEVICES (IOT).
– RSA

Copyright © 2020 SISA TOP 5 FORENSICS BASED LEARNINGS 7

3
Intelligent Monitoring

What it is? Observations

With every action on the system, a log gets recorded. Any organization posed with a threat has a small
These logs are monitored to detect security threats. window of opportunity to tackle the threat. SISA
When the logs are not effectively monitored, then the observed that, on an average, an intruder resides in
systems are more susceptible to breaches. With the company network for about 180 days. While 180
specific pre-defined rules in place, the logs are days may seem like much time, it is not a simple task
continuously monitored for any potential threats. to detect intruders unless the organization has robust
However, as technology is evolving the monitoring of threat monitoring systems. One of the key
activities has become more intelligent. AI-driven contributing factors to security threats are
monitoring, or in other words, intelligent monitoring, heterogeneous environments. With a workforce
is gaining traction and goes beyond basic automation spread across the globe, increased use of devices,
and can monitor even unstructured data, including both personal and professional, BYOD policies, and
user behavior. increased adoption of cloud technology, the extent of
monitoring has significantly expanded. Are
organizations prepared to handle such an extensive
network of devices?

Most organizations have log monitoring based on

simple rules and basic automation. Adoption of
AI-driven intelligent threat monitoring helps
organizations be more proactive than reactive to
threats. The advancement in technology can now
help organizations in threat hunting to identify
attacks based on TTP (Tactics, Techniques, and
Procedures).

Copyright © 2020 SISA TOP 5 FORENSICS BASED LEARNINGS 8

 3. INTELLIGENT MONITORING

Mitigations

Organizations must conduct a Monitoring should not be just As technology becomes

holistic tagging and logging of all reviewing of reactive correlation sophisticated and endpoints
devices in their infrastructure and alerts from SIEM soutions. SISA increase in numbers, the system
not just their critical systems. It is recommends proactive threat becomes more vulnerable to
one of the crucial steps to detect hunting as a mandatory threats. Hence, basic rule-based
attacks and to ensure all devices component in the organizations’s automation will not suffice to
are under the radar of monitoring. SOC monitoring process. fine-comb all threats. Adoption of
AI and moving towards intelligent
threat monitoring solutions like
Managed Detection and Response
(MDR), takes organizations to meet
larger goals of monitoring and go
deeper.

Alert fatigue is a result of extensive

log monitoring and frequent alerts.
By continuous revisiting and
refining of rules to manage and
meet the changing needs of an
organization, helps to improve the
process as well as potentially
decrease the alert fatigue.

BY 2022, 50% OF ALL SOCS WILL TRANSFORM INTO MODERN SOCS WITH INTEGRATED INCIDENT
RESPONSE, THREAT INTELLIGENCE, AND THREAT-HUNTING CAPABILITIES, UP FROM LESS THAN 10% IN
2015.
– GARTNER

Copyright © 2020 SISA TOP 5 FORENSICS BASED LEARNINGS 9

4
Diligent Access
Management

What it is? Observations

Access management to applications is compromised Lack of clear definition of access privileges and
when an attacker gets hold of access credentials by scenarios based on which a user is granted access
brute forcing or other means. Shared user IDs, service has led to a series of breaches and is one of the most
accounts that are outside the scope of password significant contributors. SISA observed that the
policies, and privileged user accounts are typical other common reason leading to breaches is the
targets for breaches. Knowing these threats and use of poor passwords or careless management of
diligent definitions of access privileges can help an passwords. Weak passwords, like using birthdate,
organization reduce its cybersecurity risks. company name, home numbers, etc. that one can
easily guess leading to hackers gaining access to
critical applications. Other critical initiatives that
organizations do not follow actively are monitoring
and reviewing access logs periodically and
implementing Two Factor Authentication.

Copyright © 2020 SISA TOP 5 FORENSICS BASED LEARNINGS 10

 4. DILIGENT ACCESS MANAGEMENT

Mitigations

Organizations procure software and Securing the passwords by using Multifactor authentication is a
often have shared users. Repeated password vaults and using strong critical mitigation factor to avoid
usage of access credentials can password credentials is essential. breaches.
lead to weakening of the system
security, and hence, organizations
must avoid shared user access.

