Services

Knowing your vulnerabilities before they are exploited is a critical part of an effective cybersecurity program.  We monitor your systems either as a one-time assessment or on an ongoing basis to identify out-of-date software, weak configurations, or security flaws that cyber criminals can attack.  

Our unique executive management deliverable includes an aggregated findings document that summarizes any problems, potential impacts, and recommendations.  An additional detailed report includes cross references to the individual vulnerabilities the IT team needs to remediate the identified weaknesses.

Penetration testing validates the true operational effectiveness of your cybersecurity controls.  Our penetration testers and ethical hackers craft attack scenarios and exploits to simulate a real-world attack scenario and attempt to gain unauthorized access to your systems and applications.  These scenarios can cover external, internal, website, or wireless attack vectors.

At the end of a penetration testing or red team engagement, we will provide you with detailed recommendations on how to measurably improve your resistance to attack.

Our APT simulation uses the techniques, tactics, and procedures against your systems to identify if the current controls can detect and alert on a breach, and that your company's response can adequately address the threat.  

At the end of the APT simulation engagement, we’ll provide you with detailed recommendations on how to measurably improve your resistance to these attacks moving forward.

According to the Verizon Data Breach Investigation Report, the amount of time it takes most companies to detect a breach is typically months or longer.  

Our Threat Hunting service proactively monitors network ingress and egress points for signs of compromised systems, including command-and-control (C2) systems and botnets that provide unauthorized access to your systems.

By design, the Microsoft 365 suite (formerly Office 365) offers ubiquitous access to email, files, and meetings from anywhere in the world.  However, there are three key points to remember: 

1. The use of cloud services does not eliminate your company's responsibility to protect data
2. The out-of-the-box security is inadequate for most businesses
3. Protecting your company's information using a platform as a service (PaaS) takes a different mindset

Our comprehensive review of the use and implementation of your Microsoft tenant identifies any weaknesses and potential impacts, and prescribes remedial actions to correct the deficiencies.  If desired, we will 

The Verizon Data Breach Investigation Report, states "As time goes on, it appears that attackers become increasingly efficient and lean more towards attacks such as phishing and credential theft."

Given how easy it is to go from hero to zero in one mouse click,  phishing your own users is just as important as having antimalware defenses and a firewall.  In effect, performing routine phishing simulation exercises is the equivalent of patching your last line of defense: the end users. 

Our routine phishing simulation exercises allow users to rehearse identifying social engineering attacks via email could otherwise have severe consequences for the business.  We will help you understand which employees are prone to falling victim to phishing, and for us to provide the necessary educational opportunities that sufficiently reduce the risk of adverse events from occurring.  

Organizations rely upon their IT General Controls to provide assurance over the confidentiality, integrity and availability of data.

IT General Controls are the foundation for the people, processes, and technology to provide the assurance that systems operate as intended and that data is reliable.  Failure to periodically validate that these controls are designed well and operating effectively could result in unreliable information, preventable system failures, unauthorized access to systems, or a data breach..

We provide two main categories of IT controls reviews:

1. IT General Controls – providing      general control over the IT environment (e.g. - change management, user and      access management etc.); and
2. IT Application Controls – providing automated system-based controls over business transaction processing (e.g. - system configuration settings).

IT Controls reviews are most often performed annually as part of routine testing of the overall Cybersecurity Program.

Without a security baseline, an organization may only apply a fraction of the security controls needed to adequately manage risk, potentially leaving the company exposed to unforeseen and preventable vulnerabilities.

Our firm can help your company identify and implement a cybersecurity framework that best suits the organization.  

References to two of the most commonly selected frameworks are:

1. National Institute of Standards and Technology's Cybersecurity Framework (CSF)
2. Center for Internet Security Top 20 Critical Controls (CIS).  

Our assessment will review the current controls in place and determine their effectiveness, identify any gaps, and provide a relative maturity score in each of the framework areas.  Post assessment, we will with with your company to develop a multi-year plan to address the weak areas.