Services & Solutions

Risk and compliance tools provide visibility into risks — enterprise, operational, IT and third parties — and oversight of risk remediation to help organizations avoid or minimize data loss, financial loss, fines and legal penalties.

Governance
Governance encompasses design, development and implementation of risk and compliance programs. This may include assessments; strategies and solutions for data storage, record retention, content management and email; monitoring/measurement; and audit readiness.

Governance, risk and compliance (GRC). GRC applications and platforms are designed to integrate GRC-related processes, provide visibility into them, and deliver solutions in areas such as risk assessment, authentication, encryption, compliance content and classification methodologies. Fraud. Fraud prevention technologies span monitoring, detection and incident case management for threats such as fake users, spam, website scraping and fake reviews.

Access Governance. Data access governance solutions manage access to different types of data on premises or in the cloud. By implementing appropriate technologies, companies can be$er satisfy compliance requirements and operate by the principle of least privilege.

BCP. BCP involves defining any and all risks that can affect the company’s operations, making it an important part of the organization’s risk management strategy. Once the risks are identified, the plan should also include determining how those risks will affect operations, implementing safeguards and procedures to mitigate the risks, testing procedures to ensure they work and reviewing the process to make sure that it is up to date

ITDR. The IT disaster recovery and business continuity planning service is designed to ensure implementation plans or procedures which reduce the time between a critical disaster incident and its remediation. It is designed to ensure the continuation of major IT functions in the event of a disaster and to secure the timely resumption of business activities to their normal state of operation. Unplanned system outages can result from viruses, hacker attacks, computer malfunction, electric power failures, natural disaster, etc. The ITDR element of this service creates a series of activities that minimise the impact of unplanned system outages on critical business processes. We typically deliver this service for clients who either want to be aligned or certified against the ISO22301: business continuity management standard

Foundational security describes essential security that every organization needs to protect networks, data centers and endpoints.

Network
Network security consists of software, hardware, policies and practices designed to protect the network and the data on the network. The technologies help stop unauthorized access or use that can lead to the compromise or the! of sensitive information. In addition to network access controls, other forms of network security include authentication/authorization, antivirus/antimalware software, email security software, firewalls and web gateways.

• Intrusion detection systems (IDS)/intrusion prevention systems (IPS). IDS and IPS systems can stand alone behind a firewall but are now commonly integrated into firewalls. IDS systems scan network traffic and provide information about threats via alerts. IPS systems are proactive. They analyze traffic and act based on rules. For example, they send alerts, block undesirable traffic and drop out suspicious packets.
• Network access control (NAC). NAC solutions integrate with wired and wireless networks. They provide endpoint visibility and operate in accordance with security policies, rules or user profiles. Noncompliant devices are denied access.
• SSL visibility. Malware can penetrate SSL encryption and remain invisible to many security inspection solutions. SSL visibility technologies take different approaches to solve this problem, but they typically involve classification, decryption and re-encryption. • Secure networking. A secure network is protected from threats outside or inside an organization using a layered defense strategy, and it maintains expected performance levels.
• Secure web gateway. On-premises or cloud-based solutions (web proxies) are placed between users and the internet to enforce policies and stop external threats. They monitor, inspect and filter network traffic. Integrated technologies can include CASBs, antivirus scanning, sandboxing and data loss prevention.
• DDoS mitigation. Network equipment or cloud-based solutions resist or stop distributed denial-of-service (DDoS) attacks to keep websites up and running when they’re under attack.
• Remote access software-defined perimeter. An alternative to device-based network security, a software-defined perimeter combines approaches to enable a zero-trust model. Granular identity management control helps reduce the breadth of access and risk.

Data Center
Data centers are protected by physical and virtual solutions to support service levels related to data storage, backup/ recovery, networking and other IT functions. Subsets of data center

• Secure storage. Data — and especially sensitive information — is protected from unauthorized access using hardware and sofware solutions including cabling, input/output (I/O) connectivity and storage technologies like flash and disk drives.
• Secure platform/Infrastructure as a Service. IaaS is a cloud service that provides on-demand computing on a pay-as-you-go basis. The supplier provides and manages the infrastructure. Users install, configure and manage their sofware.
• Domain name system (DNS)/dynamic host configuration protocol (DHCP)/IP address management (IPAM). DNS translates the names of websites into IP addresses and looks up existing addresses. DHCP assigns IP addresses to specific computers. IPAM is embedded in computer sofware for purposes of planning and managing IP addresses and related resources.
• Network visualization/container security. Containers are standardized units of sofware that “package” code and code dependencies to enable applications to run reliably in multiple computing environments and support compliance requirements.
• Email security. The most common attack vector for initial infiltration, email security is improved through solutions such as anti-spam and filtering malicious emails, attachments and URLs.
• Deception. A data center security layer, deception technology generates traps or decoys that appear as real technology. When an attacker reaches a trap or decoy connected to data, applications, hardware or networks, administrators are alerted.