Implementing robust Privileged access management Creation of Access Control Matrix,

authentication mechanisms solution must be implemented that mapping all users and their
between application and database provisions temporary access on a privileges helps the organizations
using proper key management and need basis and for finite or defined to track and monitor the access
encrypting database string is duration. privileges, continuously.
necessary.

Ensure that access audits are in

place and are conducted
periodically. Also, it is necessary to
review access privileges to meet
changing needs.

THE AVERAGE NUMBER OF PRIVILEGED ACCESS POLICY VIOLATIONS FOR A YEAR IS 3.2, AND THE
AVERAGE COST TO THE ORGANIZATION TO RESPOND AND REMEDIATE THE POLICY VIOLATION IS $5,580.
– ENTERPRISE MANAGEMENT ASSOCIATES (EMA) SURVEY

Copyright © 2020 SISA TOP 5 FORENSICS BASED LEARNINGS 11

5
Proper Incident Response
& Forensics

What it is? Observations

There are two kinds of organizations, one that has The objective of incident response is to detect threats
been breached and the other one that does not know and handle the situation in a way, which limits
about the intruder residing in their systems. Hence, damage and reduces recovery time and costs. Most
organizations either detect or respond to the cyber companies tend to pause their Incident Response
attacks. Incident response is an organized approach activities, once they detect and contain a threat.
to addressing and managing the aftermaths of an IT However, SISA observed that preliminary forensics
incident, computer incident or security incident. is required for organizations to understand the
However, the question is, are organizations prepared pattern of attacks and prevent future attacks.
to tackle and respond to such attacks? It is pertinent Because, once the intruder has got a firm
for organizations, to adopt the right approach and understanding of the environment, then the
have a proper response mechanism in place, and likelihood of this intruder penetrating the systems
most importantly, to execute this without causing any again are high. Organizations conducting forensics,
major disruptions and responding promptly. possess a better understanding on the nature of an
attack, identifying the intruder, understanding the
source, contributing factors, and potentially avoid a
relapse.

Copyright © 2020 SISA TOP 5 FORENSICS BASED LEARNINGS 12

 5. PROPER INCIDENT RESPONSE & FORENSICS

Mitigations

Running forensics in third-party Security is a very niche skill. Most Organizations must follow an
managed infrastructure can be often, finding the right skill set to incident response plan,
challenging due to high address the security threats is due encompassing four critical phases,
dependency on the infrastructure to lack of proper skills within an preparation, detection and
providers and could potentially organization. Finding the right analysis, containment, eradication,
delay the response time. Thus, talent or engaging with and recovery and post-event
organizations must have defined cybersecurity experts on a activity (ref: NIST).
agreements with these providers retention basis would be essential.
for necessary support during the
forensics activity.

An organization’s incident response

plan must be tested and
documented. Further, conducting
cybersecurity drills, at least once a
year, Tabletop Testings about once
a month, etc. should be mapped
with Business Continuity Plans
(BCP).

OF THE SEVERAL FORENSIC AUDITS CONDUCTED, SISA OBSERVES THAT 9 OUT OF THE 10 COMPANIES
DO NOT HAVE A DEFINED GAME PLAN TO DEAL WITH SUSPECTED COMPROMISE IN THE ENVIRONMENT.
– SISA

Copyright © 2020 SISA TOP 5 FORENSICS BASED LEARNINGS 13

 CONCLUSION

Securing your organization is not about introducing

complicated and expensive infrastructures or
solutions. It is a myth that deploying a security
solution will solve security challenges. An
organization's security is defined on the basis of
process, people, and technology. It is not a one-time
solution but rather a continuous commitment of
learning, self-assessing, planning actions, and
revisiting the plans frequently to ensure that it
continues to meet organizational needs. The five
learnings can act as a foundational metrics for an
organization's security posture. We recommend you
to assess your organization’s security stance against
the five learnings and deploy necessary action items
immediately.

