Road Map to a Resilient Cyber Security Posture

In today’s landscape, a secure network requires more than just a perimeter defense.  We believe in most cases it also needs more than just basic monitoring.  Detailed below are a few of the key service offerings we provide and part of the road map we use in order to make our customers more cyber-resilient each day.

1. Solution Evaluation

The first step in creating a resilient platform is to perform an audit of an organization's existing policies and procedures. Part of this is discovered during our Security Assessment and is also uncovered during a Proof of Concept (POC) and client onboarding process. Here are components we consider when looking at an entire security infrastructure:

• Network Security
• Malware Prevention
• Monitoring
• Incident Management
• User Education
• Configuration and Change Management
• User Access and Privileges

2. Tool Implementation

Once the proper solution or suite of solutions is determined we help source, install, configure, tune and customize each solution to our customer’s needs. If a solution is already in place we step in and begin management of the existing tool. The following are just a few of the services we offer in this step of the process.

• Hardware / Software Deployment
• Tool Configuration, Tuning & Customization
• SIEM Appliance Administration
• Establishing Security Policies & Procedures

We offer managed and co-managed environments that allow our customers to maintain visibility 24/7/365 right alongside our team. Once we are up and running the with the proper solutions constant monitoring through our world-class MDR service is the next step in the process.

3. Managed Detection & Response (MDR)

MDR is at the core of what we do as an organization.  We are leaders in MDR service that has been consistently recognized on Gartner’s Managed Detection and Response Market Guide and by third-party service provider lists.

With our MDR service, you get more than just automated alerting.  You get the forensic abilities of a real person and a high-touch approach to investigation and analysis.

4. Vulnerability Management (VM)

Discovering where you are most vulnerable is a security priority and likely already part of your overall program. The ability to continuously identify threats and monitor unexpected changes in your network before they turn into breaches is common practice.

Security programs often have the challenge of talent and time shortages. Datashield can help fill that gap. Our security staff will manage the process and help you ensure your security program is successful while saving you time and money.

5. Email Security

Ransomware, impersonation, spear phishing — standard email-defense systems can’t protect against it all. To defend against routine spam and targeted threats, Datashield deploys leading email security tools such as Mimecast, Proofpoint and Cofense Triage for constant monitoring and identification of malicious emails.

Email security tools combine internally developed and third-party technologies with dozens of internal and external threat-intelligence sources. Email security tools simplify and automate the process of recovering email and other data within the corporate email environment while ensuring that email systems remain 100 percent operational and data is secured within.

In addition to L1 and L2 support, Datashield provides back-end integration into the MDR service to enhance visibility and reporting.

6. Network Security / Perimeter Defense (NOC)

Your network perimeter keeps your internal information assets secure. Perimeter technology must be effectively provisioned, deployed, maintained, and patched to combat current threat vectors. Additionally, firewall management requires significant resources and specialized skills to prevent access breaches.

Datashield is equipped for 24/7/365 continuous management and monitoring to maintain your firewalls and ensure your data is safe in your perimeter. Our network and perimeter services via our NOC is integrated into our MDR service so we can leverage threat intelligence across our ASOC experts and strengthen policies and analysis of firewall logs.

7. Endpoint Detection & Response (EDR)

EDR solutions take traditional antivirus tools to the next level by allowing security teams to continuously collect, track and store endpoint data. This level of detail provides analysts with the forensic granularity necessary for active hunting and proper incident response.

Datashield has partnered with leading EDR tools such as Carbon Black (link) and RSA NetWitness Endpoint(link) to provide more comprehensive security solutions that secure customer networks end-to-end.

8. Incident Response & Threat Remediation

Cyber resilience includes recovering quickly from an attack. When Datashield reports a verified incident, our ASOC provides recommended steps for remediation, including step-by-step instructions with procedures and escalation paths to remediate the environment.

The Datashield Cybersecurity Resilience Platform integrates advanced triage into our MDR services to address email threats quickly and eliminate false positives. Our cybersecurity analysts check and analyze clusters of emails flagged as suspicious, and if an email is deemed dangerous, the indicators of compromise are provided to help with mitigation.

Managing the consequences of a post-breach cyberattack is part of what we do both for current customers and for prospects, without a security provider, looking for help with a recent security incident.

9. Compliance & Reporting Support

Cybersecurity compliance is a key factor in many industries and producing the proper reports and logging protocols necessary can be cumbersome and time consuming for many organizations.

Datashield helps companies in various industries cover compliance mandates such as HIPPA, HITECH, PCI DSS, Sarbanes-Oxley, EU GDPR, CCPA and more.  Our security operations center is certified SSAE 18 SOC 2 Type II and prepared to help clients of all industries meet their cybersecurity compliance requirements.