MarketWolf Securities Private Limited is a prominent trading platform, catering to 1.7M+ users, offering an engaging and fast trading experience. Being a SEBI-registered trading company, compliance with regulatory directives, particularly regarding cybersecurity, is paramount. Following the SEBI Circular SEBI/HO/ITD_VAPT/P/CIR/2023/033, MarketWolf identified the need to strengthen its cybersecurity infrastructure, particularly focusing on SOC solutions with SIEM and SOAR capabilities, as well as conducting quarterly audits and VAPT assessments. To ensure compliance with SEBI regulations and enhance its cybersecurity posture, MarketWolf partnered with Threatsys, a trusted cybersecurity firm specializing in SOC solutions and compliance services along with cyber security testing services. Through its flagship product CYQER, Threatsys offers comprehensive SOC as a Service, providing MarketWolf with advanced real-time 24×7 threat detection and monitoring, incident response, and regulatory compliance capabilities with FIM, SOAR, UEBA, etc.

MarketWolf faced the challenge of ensuring robust cybersecurity measures to safeguard its users’ data, financial transactions, and overall infrastructure. Compliance with SEBI regulations necessitated a comprehensive approach to cybersecurity, including the implementation of SOC solutions, conducting regular audits and assessments, and ensuring data localization.

The scope of the collaboration between MarketWolf and Threatsys extended beyond mere compliance to proactive cybersecurity measures. It included:

• Cyber Security as a Service (CSaaS): Threatsys delivers CSaaS through CYQER, offering MarketWolf round-the-clock monitoring, threat intelligence analysis, and incident response capabilities. This comprehensive approach enhances MarketWolf’s cybersecurity posture and enables proactive threat management.
• SEBI Compliance Audit: Conduct audits aligned with SEBI regulations, including VAPT assessments, system audits, and data localization audits, to ensure adherence to regulatory requirements.
• Collaborative Partnership:  Threatsys and MarketWolf establish a collaborative partnership aimed at long-term cyber resilience. By sharing expertise, knowledge, and best practices, both parties work together to address emerging cybersecurity threats and stay ahead of regulatory changes.
• SOC as a Service: Providing SOC solutions encompassing SIEM and SOAR capabilities, offering real-time monitoring, threat detection, and incident response services to proactively mitigate cybersecurity risks.
• CERT-in Cybersecurity Audit and ISO 27001 Compliance: Conduct regular CERT-in cybersecurity audits to assess the effectiveness of existing controls, identify potential weaknesses, and implement remediation measures. Conducted ISO 27001:2022 ISMS Compliance and issued the Certification from UAF Accrediation with our certification body.
• DLP Solutions: Implementing DLP solutions to prevent unauthorized data exfiltration, ensuring the confidentiality and integrity of sensitive information.

Securing 1.7M Users of MarketWolf and Protecting MarketWolf with CYQER and our efficent vCISO Services: CYQER’s holistic cybersecurity approach, encompassing SOC solutions, compliance audits, and DLP measures, played a pivotal role in safeguarding MarketWolf’s users and infrastructure. Through proactive threat management, regulatory compliance, and ongoing collaboration, MarketWolf and CYQER demonstrated their commitment to cybersecurity excellence, setting a benchmark for the industry and ensuring a secure trading experience for millions of users.

Mr. Deepak Kumar Nath serves as the virtual Chief Information Security Officer (vCISO) for Marketwolf. His role encompassed developing robust security strategies, conducting risk assessments, ensuring compliance with industry regulations, and protecting digital assets against cyber threats.

The collaboration between MarketWolf Securities Private Limited and Threatsys yielded tangible results:

• Enhanced Cybersecurity Posture with Cyber Security Testing : MarketWolf strengthened its cybersecurity defenses, mitigating risks, and vulnerabilities identified through comprehensive assessments and audits.
• SEBI Compliance with Security Audit and it’s Review : MarketWolf achieved full compliance with SEBI regulations, thanks to CYQER’s expertise in conducting audits, implementing controls, and facilitating regulatory adherence.
• Long-Term Cyber Resilience with SOC Solutions: The strategic partnership between MarketWolf and CYQER laid the foundation for long-term cyber resilience, enabling proactive threat management, continuous improvement, and adaptation to evolving cybersecurity challenges.
• Improved User Trust with Regular Monitoring and Security Updates: By prioritizing cybersecurity and regulatory compliance, MarketWolf reinforced user trust, assuring its 1.7M+ users of a safe, secure, and compliant trading environment.

