If you are a small business or a startup and don’t have the budget for a dedicated IT Security team, our security consulting and virtual CISO services are a cost effective alternative.
We start with a comprehensive gap assessment to give you an overview of your IT related risks. After that, we can deliver a custom statement of work, addressing your security remediation needs.
We can also work with your auditors and help you navigate seamlessly through PCI, HIPAA or privacy requirements.
We can install and manage our recommended stack of security tools, tried and tested in the field, but we can also work with what you have in place and leverage your investments.
Here are some of our typical engagements:
- Cloud security assessments – we review your cloud infrastructure setup and provide a report on best practices that you may be missing
- PCI, SOC, GDPR or HIPAA gap analysis – we review your security posture against these regulations and standards and provide a gap analysis report and advice on remediation
- PCI compliance management – we manage your daily PCI compliance tasks
- Information security engineering – help implement a vast array of information security tools
Here are the specific topics we can help with:
- Policy and standards development: we can write or revamp your information security policies, standards, processes and procedures to blend compliance requirements with existing business practices
- Implement and manage a comprehensive set of security tools for compliance (e.g. vulnerability scanners, application security testing tools, single sign-on, security logging, monitoring and alerting (SIEM), anti-malware and data loss prevention solutions etc)
- Develop training and awareness programs for your staff
- Interact with your auditors, regulators etc and help remediate any non-compliance issues
- Perform application and systems architecture reviews to ensure no new risks are introduced in the environment
- Provide continuous feedback on your security posture and advise on a roadmap to continuous improvement, meeting your business requirements and risk profile
Technologies supported/recommended:
- Vulnerability scanners: Tenable Nessus, Orca
- Application security testing: Checkmarx, WhiteHat
- Web application firewalls (WAF): Cloudflare, Incapsula, Signal Sciences
- Network firewalls: Palo Alto Networks, Sophos
- SIEM: Sumo Logic, Splunk, Alienvault
- IAM/SSO: Okta, JumpCloud, Active Directory, WatchGuard
- Cloud access security brokers (CASB): Aperture, Cloudlock
- Cloud workload security: Threatstack, Lacework
- HIDS: OSSEC
- Anti-malware/EDR: Bitdefender, Sophos, CrowdStrike, Red Canary
- DLP: Zscaler
- VPN: Twingate (implementation consulting services provided upon request)
In depth cloud security expertise with the Amazon AWS and Microsoft Azure clouds.
We guarantee our work, and will provide full support until we meet your expectations and you pass your audits with flying colors. We can also ensure you stay compliant between audits, so you are not faced with a heavy workload when the time comes for re-certification.
Compliance is tricky and failure to comply can be very damaging, especially for a small business. Let our experts take this burden off your shoulders!