What We Do…

The first step in any security plan or revamp is to find out what needs to be protected. Where does it come from? (paper to digital? application?) how does it move there? ( does it go anywhere else after being archived? Is it destroyed after it is no longer held? And is that destruction of data an actual process that will leave no trace of the destroyed data? (cryptoshredding, digital destruction with multiple passovers, physical destruction of equipment, there are a myriad of different methods to satisfy any business case).

The second step is to secure your boundaries, outbound and inbound. At minimum, you should already have a firewall protecting that boundary and it should be well configured to minimize unauthorized access. In the modern threat landscape, however, just a firewall is not enough. Threat intelligence teams work day and night studying the tactics and abilities of attackers. This information is highly valuable in securing the perimeter of your network or cloud environment. There is an astonishing amount of threat intelligence feeds out there. Some are free, some are paid, some are industry specific, some are completely community based. Picking threat intel feeds and putting them into action on the boundary is difficult. Threatnet is our managed solution which solves this problem. By utilizing threat intelligence effectively and actively blocking known threats inbound and outbound, you enhance your security significantly. It is also recommended to subscribe to the ISAC of your specific industry. This can be integrated into Threatnet and block industry specific bad actors before they get into your network.scription text goes here

Now that you have secured the boundary it is time to audit your current policies and update them for security. How do you onboard new hires? How do you let them go and what happens to their work accounts? How do you deal with vendor invoices and what controls are put in place to ensure spear-phishing is mitigated? Who has priviledged accounts? Do we maintain audit logs and analyze them for anomolies? How can we lock down all regulated data in rest and in transit to ensure that only authorized users can access it? This is an ongoing process and will need to be periodically assessed and updated. We can help in this aspect through our vCISO service. Identifying cyber risk, assessing security vendors, and ensuring planning is cohesive is an important part of this process.

The fourth step is to train your people. The main vectors of a modern attack will likely be system intrusion and phishing. They are the most high risk and thus the highest priority to secure. With effective training and phishing simulation, you can significantly mitigate this high risk activity. Additionally, you can effectively disseminate some of those policies you created. As a proactive security services provider, this is one of our pillars and a service we exceed in delivering.

If a breach has managed to get past your defenses, the quicker it is mitigated the better. A good reactive and detective solution should inspect internal traffic, files, RAM, processes, etc constantly and alert on a possible breach. If you recieve an alert, it will need to be investigated as it may be a false positive, depending on the symptoms. Time is of the essence in a real breach (especially ransomware or an identified breach of protected information) and once properly identified, the threat needs to be disconnected and handled immediately while maintaining logs to see what exactly they were able to do. Engaged Security has several partners that handle this side of defense and we are happy to help you find the right vendor/product based on your needs and business requirements.