Services

Defense Shield is a comprehensive cyber security solution to help your organization stay ahead of cyber threats. Our compliance services are focused on helping your organization meet compliance standards, while our managed security services help maintain compliance on an ongoing basis. 

DISCOVERY

• Identify business needs that may affect overall IT and security direction,
• Determine regulatory requirements,
• Collect documentation: policies, procedures, system descriptions, technical information, etc.
• Establish necessary access to systemsIdentify hardware and software inventory

          DELIVERABLES: 

1. Project overview; the scope and approach of the assessment,
2. Summary results; the overall findings of the assessment,
3. Remediation overview: an overview of the types of remediation required, and estimation of the effort required.

AUDIT

• Review adequacy of existing security policies, standards, guidelines and procedures,
• Analyze assets, threats and vulnerabilities, including their impacts and likelihood,
• Evaluate all 110 controls of NIST SP 800-171 to ensure full implementation and list any deficiencies,
• Identify any CUI within the Client operating environment,
• Assess physical protection applied to computing equipment and other network components,
• Conduct technical and procedural review and analysis of the network architecture, protocols and components to ensure that they are implemented according to the security policies,
• Review and check the configuration, implementation and usage of remote access systems, servers, firewalls and external network connections, including the client Internet connection(s),
• Review logical access and other authentication mechanisms,
• Review current level of security awareness and commitment of staff within the organization,
• Review agreements involving services or products from vendors and contractors.

         DELIVERABLES: 

1. Penetration Testing and Vulnerability Assessment Reports 
2. System Security Plan (SSP) Development 
3. Plan of Action and Milestones (POAM) Development
4. Supplier Performance Risk System (SPRS) Assistance and Score Entry (if applicable)

SECURE

• 24 x 7 monitoring managed detection & response by a staged Security Operations Center (SOC)
• Proactive threat detection with leading-edge technology & experienced hunt team
• Log data collection from endpoint security agents
• Prioritized & managed alerts through SOC’s internal SIEM

MONITOR

• Changes to the management process for your environment & security baseline
• End-user IT support
• Standardized system builds
• Network monitoring, management, & maintenance
• Server monitoring, management, & maintenance
• Cloud Services monitoring, management, & maintenance
• Establish an effective security posture, reduce risk & establish a security culture.

Ready for CMMC? No? You might think that delays in the deployment of CMMC for DoD contractors means it isn't coming, but can you be sure? Assessing your NIST SP 800-171 compliance is only part of achieving certification - we provide a 3 to 7 day discovery assessment of your environment that includes a high-level, prioritized gap analysis. We'll also help you build a Plan of Action & Milestones so you'll know what you need before CMMC becomes a reality!

Understanding your organization’s risks against industry standards (e.g., ISO 27001, NIST 800-53, etc.) to help you identify gaps in your existing security architecture.

By developing an assessment of Cyber security program’s current state based on industry standards (e.g. NIST Cyber security Framework), we can help you understand the gaps in your program and define a vision for the future.

As an independent third party, we can help you evaluate your Cyber security environment. Using methods such as penetration testing and network monitoring, as well as evaluating your policies and procedures, to determine the effectiveness of the tools you have in place and which you may consider adding or replacing.

Understanding your security architecture in conjunction with your other architectures (e.g., data/information, application, business, etc.) can help you see the interactions and dependencies of the elements in your technology architecture.

Updating your disaster recovery and business continuity plans can help determine your resiliency. We can help your define/refine your approaches to crisis management and malware attacks such as ransomware. Having you updated incident response plans and playbook? We can help.

Understanding the pre- and post-contract phases of your third party relationships is a key component to relationships with third parties. We can help you understand the pre-award due diligence as well as develop and employ off-boarding activities including termination protocols and “lessons learned” documentation.

With partners and staff who have worked for Big Four firms, we can help your cyber security project and program implementation needs. And we can provide cyber security resources to fit your staffing requirements.

Whether you utilize a traditional waterfall system development lifecycle or an Agile approach, we can help you identify and remediate your application architecture vulnerabilities.

Keeping your staff continually aware of cyber security risks is more important than ever. Whether it is running a phishing campaign or a virtual or in-person training on social engineering attacks or data protection, we can help you improve your staff’s understanding of Cyber threats.

Working with software vendors such as Palo Alto Networks, we can help you meet your Cybersecurity software needs.