Consider us your cyber Justice League.
A solid security strategy takes more than a software package and an occasional checkup. You need a team of good guys who are trained to think like the bad guys. That’s where our cyber security professionals come in. We have nationally accredited information security experts whose sole focus is to help our clients meet their risk management goals and compliance obligations with risk management, Regulatory support including NERC CIP, PCI-DSS, and HIPAA, security and vulnerability reviews, security monitoring, training and awareness, program audits and incident response planning.
Virtual Information Security Officer
Your security is our business.
As organizations become more connected and computerized, it is essential to have a Trusted Advisor that can ensure you are following the best practices and regulatory requirements as it relates to the cyber threats. Our cyber security professionals fill this advisory role by providing insight and oversight of your security practices to management and your Board.
Audits and Testing
We test to ensure your security program is designed effectively.
Our cyber security professionals provide several levels of audits to IT security environments. For organizations in the initial stage of evaluating their security, we perform a Gap Analysis and Risk Assessment. This analysis and assessment evaluates the overall cyber security program to identify areas of improvement and prioritize them by cost, level of effort, and risk. For organizations with more mature environments, we complete web application security reviews and specific IT audits and testing. These reviews are supported with vulnerability and configuration reviews to identify specific configuration weaknesses that should be addressed or mitigated. Audits are often required to be performed by certain organizations, including those with regulatory requirements such as HIPAA and DoD contractors. Our professionals have experience providing audits to multiple industries including: utilities, E&P, banking, retail, and others. With a background in the electric utility industry, we provide specific experience with reviewing SCADA and Radio communications.
We put your security to the test before the bad guys do.
For organizations that have a more mature cyber security program, our cyber security professionals will perform a Penetration Test. This simulates what a real attacker might do to compromise your systems and facilities. External and internal tests are performed in attempt to compromise your physical and logical controls. These tests are tailored for your organization and include: web application, physical intrusion, internal testing (including social engineering), and wireless testing. This type of testing provides peace-of-mind that your security program is operating effectively.
Cyber Security Management Service
Let us help you monitor your networks and controls.
Tools such as Security Event Management, Intrusion Detection Systems, and Vulnerability Scanners are designed to look at your systems and logs in order to detect incidents early. These tools are often an underutilized resource for a security program. If your staff doesn’t have the time to calibrate and maintain these tools, they become ineffective. When the tools aren’t updated with the latest risks and environmental changes, the system creates false positives, which eventually get ignored. Our cyber security professionals partner with organizations to regularly maintain systems and ensure useful and actionable information is provided.
We recommend AlienVault Unified Security Management Software and intelligence to alert IT organizations to network anomalies, weaknesses, and possible attacks. This tool is very powerful and combines security event management, intrusion detection, and vulnerability analysis to alert IT, often before an attack is successful. Our cyber security professionals will help configure, monitor, and calibrate this system in order to ensure that your organization’s investment in these tools is a successful one.
Let us get you from “what” to “how.”
Monitoring your system is important, but as important is when incidents do occur, experienced professionals are able to evaluate your data, perform a root cause analysis, and confirm that the situation related to the breach has been addressed. Incident management may also determine if an incident resulted in a data breach, and that any reporting requirements are met. Our cyber security professionals have expertise working through breach investigations. Having an independent advisor evaluate an incident quickly might be the difference between an inconvenience and a substantial fine.
Training and Social Engineering
Our training is customized and client focused.
Our cyber security professionals provide several custom approaches to providing end-user training to organizations of all sizes. These training programs include social engineering testing, which include test emails to help users identify potential phishing emails. Other social engineering tactics include phone calls and media drops, such as USB drives left in a parking lot. We also perform advanced training for IT professionals, including training on IT security controls, processes, and technical security techniques.