Endpoint
Endpoint security consists of identifying, securing and managing devices connected to a network. Endpoints include desktops, mobile devices, point-of-sale devices, wearables, printers, cloud-based applications or servers and Internet of Things (IoT) devices and sensors. Security controls, which increasingly incorporate machine learning, include authentication, antivirus, antimalware, antispyware, firewalls and reputation scoring. Subsets of endpoint

• Endpoint protection suite. These solutions go beyond basic endpoint protection like antivirus so!ware by integrating multiple layers of defense into a suite or platform that can be managed centrally. Capabilities may include integration of security policies, rule setting, response settings, firewall, automated patch management, content blocks, malware tracking, whitelist databases and scanning software.
• Endpoint detection and response (EDR). EDR solutions collect endpoint data during real-time monitoring. Security analysts use the data to conduct investigations or to engage in threat hunting to find anomalies, which they can triage immediately. Defensive tactics may include stopping an attack, isolating compromised systems and eradicating threats.
• Application control. Application control helps protect servers and applications by allowing known, trusted (whitelisted) software to run through network endpoints. Some solutions also block known, untrusted (blacklisted) applications.
• Host intrusion prevention system (IPS). An IPS monitors network traffic to detect and prevent exploits that take advantage of vulnerabilities. Solutions may cover both physical and virtual networks and offer capabilities such as blocking IP addresses, excluding hosts and detecting port scans.
• Secure desktop. Physical, virtual and cloud desktops are secured by various strategies that reduce the risk of a compromised desktop infecting other desktops. Solutions may include full endpoint monitoring, migration tools, endpoint hygiene and secure payment systems.

Digital transformation relies heavily on cloud services. Companies should proactively implement their own cloud security, regardless of each cloud provider’s security controls.

Cloud Application Security

Applications that operate in the cloud require rigorous security to supplement the security controls of cloud providers. The first step is discovering cloud use, including shadow IT, then imposing data protection and threat protection strategies. Security controls may include scanning to detect vulnerabilities, scoring and ranking applications, identity and access management, policy enforcement, firewalls and application security testing. Subsets of cloud application security.

• Cloud access security broker (CASB). CASB software sits between the users of cloud services and cloud service providers, either on-premises or in the cloud. It enforces enterprise security policies such as authentication, authorization, encryption and tokenization.
• Micro-segmentation. This technique enhances network security by allowing organizations to secure individual workloads and limit the efforts of threat actors who attempt to move laterally. • Web application firewall (WAF). This customizable software monitors, filters and blocks malicious web traffic before it reaches the server.
• Managed services. Managed services can protect applications in on-premises and private, public and hybrid clouds. They help organizations keep up with the latest cybersecurity capabilities on an OpEx basis.
• Center for Internet Security (CIS) Controls. This set of actions focuses on prioritizing and stopping certain types of a$acks based on intelligence from leading threat reports that is vetted by leading forensics and incident response organizations.
• Automation. Orchestration and automation techniques for cloud infrastructures (primarily public cloud) provide security platforms suitable for any application. Capabilities span visibility into cloud operations, threat intelligence, anomaly detection, analytics, regulatory compliance, forensics, incident response and other automated processes.
• Compliance. These technologies are designed to automate compliance and help organizations make sure they are compliant with applicable laws and regulations. Solutions offer an array of functions including comprehensive visibility, assessments, secure cloud migration, metrics and management of security effectiveness, micro-segmentation and automated remediation.
• Container security. Containers are standardized units of software that “package” code and code dependencies to enable applications to run reliably in multiple computing environments – and they make governance easier.
• Cloud workspace protection. These technologies are designed to protect workloads in dynamic cloud environments in which frequent configuration changes and evolving industry/regulatory compliance requirements can increase risk.

Monitoring and Operations

Security monitoring and related operations are performed by an enterprise security team or outsourced as a managed service. Some companies have a security operations center (SOC) on premises or rely on third-party SOCs to provide varying amounts of technology and talent. Security analysts monitor and analyze endpoints, networks, applications, websites and other systems to identify events or behaviors that may indicate a threat or potential breach, then prioritize incidents and manage them through to resolution.

