Vulnerability Scans and Assessments
| # | Service Name | Service Description |
|---|---|---|
| 1 | AD Hygiene and Asset Report Card | Analyzes Active Directory structure for weaknesses and security flaws. Provides AD hardening review, asset detail report, security report card and a hardware lifecycle review. |
| 2 | Database Vulnerability Assessment | Conducts a credentialed scan of a selected database to identify potential security issues. |
| 3 | External Vulnerability Scan | Scan performed outside network perimeter to evaluate for vulnerabilities and weaknesses from the perspective of someone without network access. |
| 4 | Internal Vulnerability Scan | Scans a range of IPs for open ports, patch status, weak passwords, encryption protocols, and application/OS versions and vulnerabilities. |
| 5 | Wireless Network Vulnerability Scan | Identifies wireless devices by SSID providing information on type of device, MAC address, GPS location and security protocols/encryption standards utilized. |
Process, Policy, and Procedural Assessments
| # | Service Name | Service Description |
|---|---|---|
| 6 | Access Control Policies/Procedures | Helps organizations design, create & document access control policies based on best practice standards. |
| 7 | Backup and Recovery Strategy Assessment | Discussion of backup and recovery procedures to examine for completeness, feasibility and weaknesses. |
| 8 | Business Impact Analysis (BIA) System Security | Helps an organization create a BIA, listing and prioritizing mission critical systems, identifying resource requirements and priorities during recovery. If an organization already has a BIA developed this service will evaluate it for gaps and provide feedback. |
| 9 | Cybersecurity Policy Support | Provides organizations with templates and best practice guidance in creating three IT-related policies. |
| 10 | Disaster Recovery Plan Creation | Helps an organization create a disaster recovery plan based on best practice guidelines and organization-specific details including recovery/backup solutions, staffing, testing and more. |
| 11 | Disaster Recovery Plan Review | Review to assess how capable the organization is to restore IT infrastructure functionality and access to critical data based on current Disaster Recovery Plan. Service can only be requested following completion of a Disaster Recovery Plan Creation service or upon demonstration of a completed DR plan. |
| 12 | Foundational Assessment | Provides a 360-degree overview of all aspects of the existing IT program structure following the NIST CSF 2.0 framework. Provides information about areas of program strength and opportunities for improvement, and is useful in priority setting. |
| 13 | IT Asset Inventory | Provides template and assistance in creating asset inventory, including naming schema and asset identification. |
| 14 | IT Asset Management (ITAM) | Evaluates whether the organization’s assets are accounted for, deployed, maintained, upgraded, and/or disposed of. Service can only be requested following completion of an IT asset inventory service or upon demonstration of a completed IT asset inventory. |
| 15 | Log Audit Monitoring Assessment | Evaluates system log audit procedures for completeness. Discusses organizational approach to storage, review and use of logs both routinely and in cybersecurity events. |
| 16 | Recommendations and Remediation Plan | Provide recommendations as well as a remediation plan to bring a system up to requirements or suggested levels of security and compliance. |
General Services
| # | Service Name | Service Description |
|---|---|---|
| 17 | Cloud Readiness Assessment | Assists organization in evaluating if an on-prem solution is ready to be migrated to the cloud, including gaps and process changes to address. |
| 18 | Cloud Security Assessment | Reviews configuration, access controls, MFA, user accounts and other elements of MS365 or other SaaS platforms. |
| 19 | Data Breach & PII Liability Summary Report | Identifies location of all PII across the network, along with an estimated monetary value in the event of a breach. Determines AV and patch status of devices housing PII. |
| 20 | Data Loss Prevention Assessment | Determines if locations of sensitive data are covered by DLP software and tests its functionality. Service can only be requested following completion of a Data breach and PII liability summary report. |
| 21 | Data Security Review | Reviews the effectiveness and efficiency of existing data security processes. |
| 22 | Email Encryption Assessment | Tests for existing email encryption and reports on effectiveness of current solution in place. |
| 23 | Endpoint Security Assessment | Evaluates configuration and pervasiveness of existing EDR solution and determines weaknesses. |
| 24 | Firewall Configuration Review | Reviews current configuration of one firewall for alignment with best practices to minimize attack surface and exposure. |
| 25 | G-Suite Security Assessment | Identifies G Suite security features and application settings for administrator accounts that deviate from security best practices, as defined by Google. Produces a report with actionable remediation recommendations with risk analysis. |
| 26 | LAN, WAN, VPN, and Remote Access Review | Reviews your current infrastructure, network, and remote access for possible issues. |
| 27 | Network Assessment Report | This report provides an overview of critical information with various areas of the network, providing a detailed asset inventory summarizing the current status of the network. |
| 28 | Vendor Risk Management | Assesses vendor risk profile for a cloud provider via an external vulnerability scan of the vendor network. |
| 29 | Whole-Disk Encryption Assessment | Reviews all machines for whole disk encryption to ensure it is installed, enabled and working as expected. |
Contact
Fax
(617) 626-4411