As a business, you have an increasing responsibility to your clients and employees to protect their sensitive and personal information. As cyber threats and government regulations continue to increase, your ability to implement, and maintain an effective security program is critical to its long term stability and overall success.
Accellis helps simplify and streamline your cyber security and compliance efforts. We help you get in front of potential threats by ensuring your systems and policies are up-to-date with the today’s latest industry standards and expectations. Whether it’s a security assessment, penetration test, or compliance evaluation – our team of certified security experts can ensure you’re on the right track.
For firms looking to perform either one-time or regular security audits, Accellis delivers a comprehensive Audit and Assessment that includes the identification of critical (at risk) data, the physical/technical location of that data and the security measures in place to protect it from the most likely threats.
The most common security threats can include everything from Internal Resources, Random Hackers, Competitors, Nation States and more. Leveraging the standards established by NIST, SOC and ISO, Accellis will work with your firm to create visibility into your network, where your risk are and what you can do to properly defend yourself.
Key elements of the Accellis Cyber Security Assessment include:
Internal / External Vulnerability Testing
First thing we need is a snapshot of the network and everything on it. Understanding all available access points on the network is the first and most critical element of creating a proper defensive position. Then we run a check against your network security controls against all known attack vectors. This gives us the information we need to determine how to proceed.
Network Topology and Data Validation Report
Once we confirm and list everything on the network, a graphic of the network is created to visualize how the network is setup. From this high level vantage point we can determine if any network infrastructure needs to be reconfigured. Included in this step is the identification of critical / sensitive data on the network and the creation of an initial defensive position for that data.
Physical Security Review
The next step is to review the physical security you have protecting your network. Understanding where sensitive data resides on the network also requires a clear policy on the physical exposure that data may have. A walk-through of the facilities is done and any potential security risks are noted.
Network Security Best Practices Review
Once there is a full picture of all assets within the network, each cyber security device or appliance is analyzed against known best practices for configuration and implementation. We will typically analyze all firewalls, wireless routers and access points, intrusion detection and / or prevention systems (IDS / IPS), Whitelist systems, all servers, all workstations, all printers, and all backup systems.
Security Policy Review
Finally, a review of all written policies is completed. This important step to our security audit ensures that you have all key components of a quality Written Information Security Plan in place. If there are no written policies in place, Accellis can recommend policies specific to your needs. Backup, disaster recovery and breach response are some of the most common planning documents we collaborate on.
Whether you’re looking to simply ensure you’re firewall is accurately configured or you’d like to increase your visibility for Intrusion Monitoring – Accellis has the products and services you need to properly defend your data. Product and services include:
Perimeter defense of your network systems is essential. It’s also one of the most common ways a firm can unknowingly create vulnerabilities without even knowing it. Whether you use Dell’s SonicWall small business solutions or Cisco’s high end ASA’s, we will assess your firewall configuration against industry standards such as NIST, SOC and ISO. Accellis security team will ensure that all the security gaps are closed on this virtual front door to your digital system.
Wireless Access Systems
Wireless mobility has become an integral part of our everyday life despite being one of the easiest ways to breach a network. Accellis security consultants are there to ensure that wireless security controls for your network are properly installed, configured and maintained to keep threats away from potential unauthorized information access.
Remote Authentication Tools
The process of remote access is how the network knows you are who you say you are. Whether you use Active Directory, terminal servers or your entire operation is housed in the cloud, Accellis will outline the pros and cons of every setup and help you build a secure platform. Ensuring that your environment is only available to those authorized is a key (and often overlooked) aspect of your security plan. Will your network know what to do should a system administrator log on from two locations at the exact same time? Remote Authentication tools ensure you will.
Log Management Systems
Tracking visitors and vendors is one thing, but what about knowing who accessed those important files on your network. Logging every bit of information that happens on a network is a monumental task that Accellis can help guide your though. Whether you purchase a hardware device or choose a software solution. The security team at Accellis will help you determine what type of logging system is best for your company needs.
Intrusion Detection and Prevention Systems (IDS/IPS)
Preventing digital breaches is expensive and takes constant upkeep and the expertise to understand what to look for. One of the easiest ways to mitigate this problem and add ease of use is to employ an Intrusion Prevention System (IPS). IPS’s scan every bit of information going in and out of your network and actively prevents intrusions. Alternatively an Intrusion Detection System (IDS) will scan everything and only alert you of what happens. Regardless of what system is best for your company, Accellis will make sure you have everything setup and properly configured to prevent all breaches.
Whitelisting is the practice of using a predefined list of applications that are allowed to run on your desktops and network servers. This security measure is setup to ensure that any staff, malware, and potential hackers that may get into your system cannot run any application that is not specifically sanctioned by your firm. While there are many whitelisting solutions out there, Accellis has expert staff available help you decide which solution best fits your company needs.
Sometimes a firm has established the proper defenses but would like to either establish an accompanying documentation set or would like validation of the defensive measures in place. Accellis has the resources to effectively document or validate your firm’s overall plan. Sample services include:
If your firm works with banks or insurance companies, chances are you have either already been hit with an audit or you’re about to be. Even if you feel that your firm has done a solid job of staying current with technology, you’re likely to be caught off guard by the sheer magnitude and overall expectations of such an audit.
Accellis will help evaluate your existing security practices against banking or insurance industry requirements. We can prepare your firm for compliance audits by reviewing where your existing infrastructure, identifying potential gaps in compliance, and making recommendations to improve security and minimize risk.
These documents are necessary to ensure compliance and keep your business running smoothly despite a dynamic workforce. Creating a Written Information Security Plan (WISP) is step one in this process of documentation. Accellis security team has experience in developing these types of written policies for the US government, law firms and local companies. We can help you scope out your environment and put the necessary policies in place.
Disaster Recovery Planning
While sounding so very simple, these documents are the most important thing to have in place second only to a firewall. Sitting down and planning for possible contingencies and writing out the solutions to those problems is very important. Accellis is here to leverage decades of knowledge to help you write a complete and fully scoped Disaster Recovery Plan. Regardless the size of your company, having a well thought out, step by step plan in place for when disaster strikes is going to ensure your company maximizes profits, as well as staying secure during a time of crisis.
While sounding quite complicated, Breach Plans are there to take the guess work out of what to do when a hacker breaches your system. If and when you realize your data has been compromised, will you know what to do? Regardless of whether data is known to be stolen – local, federal and industry specific guidelines may still mandate the notification of clients and authorities of the suspected breach. Accellis leverages local and national guidelines to help scope and document your Breach Plan and ensure a proper response should a disaster strike.
Vulnerability Scanning & Analysis
It is common to consider vulnerability scans as a light version of what’s called a Penetration Test. This is completely inaccurate as Vulnerability Scans actually come in two flavors, internal and external. External scans show the ‘holes’ the hacker can use to get in to your environment. Internal scans show you what the hacker can steal if they were to get inside your defense perimeter. Since vulnerabilities are created every day, it is important to run both internal and external vulnerability scans on a regular basis.
Also called Penn Tests, this service is for when you want to be sure that you your system and your configurations are fully in-line with industry standards and you want to test that system against a real hacker. Accellis employs experts in this field called WhiteHats that are certified ethical hackers. Once given written permission, Accellis can perform all the necessary steps to ensure your system is locked up tight and produce a document showing just how secure it is.