• Analytics. Security monitoring, threat hunting, threat detection and response rely on the capabilities of data gathering, correlation and analysis to turn massive amounts of raw data into meaningful insights.
• Application performance monitoring (APM). APM tools monitor applications to detect and diagnose problems that can negatively affect availability or service levels.
• Security information and event management (SIEM)/logging. SIEM systems log data from sources like networks, databases and applications, analyze it and send alerts of potential security issues to security analysts for further investigation. Analysts utilize dashboard controls to generate reports on the collected data as well as compliance-related documentation.
• User behavior analytics (UBA)/entity and user behavior analytics (UEBA). UBA software looks at user identities and behaviors such as access to applications or sensitive files to find patterns that may signal unusual behavior. UEBA is similar but goes further by analyzing user activity plus entities such as endpoints, applications and networks to identify external threats.
• Network performance monitoring (NPM). NPM software monitors, evaluates, analyzes and reports on the performance levels of a network, allowing network administrators to address issues quickly.

Change Management

Change management is the process that guides changes to security hardware and so!ware. It encompasses the documentation and tools that automate security asset discovery, patching, checks and balances and change oversight. Subsets of change management

• Asset management. Asset management so!ware allows enterprises to discover, track, monitor and manage IT assets and enforce applicable policies.
• Patch and system management. So!ware scans a network to detect potential issues, and it provides the tools users need to install and manage patches.
• Configuration management databases (CMDBs). CMDBs are databases that store information about so!ware and hardware assets, giving organizations a complete view of their assets and simplifying asset management. Orchestration and Automation Description Security orchestration and automation (SAO) tools create efficiencies in the movement of data between toolsets. Orchestration connects various tools and systems. Automation executes tasks without manual intervention. Subsets of orchestration and automation.
• Security orchestration and automated response (SOAR). This integrated platform brings together people, security tools and processes to facilitate and speed activities such as orchestration, threat investigation/analysis and threat/incident management.
• Robotic process automation (RPA). An approach to automating business processes, RPA allows users to configure software to perform basic tasks, relieving human workers of repetitive tasks and reducing manual errors.

Orchestration and Automation

Security orchestration and automation (SAO) tools create efficiencies in the movement of data between toolsets. Orchestration connects various tools and systems. Automation executes tasks without manual intervention. Subsets of orchestration and automation.

• Security orchestration and automated response (SOAR). This integrated platform brings together people, security tools and processes to facilitate and speed activities such as orchestration, threat investigation/analysis and threat/incident management.
• Robotic process automation (RPA). An approach to automating business processes, RPA allows users to configure software to perform basic tasks, relieving human workers of repetitive tasks and reducing manual errors.
• DevOps automation. When aspects of the application development lifecycle are automated, the processes become repeatable, faster, more accurate and more secure. Tools address moving applications to the cloud, managing patches, building containers and other tasks.

Vulnerability Assessment and Management

Vulnerability assessment and management includes technology designed to spot weaknesses in an organization’s security defense before an attacker can exploit them and to eliminate them in accordance with established processes and procedures. Subsets of vulnerability assessment and management.

• Penetration testing. During penetration testing, simulated attacks target vulnerabilities in technology, people and processes that other methods, such as scanning, may not detect. The goals, methodologies and execution of penetration tests vary depending on what an organization wants to accomplish.
• Vulnerability management and testing. Vulnerability management is a process or program designed to manage vulnerabilities in a consistent manner, considering factors such as enterprise assets, departmental dependencies, risk, remediation and reporting. Periodic testing of the process or program ensures it is up to date and effective.
• User testing/social engineering. These solutions collect, analyze and respond to phishing threats and educate/engage employees through security awareness training.
• Cyber range. A virtual cyber range environment immerses trainees in a simulated SOC and fabricated attacks based on customizable scenarios and tools.

Threat Detection and Analysis

Threat detection and analysis comprises the technology, people and processes that collectively deliver intelligence, detection, investigation, analytics, communication and reporting. These solutions incorporate machine learning to speed steps such as identifying threat actors, prioritizing threats, reducing false positives and providing threat context. Automation relieves security analysts of repetitive tasks so they can focus on understanding and responding to threats, and it streamlines workflows. Some platforms enable collaboration with internal enterprise groups and external partners. Implementation options include on premises, cloud and even air gapped solutions. Subsets of threat detection and analysis.

• Threat intelligence. Threat intelligence consists of the raw data that is gathered from multiple sources, correlated and analyzed to produce knowledge about threat actors — tools, techniques and procedures (TTPs) along with other contextual information such as motives or goals. Threat intelligence enables analysts to make informed decisions, and it strengthens SIEMs with up-to-date information.
• Advanced malware detection. These solutions help security analysts better understand the attack lifecycle and enhance threat intelligence. Solutions are extensively automated and include artificial intelligence, malware hunting, sandboxing, behavioral and heuristic analysis and forensics.

Incident Management and Response 

Incident management and response is the process that defines how a business handles a security breach. The goal is to limit potential negative consequences — brand reputation, financial costs, penalties and/or time to recover. The incident response plan — ideally developed cross-functionally — includes policies, definitions, roles, processes and tasks.