In conclusion, the collaboration between MarketWolf Securities Private Limited and Threatsys, powered by CYQER and its Cyber Security as a Service, represents a significant milestone in bolstering cybersecurity measures and ensuring SEBI compliance in India. By leveraging Threatsys’ expertise and CYQER’s advanced capabilities, MarketWolf successfully navigated the SEBI CERT-IN Cyber Security Audit process in bhubaneswar, demonstrating adherence to regulatory standards and commitment to user protection.

The implementation of SOC as a Service provided round-the-clock security monitoring and incident response capabilities, enabling proactive threat detection and mitigation. Additionally, the deployment of DLP solutions further fortified MarketWolf’s defenses, safeguarding sensitive data from unauthorized access and ensuring compliance with SEBI regulations.

Through comprehensive cybersecurity audits, including VAPT assessments and application security evaluations, MarketWolf proactively addressed vulnerabilities and enhanced its resilience against cyber threats. Furthermore, CYQER’s focus on mobile app security ensured the integrity and safety of MarketWolf’s trading platform across various endpoints.

In essence, the partnership between MarketWolf and Threatsys, supported by CYQER, exemplifies a proactive approach to cybersecurity, driving continuous improvement, regulatory compliance, and user trust. As the landscape of cyber threats continues to evolve, MarketWolf remains well-equipped to navigate the dynamic challenges of cybersecurity in the financial industry, safeguarding its operations and protecting the interests of its 1.7M+ users.

Food, Supplies and Consumer Welfare Department is a composite Department with the status of both Secretariat and Directorate. Hon’ble Minister, F.S. & C.W. is Minister in charge of the Department. Food, Supplies and Consumer Welfare Department, Government of Odisha created the 4 pillar systems i.e PDS System, Directorate of Legal Metrology, Grievance Redressal System, Food Odisha Portal.

PDS ( Public Distribution System ) Welfare Scheme, The system identifies & categories the weaker section of the population as targeted beneficiaries under various schemes. They receive ration cards from the government to claim their entitlements in the form of specific quantities of essential commodities from the retail outlets every month. The significance of PDS lies in its effort to distribute food grains equitably, & at a fairly low price to the poor of the society. Rice, Levy Sugar and APL Wheat are distributed through public distribution system

Directorate of Legal Metrology, The Legal Metrology wing of the state of Odisha is functioning at the Directorate of Legal Metrology under the Food, supplies & Consumer Welfare Department of Government Headed by a senior most administrative officer designated as Controller of Legal Metrology. All the consumers generally purchase the goods either in Weight or in volume or in length or in numbers etc and the responsibility has been cast upon this organization to ensure that the consumer gets the correct quantity whether it is in Weight, in volume, in length or in numbers for which he has paid the money to the consumer. The Department is engaged in regulating use of correct weighing and measuring instruments in production, trade and commerce to ensure that exact weight, measure and number of any commodity is provided to any customer as contracted for, or paid for by him. It also safeguards consumers’ interest by ensuring mandatory declarations on packaged commodities.

Grievance Redressal System, primarily covers the receipt and processing of complaints from citizens and consumers, a wider definition includes actions taken on any issue raised by them to avail services more effectively for Ration Card under Food, Supplies and Consumer Welfare Department.

Food Odisha Portal, that consists of Transparency Portal with PDS Depots and FPS Delaer and Procurement Societies and Registration. One Portal that managed all Ration Card Management with Farmer Registration, Verified Famer, Procurement Status under PPAS, Farmerwise Payment Status, Societies Engaged, Dealer List, Stock Management, Dealer List and all.

The Food Supplies and Consumer Welfare (FSCW) Department of the Government of Odisha is responsible for managing critical information related to food supplies and consumer welfare, including the Public Distribution System (PDS) welfare scheme, which benefits a large number of citizens. The PDS scheme deals with sensitive information that pertains to the management of ration cards for 2.5 crore citizens under the One Nation One Card initiative. Given the high level of sensitivity of this information, accessing and testing it can be challenging, as it requires the maintenance of strict confidentiality measures.

