We at Sikich Cybersecurity Services are dedicated to assisting our clients in strengthening their cybersecurity posture through security consulting, fraud management, risk mitigation, and vulnerability detection and prevention. Allow me to take you through the highlights of what we do…
IT Security and Risk Assessments
This is usually the first service that is recommended and provides a baseline of intelligence about your environment. The assessment reviews your network architecture, security controls, policies, and procedures to help identify key areas of risk and how these areas could potentially be targeted. It is often thought of as a security roadmap for future security initiatives. Our assessment incorporates risk areas beyond the scope of security testing related to procedure and policies within the organization. It helps to identify gaps between your practices and industry standard best practices and compliance requirements. A risk assessment can be an effective budgeting tool to achieve the most effective use of approved spending.
Compliance Assessment
Speaking of compliance, there is a veritable “alphabet soup” of industry standards and government regulations that many companies must be in line with. (e.g., PCI DSS, HIPAA, GDPR, GLBA, FFIEC, DFARS, NIST, etc. etc. etc.) Our security and compliance team can help with any of these. These assessments are like financial audits, complete with on-site visits, work paper collection, and reporting. We take our clients through the process from start to finish. These are not pass/fail audits – we include remediation services.
Vulnerability Scanning
External vulnerability scanning is an automated scan of the public-facing components of a network known for vulnerabilities. Think of this as like the anti-virus you run on laptop, except that it scans your IP addresses and web hosts. (An analogy: If your network was a house, a vulnerability scan is like going to every door and window around the house to make sure they are all locked.) Scans are typically performed monthly or quarterly and are typically done in a single day. Our scanning service includes a review of the findings to confirm the information and eliminate false positives. (For those of you who need to be PCI compliant, Sikich is an Approved Scanning Vendor (ASV), certified by the Payment Card Industry Security Standards Council.) Vulnerability scanning does not include exploit attempts or attack simulations on your network - it is not Penetration Testing and should never be portrayed that way.
Penetration Testing
OK, then what is Penetration Testing (“Pen Test”)? A Pen Test is a manual engagement that simulates a hacker or other threat attacking your network. Think “ethical hacking”. The human element is key: it tests the exploitability of potential vulnerabilities in your system. It identifies the risk areas that automated scans cannot identify. Typically, Pen Tests are performed semi-annually or annually and take an average of several weeks to complete. They can include a variety of attack simulations, including:
- External network testing
- Internal network testing
- Web application testing
- Wireless network testing
- Social engineering
Back to that house analogy: If Vulnerability Scanning is like going up to each door and window of the house to make sure they are all locked, then Penetration Testing is like trying to break into the house and seeing how much of the inside you get move around in and potentially steal things.
Forensics and Incident Response
So far, I’ve discussed analysis, preparedness, and prevention. Sikich Cybersecurity also provides valuable services after an incident occurs. Response time is critical. We provide a dedicated incident response team and can offer additional support resources when needed. Sikich is also one of only a dozen companies in the U.S. that is a PCI Forensic Investigator (PFI). We provide incident response retainers that provide access to robust and affordable Service Level Agreements that include industry best practices.
Outsourced CISO
This service is perfect for SMBs and mid-market organizations if you have not focused on security in the past. Sikich will become a true security partner and can lead you and your team in improving your overall cybersecurity posture by
- helping choose security tools
- leading your team in implementing best practices
- providing security awareness training to your staff
- providing updates on your security posture to your company’s executive and board members
- including time-and-materials consulting in order to work on other security-related items.
With Sikich, you can choose from a menu of services that can fit budgets as low as $10K / year.
I trust you made it through this before your coffee got cold! Don’t hesitate to call me at (423) 241-6295 or email me at joe.gaeta@sikich.com. Additionally, you can schedule a meeting with me here. I’d love to learn about your organization and to recommend ways that the Sikich team can help.
Thank you.