• Forensics. Following an incident that involves sensitive information, a forensics team creates a plan and conducts an investigation to identify relevant digital evidence and determine the scope of a breach. Relevant electronic data must be collected and managed according to strict procedures. PCI Forensic Investigators (PFIs) specialize in payment card industry (PCI) breaches.
• Legal response. When an incident involves e-discovery, organizations execute a legal hold process to notify all parties to a litigation to preserve relevant information. So!ware automates many aspects of legal hold, including legal notices and reporting, to help ensure that the process is executed in a defensible manner that meets deadlines.
• Containment and isolation. Containment strategies and technologies vary, but the goal is to limit the damage caused by an incident and prevent whatever caused the damage from spreading. Isolation products segregate and enclose a network or system that may be infected or exhibits vulnerabilities. This creates a barrier that prevents malware from escaping and causing damage.
• Elimination and remediation. Malware elimination involves removal of executables as well as any artifacts from an infected system or endpoint. Remediation addresses the root causes of a breach.

Data Discovery and Classification

Data discovery and data classification software automate tasks related to locating, identifying, classifying and analyzing information, typically in an integrated data security platform. Data discovery reveals where data assets exist, enabling adequate protection to be implemented. The classification process tags data based on various criteria to make it searchable and trackable, assists with deduplication, simplifies data retrieval and supports efficient regulatory compliance. Tagging also provides information about the type of data in a file and level of sensitivity. Capabilities may include data modeling, interactive data visualization, data analysis, integration of geospatial data, dashboards and reports.

Data Loss Prevention (DLP)

Data Loss Prevention Description Data loss prevention (DLP) consists of software tools and processes designed to protect information in motion, at rest and in use. DLP can be deployed on endpoints, networks and in the cloud to make sure that users do not send sensitive information outside an organization’s network. Key functions are discovery of data/file types, classification based on business rules, monitoring and protection. Depending on the so!ware, available features may include role-based access controls, fingerprinting, optical character recognition, metadata inspection, forensic analysis and audit trails. DLP technology can help control and protect information by preventing data from leaking to USB drives, stopping unauthorized emailing of sensitive information and blocking unauthorized uploads of information to websites.

File Integrity Protection

Malware can be introduced into files through email, online file transfer tools, personal storage devices and other methods that move files onto a network. File integrity software is designed to stop these intrusions and detect and remediate malware residing on file shares. Machine learning and user behavior analytics (UBA) are incorporated into some solutions. Many regulations, including Payment Card Industry Data Security Standard (PCI-DSS), Federal Information Security Modernization Act (FISMA), Health Insurance Portability and Accountability Act (HIPAA) and Sarbanes-Oxley Act (SOX), require file integrity monitoring. The software establishes a baseline for file integrity, then monitors file changes on servers, databases, applications and network-attached devices. Items such as access credentials, privileges and security settings can be monitored. When the software detects an unauthorized change, it sends an alert. Some software solutions provide remediation steps or remediate the problem automatically.

Database Security

Database security tools safeguard databases from internal and external threats, streamline database security management and support compliance requirements — ideally without slowing down performance. The software monitors elements such as configurations, user privileges and even regulatory best practices, and alerts administrators to potential vulnerabilities. Some solutions offer remediation guidance. Security control features include data classification and discovery, data masking, encryption and penetration testing. Administrators can manage databases centrally and verify that they are in conformance with enterprise policies.

Data Access Governance 

Data access governance (DAG) is the oversight of information access controls related primarily to unstructured data. The software helps organizations understand permissions and how they are being used, and it enables the implementation of least-privilege access. By increasing accountability for file use and security, DAG solutions help prevent data loss and enforce policy based data lifecycle management while minimizing IT involvement. DAG sofware can identify sensitive data, where it resides, who has access to it and what users do with the information. It supports regulatory compliance requirements for data access, use and retention, in part by providing a data access certification process.

Secure Collaboration

Secure enterprise collaboration platforms allow businesses to share information internally and externally while maintaining compliance with corporate policies or regulatory requirements. Platforms can encompass content management, workflow and collaboration through online workspaces, file sharing and email. Secure collaboration solutions integrate with hundreds of enterprise applications and enable centralized management of provisioning, files, security and policies. Collaborators can save time by commenting on and assigning tasks within files, streaming files from the cloud to desktops and accessing content from mobile devices.

Analytics for the Internet of Things (IoT) and industrial control systems (ICS) are increasingly part of digital transformation initiatives. Tools are purpose-built and yield granular insights to improve decisions related to applications, efficiencies, cost, security, asset management and other operational objectives. Solutions may include asset discovery, identification of communications protocols, data ingestion, risk and threat quantification, remote monitoring and anomaly detection/remediation.