To address this challenge, the FSCW Odisha has developed four major applications, including the Directorate of Legal Metrology, Grievance Redressal System, Ration Card Management System, and the FSCW PDS Application, each of which must be tested separately to ensure that they meet the necessary security requirements by Threatsys Technologies, The Leading Cyber Security Testing Service Provider in Odisha, India. The primary objective of this testing is to perform a penetration testing and cybersecurity audit on all modules, in accordance with the CERT-in Security Guidelines and other security frameworks such as the OWASP Top 10 and SANS Top 25 Vulnerabilities.

The primary focus of this web application security testing is to ensure the integrity and confidentiality of the data and application, enabling all online citizen services provided by the Government of Odisha to be securely managed throughout the state. Given that the portal deals with different levels of privileges, it is crucial to thoroughly check the permission-based access controls within different user access controls for each of the applications. By doing so, the FSCW Odisha can ensure that its applications are secure, safeguarding sensitive information, and providing reliable and secure services to the citizens of Odisha.

Threatsys, the well-known CERT-IN Cyber Security company of India, has appointed eight security researchers under the Project and Delivery Manager. In order to gain a better understanding of the application, the team thoroughly studied the workflow of the four modules before conducting any security testing. The testing was carried out on a host that was hosted on the staging server, using a variety of commercial cyber security tools, including Burp Suite, IBM App Scan, WhiteHat DAST, Veracode, Acunetix, Intruder, Netsparker, HCL Appscan, Qualsys Web Apps Scanner, OWASP Zap, SAINT, and Tenable.

During the manual testing phase, the team engaged in both black box and white box testing and identified significant security issues in the four applications managed by the Food Supplies and Consumer Welfare (FSCW) Department of the Government of Odisha. One of the applications was found to be vulnerable to Account Takeover due to a misconfiguration, which enabled the team to tamper with the victim’s email and redirect the reset link to the attacker’s email address. To remedy this issue, the team recommended implementing server-side validation of emails sent in response to a request, in order to verify whether they belonged to the requested user or not. With the coordination of the development team, this issue was resolved by adding server-side validation and removing the email parameter from the request.

The team also discovered multiple privilege escalation issues due to the lack of access controls in API requests. As a result, low-end users were able to access admin functionalities, compromising the system’s security. In addition, several other bugs were discovered and reported to the developers with detailed reports on their impact, evidence, and remediation strategies. The team worked closely with the developers to ensure they had a clear understanding of the issues and could address them promptly.

Overall, the team identified more than 35 bugs across all the portals of FSCW, including six critical and 13 high-level vulnerabilities. All projects were delivered and retested within the set deadline, with the development team taking three weeks to fix all the raised security gaps. Threatsys remains committed to ensuring the integrity and confidentiality of the data and applications it works on, helping to safeguard sensitive information and online citizen services managed by the Government of Odisha.

Threatsys has successfully completed the cyber security testing and CERT-IN Security audit project with the utmost diligence and professionalism. The company provided Initial Version 1 and Final Version 2 Reports with the appropriate support on time, and according to the proper security implementation, which has helped to issue the CERT-In VAPT certificate for all four modules of the Food, Supplies and Consumer Welfare Department, Odisha Government

All the modules of Food, Supplies and Consumer Welfare Departments are hosted in the state data centre, ensuring the highest level of security and reliability. The successful completion of the project means that citizens of Odisha can now use the Ration Card Management, PDS System, and Grievance System applications securely. These applications are now well-protected against external threats, and the highly sensitive data they process, store, and fetch are done so flawlessly. Threatsys is the No.1 Cyber Security Testing Company in bhubaneshwar that protects the data of all the citizens of Odisha and responsible for their security, integrity and privacy.

The UT dashboard is a groundbreaking endeavor by the Government of Jammu and Kashmir to use Big Data and Analytics to drive crucial administrative decisions. This technology-first strategy is driven by the government's determination to seamlessly integrate transparency and governance by facilitating the rapid flow of information from the grassroots to the upper rungs of the UT machinery.

