Assess Your Security Posture
Remediate All Vulnerabilities
Manage Acceptable Levels of Risk
(ARM Process) Assess, Remediate, Manage
Every industry out there, regardless if they believe it or not is affected by security. And many are held to standards of compliance. Problem is, most companies aren’t close to fully covered in either security or compliance. They have no structured plan and are generally unaware of the many vulnerabilities that need to be remediated.
Our unique, comprehensive ARM (Access, Remediate, Manage) process reveals vulnerabilities and gaps in your entire organization that need to be addressed. We help you build a security framework like NIST 800-30 that meets all compliance standards. Our process equips you with best practices based on the NIST 800-30 framework to combat today’s threats. This unmatched process is exacting and exhaustive, because it can’t afford to be anything less.
Stage one – This is our assessment stage, which is broken into two parts, Interviews & Network scanning. Our initial interview is with the asset owner(s). Then we conduct interviews with other strategic asset users.
The second half of our assessment is a technical network scan. There are four parts to the scans, Internal and External Vulnerability Scans, Passive Scans, Data discovery scans, and Dark Web Analysis scan. The Internal scans look at your network from the eyes of a HACKER that has penetrated your network and looks for weaknesses behind the firewall. The External scans look at your network from the outside, looking for open network ports and weaknesses that a HACKER can exploit to penetrate your network. Passive scans can Identify active operating systems, applications, and ports throughout a network, Checks the current software and patch versions on networked devices, and Indicates which devices are using software that presents a potential gateway for hackers or malware attacks. Data discovery scans allow us to scan for Credit card numbers, Social security numbers, Drivers’ licenses, birth dates, and banking information hidden and stored on your network devices. With our Dark Web Scans, we can find out if any employee or company credentials have been compromised on the dark web. With this scan we have seen passwords, email addresses, personal addresses and lots of other personal data.
Stage Two – Once the assessment stage is complete, our second stage starts with a discovery meeting with the asset owner(s). During this meeting we will offer recommendations for ongoing monitoring and strategic point products to help fill in the gaps discovered during our assessment. Point products are set-it-and-forget-it products that are designed to handle one issue at a time. They consist but are not limited to: security awareness training, anti-virus, web filtering, firewalls, encryption, Intrusion prevention systems, and the list goes on. In this stage, we will also recommend port fixes and patching outdated software. If you are not able to perform these recommended fixes we can perform them for you.
Stage Three – This stage is about continuously monitoring and managing an acceptable level of risk. From one day to the next, there are opportunities for devices to connect and disconnect from your network without you knowing. Stage three is where we performing monthly vulnerability scans checking for internal vulnerabilities and looking for unauthorized devices connected to the network. Semi-annually we perform external port scans looking for vulnerabilities where a hacker could exploit your network. Also semi-annually we are performing a dark web scan looking for compromised credentials on the Dark Web. Lastly we will hold quarterly reviews to keep you up to date on all issues found and offer recommendations.