SISA’S RECOMMENDED SECURITY APPROACH FOR TOP 5 LEARNINGS

SELF-ASSESSMENT ACTIONING REVISITING

Understanding and assessing your Upon identifying areas of Revisiting your security action
organization's security improvement, draw an action plan plans frequently to ensure the
infrastructure against these five to implement security best continuity and alignment with the
learnings practices and solution to oranizational needs and goals
strengthen organization's security
▶ Frequent Patching Frequent communication of these
and mitigate threats
▶ Application vulnerabilities security plans and educating
▶ One thing to continue people about them on a consistent
▶ Intelligent Monitoring
▶ One thing to stop basis
▶ Access Management
▶ One thing to start
▶ Incident Response and
Forensics

Copyright © 2020 SISA TOP 5 FORENSICS BASED LEARNINGS 14

 OUR OFFERINGS
STRATEGIC ADVISORY

SISA IS A 1. Risk Assessment [Enterprise, Functional and

Technical Risk Assessment]
2. Cloud Security Assessment
FORENSICS-DRIVEN 3. ISO 27001
4. Privacy [GDPR, CCPA, etc]
CYBERSECURITY SECURITY BEST PRACTICES TRAINING
1. CPISI
COMPANY WITH 2. CPISI-D
3. CIDR
CLIENTELE ACROSS 55 4. CPISI-PIN
5. Payment Security Awareness [PSA]
COUNTRIES. 6. CISRA
AUDIT AND ASSURANCE
1. PCI DSS [Includes FSAQ]
As a PCI Security Standards Council accredited 2. PCI PIN
forensic investigator, we leverage our deep forensics 3. PCI 3DS
4. Pay Sec [SSF]
intelligence in our goal to 10X our customer security 5. P2PE
posture in every engagement. We at SISA, strive to 6. Regulatory Compliance [UIDAI, RBI PSS, SAR Audits]
deliver this through true security, on-time delivery,
MANAGED DETECTION AND RESPONSE [S-SOC]
and fanatic support brand promises in each of our 7 1. Synergistic SOC Monitoring
different offerings: 2. Brand Monitoring

▶ Strategic Advisory SECURITY TESTING - TSS LABS

▶ Audit and Assurance 1. Red Team
2. Application Security Testing
▶ Security Testing [TSS Labs] 3. Network Pen Testing
▶ Security Best Practices Training 4. Vulnerability Assessment
5. Vulnerability Management
▶ Managed Detection and Response [S-SOC] 6. Secure Code Review
▶ Cyber Security Products CYBER SECURITY PRODUCTS
▶ Security Incident Response and Forensics [SIRF] 1. Tipper [Data Discovery and Privacy Ops Tool]
2. Hunter (Beta)
3. RA [Formal Risk Assessment Tool]
4. Monitor (Beta)
5. Eagle Eye (Alpha)
SECURITY INCIDENT RESPONSE AND FORENSICS - SIRF
1. Payment Forensic Investigations
2. Internal Forensic Investigations
3. Fast Incident Response
4. SIRF Retention Agreement

ALL THE ABOVE STREAM OF OFFERINGS PERIODICALLY INCORPORATE OUR LEARNINGS FROM FORENSIC INVESTIGATIONS. THIS HELPS US
STRENGTHEN OUR CUSTOMER SECURITY POSTURE, THEREBY REDUCING THE BREACH EXPOSURE OF OUR CUSTOMERS DRAMATICALLY.
GLOBAL PRESENCE

AMERICAS EUROPE ASIA PACIFIC

SISA Information Security Inc. SISA Information Security Ltd. SISA Information Security Pte. Ltd.
Las Colinas The Urban Towers, 81 Bellegrove Road, 101 Cecil Street, #17-09,
222 West Las Colinas Boulevard, Welling, Kent - DA16 3PG, Tong Eng Building,
Suite 1650, Irving, Texas 75039, USA. United Kingdom. Singapore (069533).

UAE KSA SAARC

SISA Information Security FZE SISA Information Security SISA Information Security Pvt. Ltd.
P.O.Box 37495, Novotel Business Park, Tower 2, No. 3029, 13th Main Road,
Ras Al Khaimah, 1st Floor, Unit No. 43, 32232-6140, HAL II Stage, Indiranagar,
United Arab Emirates. Dammam, Saudi Arabia. Bangalore - 560008, India.

BAHRAIN & AFRICA AUSTRALIA

SISA Information Security WLL. SISA Information Security Pty. Ltd.
Gulf Business Center, '9A' , 139 Minjungbal Drive,
Suite # 1119 at Al Salam tower, Tweed Heads South, NSW 2486,
11th Floor, Building 722, Road 1708, Australia.
Block 317, Kingdom of Bahrain.