Vulnerability Management

The vulnerability management program at Infosys follows best-in-class industry practices coupled with top-notch processes that have been evolving over the years. Rich experience of deftly managing end-to-end vulnerability life cycle of Infosys Network and the constant hunger to stay abreast of the latest tools, technologies and related market intelligence have acted as a catalyst in fortifying the overall vulnerability management program.

A robust enterprise vulnerability management program builds the foundation for healthy security hygiene of an organization. The following practices have been put in place at Infosys for,

1. Real time asset discovery followed by instantaneous identification of vulnerabilities, misconfigurations, and timely remediation
2. Automation of vulnerability management, configuration compliance, security assessments and review for assets, applications, network devices, data, and other entities in real time
3. Close coupling of detection and remediation processes; auto prioritization to reduce the turnaround time for closure of detected vulnerabilities
4. Continuous monitoring of all public facing Infosys sites and assets for immediate detection of vulnerabilities, ports, or services
5. Regular penetration testing assessments and production application testing for detection and remediation of vulnerabilities on a real time basis

The vulnerability remediation strategy of Infosys focuses on threat-based prioritization, vulnerability ageing analysis and continuous tracking for timely closure. We have successfully eliminated the ticketing system for vulnerability tracking by establishing a continuous detection and remediation cycle, where the IT teams are enabled and onboarded onto the vulnerability management platform. A Cybersecurity awareness culture is nurtured, and teams are encouraged to proactively remediate the vulnerabilities reported on their assets or applications.

Supply Risk Management

A comprehensive supplier security risk management program at Infosys ensures effective management of potential security risks across the various stages of supplier engagement. The process comprises of,

• Categorization of the suppliers based on the nature of the services provided and the sensitivity of the data involved.
• Defining standardized set of information security controls as applicable to each category of supplier
• Defining, maintaining, and amending relevant security clauses in the supplier contracts as applicable to each category of supplier
• Due diligence, security risk assessment for effective management of the information security risks associated with suppliers

Defining and monitoring of key security metrics for suppliers (e.g., background check, security awareness training completion, timely interventions with regard to information security incidents etc.) threat intel tracking and governance further strengthens the Infosys supplier security risk management program.

Cybersecurity Competency Development

With the increasing demand for Cybersecurity jobs and a skilled workforce, Infosys has taken several measures to counter the Cybersecurity talent shortage as well as in skilling, retaining, and diversifying its Security workforce in areas such as application Security / Secure development lifecycle.

Cybersecurity team members undergo technical as well as behavioral trainings on an ongoing basis. Infosys leverages internal training programs, as well as external bodies / agencies with Cybersecurity subject matter expertise, with a strong focus on learning through the classroom as well as on-the-job trainings.

• Over 2400 professionals were trained & 1900 certified across various Cybersecurity domains. These training programs comprises of advanced partner programs from OEM, external agencies and internal Cybersecurity training facility.
• Over 1400 professionals have been trained in AI and other new age technologies.
• Launch of Cyber Aspire Program, as part of which various professionals are trained in niche Cybersecurity domains. Along with this, structured curriculum for freshers and various bridge programs have been launched for upskilling and cross-skilling of cyber professionals.
• Infosys continues its partnership with NIIT to have its professionals undergo a Cybersecurity Master’s Program.

Nurturing, and Upholding, a Robust and Sustainable Cybersecurity Culture

At Infosys, driving a positive and sustainable Cybersecurity culture is one of the key constituents of our robust Cybersecurity strategy. We embrace top-notch tools and technology to strengthen our Cybersecurity stance and have an equally razor-sharp focus to bolster people security and keep fostering a security-first mindset among Infoscions. Various measures are in place to nurture a confident and empowered Cybersecurity culture. At Infosys, we embrace the Secure by Design (SbD) principles at an organizational level with a focused SbD campaign running org-wide, and multiple trainings offered to drive awareness on SecureSDLC. There are various other diverse and proactive communication campaigns driven across the organization via different awareness means / tools, including – posters, cyber comics, employee handbook, caselets, cyber security scorecard, newsletter, advisories, emailers, push messages, annual mandatory awareness quiz, gamification, SME Cyber Talks, information security courses on the internal training platform, sessions, videos, podcasts, fireside chats, blogs, panel discussions, focused social engineering awareness, thought leadership messages, annual flagship event -celebrating the cybersecurity week etc. There is also a video-based, animated, and interactive e-Learning certification program that helps drive positive security behavior amongst the Infoscions.