The "UT Dashboard" web platform serves the requirement for real-time monitoring. The UT
Dashboard was established to collect detailed data on ground-level effect, which supports the state administration's two important goals of openness and accountability. The examination of the ground-level impact assists in keeping track of how various administrative departments are operating. The dashboard promotes the flow of information from the lowest to the top of the state administrative hierarchy.

Our task was to test the website for the top ten OWASP vulnerabilities and to assist the developers in addressing any potential risks in accordance with CERT-IN and Threatsys Web Apps Penetration Testing Guidelines. The application must handle sensitive data and may be required to consider data privacy and security considerations.

Threatsys Technologies assigned 2 Cyber Security Resources under the Guidance of our CEO, Deepak Kumar Nath. The Threatsys Red team is started this project by performing Black Box Testing, White Box Testing along with our Industry Centric Checklist.

After testing the Web Application from the production URL, we discovered many problems that have been classified as Critical, High, Medium, and Low based on their severity. Our team is always striving to provide developer-friendly reports that are readily readable and include clear proof of ideas. We create proof-of-concept video with adequate evidence so that security problems may be simply understood and corrected. We have assigned a time frame to each Severity category in
which the issue must be resolved. During that time, our staff was often assisting the developers in resolving such difficulties as rapidly as possible. After the patch was performed, our team reaudited the application to ensure that the fixes were done correctly.

Threatsys issued the CERT-IN Safe to Host Certificate, and the UT Dashboard is successfully hosted in the State Data Center. Because it belongs to the government of Jammu and Kashmir, it is safely managed to authenticate with all of Jammu and Kashmir's departments for their monitoring process, perfect management and procedure, and secure information storage for everyone.

As a global player in the telecoms industry, Vodafone’s reputation thrives on their ability to innovate and adapt to market trends. To that end, the Marketing Academy in Vodafone was seeking a relevant, in-depth and effective professional education course to sharpen the digital skills of their workforce.

As Head of Global and Commercial Learning and Development at Vodafone, Mohsin Ghafoor’s task was to raise standards in digital marketing, across the group.

“Our aim was that every marketer at Vodafone reaches what we would describe as a minimum acceptable standard of digital marketing skills, knowledge, and capability, and be able to apply that to their day job and have an impact on our customers.”

But not only does Vodafone have a very large workforce, it is also spread all over the world. Natasha Brookes is a Learning and Development Specialist at Vodafone. For her, it was clear that a digital marketing course needed an online solution.

“Vodafone is a large global organization. In order to reach all of the marketers within the different markets, what better way to do it than having one place where marketers can come and learn? And it will be a consistent learning approach.”

The Digital Marketing Institute realized early on that Vodafone is a company that wants to set the pace, not just keep up with it. They didn’t just want a foundation to their digital marketing, they also wanted to train their staff to be up-to-date and current in their knowledge and skills, so they could anticipate what their customers would want.

“I had the greatest degree of confidence in the Digital Marketing Institute, both in terms of quality of content and their global certification standard, which we could apply across all of our markets,” stated Ghafoor

Fortunately, the Vodafone Marketing Academy had a learning management system, or e-learning system, already set up. Having a learning management system meant that their staff already knew the benefits of learning online. The next step was to find the right partner, to provide the content the company needed.

To get Vodafone started, The Digital Marketing Institute began by carefully picking topics and courses that were most relevant to Vodafone and their staff. They then agreed a global user license that gave Vodafone’s staff access to 15 of the DMI modules. Their staff could choose from modules in both the Professional Diploma in Digital Marketing and from the Specialist Diplomas.

The Digital Marketing Institute team then worked with Vodafone to integrate core modules and content into their e-learning system to make it easy for their global workforce to train together, wherever they were, and whenever it suited. The video-based learning content is now used by Vodafone Marketing Academy staff all over the world.

A launch was also successfully supported by with a range of creative promotions – from e-flyers to newsletters and helped generate awareness and enthusiasm for the courses through internal campaigns. Today, The Digital Marketing Institute continues to work with Vodafone to certify their workforce, and help the company realize their full digital potential.

“I found the relationship to be a really positive one. One that was constructive. It certainly felt to me that what I was saying about Vodafone’s needs and requirements in this space was being listened to,” concluded Mohsin.