Advanced Cybersecurity Controls

Zero Trust Application Control

Allows user to escalate privileges for approved applications & updates and prevents:

• applications and updates from running if not approved.
• application access to areas of computing that are not needed
• common attack tools from running (PowerShell).

Attacks prevented: Supply chain compromise (Solarwinds & Kaseya), lateral movement once attacker has breached the perimeter

Managed Detection & Response Software

Managed Detection & Response software monitors systems to detect techniques attackers use to move around the network and deploy a malicious payload once they have breached the perimeter. It is monitored 24/7/365 by a Security Operations Center. Security experts will escalate any items of concern for investigation

Attacks prevented: Ransomware, lateral movement once attacker has breached the perimeter, data theft

Multifactor Authentication
Email, Vpn, all Internet Facing Logins including SaaS Applications

We can’t stress this enough; Multifactor Authentication is the most important control to implement. Each year we see hundreds of thousands of dollars lost from attacks that MFA would eliminate.

Attacks prevented: Business Email Compromise, Account Compromise, Ransomware, Wire fraud, account change fraud, payables fraud, blackmail

Managed Antivirus with 24/7/365 Soc Monitoring & Threat Hunting

Security experts monitor antivirus and activity on end points. The Security Operations Center monitors hundreds of thousands of endpoints allowing them insight on real attacks as they happen. The intelligence gathered allows the escalation of items that need investigated to local IT. Security experts assist with investigation and escalation to incidence response if needed.

Attacks prevented: lateral movement once attacker has breached the perimeter, Ransomware, malware activity (key logging etc), monitors for common attack methods (PowerShell, escalation of privileges etc.)

Internal & External Vulnerability Scanning

Attackers are running external vulnerability scans on your network. If you routinely do the same, you can patch weaknesses that will be used against you. Internal scans will allow you to patch issues that could be used to escalate an attacker once the perimeter is breached.

Attacks prevented: Ransomware, network perimeter breach, lateral movement once attacker has breached the perimeter

Incident Response Plan

Attacks are going to happen. Planning what you will do when an attack occurs can be the difference between little to no impact vs. going out of business. Example: Engaging your cyber insurance policy may require forensics. They will want your systems to remain unchanged until the forensics is done, which could take weeks. What is the plan if you can’t use any of your current equip for weeks?

Attacks prevented: Business Interruption, loss of revenue and employee productivity

Security Awareness Training
Dark Web Monitoring and Automated Phishing Simulations

Mistakes by end users have the highest probability of leading to a security breach. Training them on the most common scams drastically lowers the chance of mistakes. Continual testing with phishing simulations develops a culture of thinking and analysis of emails before clicking.

Attacks prevented: Business Email Compromise, Account Compromise, Ransomware

System Patching
Firewall, Servers, Workstation (Microsoft & 3^rd Party Apps)

Vendors are constantly releasing updates to patch vulnerabilities in their software. It is critical to have a monthly routine to test, deploy and verify patching. Patching systems should also have the ability to respond to zero-day threats and deploy out-of-bounds patches quickly.

Attacks prevented: Ransomware, network perimeter breach, lateral movement once attacker has breached the perimeter

Backup & Disaster Recovery Plan

BDR planning is essentially to ensure you can recover from system failure, accidental deletion, malicious staff activity and ransomware. Annual testing and separation from production network are critical (Assume attacker has your admin credentials. If they can get to and delete backups there is a problem).

Attacks prevented: Ransomware, System Failure, Malicious staff activity, accidental deletion, fire, theft, flood.

Website Security Monitoring

Monitor websites for malicious activity and will alert you to any issues before your clients/prospects get infected

Attacks prevented: Ruined reputation, liability for damage to 3^rd party system