This is the first in a series of posts that will aim to provide some initial guidance on the fundamentals of cyber security.
Here we start with what we feel is the most overlooked aspect of any security activity, especially in smaller organisations; Identifying and Assessing the Risks.
Email has been the biggest vector used in cyber-attacks for many years, with over 95% of attacks delivered using email. Which is why continuing with the basic security measures provided by email clients and services, is not enough to prevent today's modern emails attacks.
The first of the CIS Critical Security Controls is to manage and control your inventory of assets, this ensures that only authorised devices are allowed onto the network. To implement this control you need to know what assets you have through an accurate inventory. Ironshare use some excellent products which can help you discover your assets present on the network and not only create but also actively maintain an asset inventory. If required we can also assist or provide guidance with identifying your critical assets and data.
A Security Health Check is a collection of analysis methods & techniques, which are used to uncover the gaps in your security and understand where the real threats to your organisation may come from. If you are new to this and have not yet performed an assessment of your security, it strongly recommended that you engage a security partner to assist you in this area. Security health checks or assessments must be part of any organisations ‘critical activities’. Ironshare recommends that you carry out these health checks on at least an annual basis. Whether you’re a first timer or you just need a new partner to help with your annual checks, why not try Ironshare’s Security Health Check service, we’re here to help you identify and plug your security gaps.
Whether you need assistance with a new or ongoing security issue, or you think you may have been compromised and need help with hunting down the threat, then our Incident Response service may be what you need. Our Incident Response service can help you identify and contain the threat, remove the presence of the threat, identify the root cause and remedy the underlying issues that led to the compromise. In addition we will help you to prepare for, manage, and recover from future threats to your organisations networks. A report of the engagement can also be provided as required.
Information and cyber security can be a hostile landscape, but for every challenge there’s an available solution. You might be taking your first steps with Security, be confused by all the information, and don’t know where to start. Or, you might know what you need to achieve, but need guidance with how to achieve your goals and select the right solutions to your problems; Ironshare are here to help.
We can help get you on your path to realising your security goals, ultimately improving your overall security posture. By assessing your requirements, Ironshare can assist you with finding the ideal solutions to address the problems you are facing. Once you have found the right solution, we can then help you define a documented secure design for the implementation of your chosen solution.
Although Ironshare provides a number of security products and services, they might not be the right fit for you at this time, because of this we don’t just focus on our defined solutions to meet your requirements. This service we will consider all market leading products and services, or the specific vendors, you feel are best suited to you.
Information Assurance refers to the protection of information systems, computers and networks within an organisation, and is typically based on Confidentiality, Integrity, Availability (the CIA triad), Authentication and Non-Repudiation. Simply put ‘are my systems sufficiently secured?’.
Technical Assurance on the other hand focuses on the prevention of mistakes and errors that may arise during the implementation of Information systems or technical controls. Or in simplified terms ‘have my systems and controls been implemented properly, and do what they should?’.
Ironshare’s Assurance services are in place to review the quality of your company’s Information and Technical, practices and controls, to give you the confidence that they are delivering on what is expected. This can include reviewing technical implementations, standards, guidelines and procedures, as well as architectural and technical design review. If we find any gaps or shortfalls, they will be presented along with suitable recommendations in a final report.
Creating the ideal IT Security strategy is not an easy task. An IS strategy needs to be specifically tailored and take into account the organisations:
Ironshare can assist you with the development of your Security strategy, to ensure it aligns with items above. Once your strategy is agreed, we can help to define and document a road-map to achieve the delivery of your strategy.
Security documentation is a key component for security teams to understand, enforce and communicate the organisations security model, and is made up of policies, standards, procedures and guidelines. These security documents outline the company’s security culture, and how it’s going to secure its information assets and systems. Ironshare has a number of templates that can help you create or develop your own Security documentation, and of course we can help you along the way as necessary. Our templates include Secure Hardening baselines for IT infrastructure components, which are based upon CIS (Center for Internet Security) and NIST (National Institute of Standards and Technology) standards. These baselines can be tailored for your specific organisation.
With the rapid growth of the IT Security sector, combined with the shortfall of available Security professionals in the industry, it can be difficult for organisations to attract and hold onto qualified and experienced staff. Ironshare offer access to skilled security resources, that can work with you on a retainer basis. The retainer will allow you to purchase time in advance so you can call upon their services for a few hours or days a month, when your needs arise. This purchased retainer works on the pay for access model which is used to arrange access to expert consultants that can help you with any of our consulting services or your own ad-hoc security requirements.
AV-TEST a leading independent research institute for IT security performed a review of Cisco Umbrella alongside comparable offerings from Akamai, Infoblox, Palo Alto Networks, Symantec and Zscaler.
Testing was broken into two phases, first DNS-Layer Security and second Secure Web Gateway. In both tests Cisco Umbrella outperformed all other vendor offerings, coming out on top.
Access to an advanced threat protection platform, that secures you from the minute its enabled, protecting against Malware, Phishing and Command & Control (C2) threats on the Internet.
Cloud based security platform protects your devices from the minute its enabled, detecting advanced malware through continuous file analysis and monitoring.
There is no hardware to install and a simple change to your DNS settings or installing the Secure Endpoint lightweight client on your endpoints can get you up and running in minutes.
If you like what Cisco Umbrella and Secure Endpoint has to offer then why not try it out with a no-obligation to buy, Free Trial.
Full-featured two-factor authentication & secure access, for every organisation.
Multi-Factor Authentication
Single Sign-On
Protect Any Application
Protect Federated Cloud Apps
Essential access-security suite to address risks from cloud, BYOD, and mobile.
Adaptive Groups Based Policy Controls
Unified Device Visibility
User Based Policy
Device Based Policy
Duo Device Health Application
Easiest and most complete platform to address BYOD and cloud security risks.
Trusted Endpoints
Secure Remote Access into Internal Applications
Duo Mobile as Trusted
Multi-factor authentication protects your applications by using a second source of validation, like a phone or token, to verify user identity before granting access. Implementing multi-factor authentication doesn't have to be disruptive to your users.
With its self-enrolment feature, Duo is fast and easy to use; it offers several available authentication methods so that you can choose the one that best suits your workflow. Duo also comes with an intuitive administrative dashboard, detailed reporting, and an always-up-to-date cloud-based model, multi-factor authentication couldn't be easier to manage.
For more information on our services please get in touch.
Contact US