Innovations for our clients

Infosys innovation-led offerings and capabilities:

Infosys Cyber AI, powered by Infosys Topaz, helps customers amplify their defender potential, build effective cyber defenses and enable accurate decision making by leveraging platform-centric Gen AI capabilities. We help enterprises Renew, Re-Architect and Re-imagine their entire cyber strategy through AI with a focus on risk resilience. This helps us become a trusted cybersecurity partner for enterprise customers.

Cyber Next platform powered Services help customers stay ahead of threat actors and proactively protect them from security risks. Our pre-engineered packaged and managed security services help monitor, detract and respond by getting extensive visibility and actionable insight through threat intelligence and threat hunting. Our offerings ensure risk-based vulnerability management by providing a comprehensive single pane of glass posture view. We have made huge progress in the Cyber Next platform powered service delivery through various modules - Cyber Watch, Cyber Intel, Cyber Hunt, Cyber Scan, Cyber Gaze, Cyber Compass, Cyber Central that ensure comprehensive Managed Protection Detection and Response (MPDR) for our global customers.

Zero Trust Security architecture and solutions to navigate our customers to embrace zero trust security. Key innovation and offerings include Secure Access Service Edge (SASE) delivered as-a service. With SASE as-a Service, we ensure strengthened overall security through cloud delivered security controls and capabilities. Infosys innovation in policy standardization enforce controls at access level, accelerate rollout of service thereby reducing or eliminating legacy tools allowing our customers to reduce overall costs while enhancing end-user experience.

Secure Cloud transformation with Cobalt assets drive accelerated cloud adoption. With Secure Cloud reference architecture and Secure by Design principle we ensure security is embedded as part of cloud strategy, design, implementation, operations and automation.

Industry recognition

• Analyst recognition: Positioned as a Leader in the ISG Provider Lens™ Cybersecurity Services and Solutions (2021, 2022, 2023, 2024)
• Analyst recognition: Positioned as a Leader in the Nelson Hall Cyber Resiliency Services NEAT Assessment 2023
• Analyst recognition: Positioned as a Leader in Everest PEAK Matrix® Assessment Identity and Access Management (IAM) Services 2023
• Analyst recognition: Received the ISG Provider Lens Award 2024 for our domain expertise and presence in the Americas, UK and Germany markets
• Analyst Testimonial: “Infosys’ CyberSecurity Capabilities are a Testament to their Relentless Pursuit of Excellence,” says Gautam Sampath, Principal Security Analyst at Information Services Group (ISG)
• Analyst Testimonial: “Infosys' CyberSecurity Portfolio is a Strong Choice,” says Gautam Sampath, Principal Security Analyst at Information Services Group (ISG)
• Client testimonial – Strengthening Cybersecurity: BECU leaders’ insights on the impact of Infosys Collaboration
• Client testimonial – Cummins and Infosys: Securing Identities Together
• Client testimonial – Infosys provides Managed Protection, Detection and Response to bpost (Belgian Post Group)
• Client testimonial - Infosys secures MS Amlin's digital transformation journey
• Client testimonial – Infosys and Ferroglobe: Journey towards a robust and secure cyber landscape
• Client testimonial – Ferroglobe partners with Infosys to secure their OT Security Environment
• Partner award: Received the Saviynt APJ Regional Delivery Partner of the Year 2024 for our innovation and excellence in leveraging Saviynt’s Identity Cloud to solve complex identity security challenges.
• Partner award: Received the Zscaler GSI Growth Partner of the Year 2024 award for our unwavering commitment to delivering exceptional business outcomes and enhancing Zero Trust implementation
• Partner award: Acknowledged as the Microsoft Security Solutions Partner across all 4 domains demonstrating our cutting-edge expertise in deploying Microsoft Security solutions
• Partner award: Acknowledged as the AWS Competency Partner across seven domains exhibiting our in-depth technical expertise in AWS security and delivering tailored, security-focused solutions for specific workloads and use cases