Osi

Cyber Security

 

IT security is a critical to all American organizations as online security threats grow more sophisticated and destructive. As security threats become more widespread, organizations can no longer ignore security vulnerabilities because recent high profile cyber attacks (Sony, OPM, Target, Anthem BCBS, Home Depot etc.) show that network security attacks can have devastating impacts by damaging customer trust, reputation, and leading to direct financial losses. IT security solutions are now essential to an organization’s technology operations.

As a Managed Security Partner for your organization, OSIbeyond provides comprehensive managed security oversight to protect your data and systems from malevolent intruders. To this end, we use a multi-step process. First, we perform a vulnerability analysis and security testing on all your IT systems to identify potential security risks. We then benchmark your security situation. To ensure continued network security protection, we also implement OSIbeyond’s Enhanced Security Services. These vulnerability remediation services deliver a holistic network security design by adding multiple layers of IT security protection to your organization’s technology systems.

Vulnerability Assessment

Vulnerability Scanning

OSIbeyond will conduct a comprehensive vulnerability assessment of your environment. First, OSIbeyond will scan your entire network to discover and inventory all assets, including their OS, applications, and services. These security scans include both internal vulnerability scanning to assess your network security from inside the firewall and external scanning performed remotely from the outside. Simultaneous internal and external scanning provides a complete view of your organization’s security risks. To provide additional information and to probe risks more deeply, OSIbeyond deep scans user credentials to authenticate against assets. Authenticated scans cover a wide range of OS, database, network, and application layer configurations. Anonymous scanning only provides an outsider’s view of assets.

OSIbeyond then reports to you via a combined vulnerability assessment and configuration report for a complete view of your security risk and compliance posture.

Security Testing, Security Risk Prioritization & Vulnerability Remediation

Once network vulnerability scanning is complete, OSIbeyond will prioritize your security risks, and implement the best vulnerability remediation plan for your organization. With network security vulnerabilities sometimes reaching thousands or possibly millions of security threats in some organizations, OSIbeyond provides a granular risk score that blends threat intelligence with temporal metrics. The OSIbeyond risk score incorporates threat metrics such as exposure to exploits and malware kits, and how long network vulnerabilities have specifically threatened your IT systems.

After OSIbeyond identifies and prioritizes security risks to your organization, we then take security risk management actions to decisively resolve them. OSIbeyond’s vulnerability remediation workflow creates a risk-based plan focusing on the largest network security risks first. The vulnerability remediation plan includes prioritized network security protection, time required for completion, and related patches, downloads, and references.

Vulnerability Assessment Reporting

Vulnerability assessments can produce an overwhelming amount of information, so it is important to identify which security risks and vulnerability remediation actions are relevant, and present them in a clear, concise, and actionable security hardening plan. By providing consolidated reporting using aggregated data from every scan, OSIbeyond ensures easy security threat prioritization and vulnerability remediation based on our vulnerability analysis of your networks and compliance. To this end, we report on security vulnerabilities, network configurations, security policy compliance, and other asset information in a single report. OSIbeyond reporting includes an executive report to show the risk posture across the entire organization and IT operations level reports to detail OSIbeyond’s vulnerability remediation steps.

Security Compliance & Configuration Assessment

Vulnerability assessments are a key requirement for many security standards and regulations, such as Payment Card Industry Data Security Standards (PCI DSS). OSIbeyond can tailor your vulnerability assessment to specific industry security compliance requirements. While OSIbeyond does not provide compliance certification, this reporting in conjunction with vulnerability remediation is critical for preparing your organization for audit or certification.

Ensuring your systems are configured securely according to industry benchmarks and best practices is a critical component of network security and data protection. Configuration and compliance assessments are performed at the same time as vulnerability scanning with the results presented in a single comprehensive report. In addition, configuration policies can be fully customized to meet your specific requirements.

Enhanced Security Services

OSIbeyond Enhanced Security Services include various proactive technology solutions designed to protect against and prevent malicious attacks, data compromises, and network vulnerabilities. Our Enhanced Security Services delivers a holistic approach by adding multiple layers of network security to your technology systems, including email communications, user authentication, and mobile devices. OSIbeyond Enhanced Security Services are offered as a subscription service based on the number of users.

OSIbeyond Enhanced Security Services use a complete security toolkit to proactively respond to, protect against attacks and breaches in four key areas.

1. Targeted Threat Protection

Targeted Threat Protection protects organizations against spear-phishing and targeted attacks in inbound email by focusing on three measures:

  • URL Protect rewrites URLs in all inbound email. When clicked, the destination website is scanned in real-time for potential risks before being opened in the employee’s browser. If the site is safe, it opens as normal. If not, a warning page is displayed and access to the website is blocked.
  • Attachment Protect reduces the threat from weaponized or malware-laden attachments used in spear phishing and other advanced attacks. It includes pre-emptive sandboxing to automatically security check email attachments before they are delivered to your employees. Attachments are opened in a virtual environment or sandbox, isolated from the corporate email system, security checked and then passed on to the employee if clean
  • Impersonation Protect offers instant and comprehensive protection from the latest malware-less social engineering attacks, often called CEO fraud, whaling or business email compromise, by identifying combinations of key indicators in an email to determine if the content is likely to be suspicious, even in the absence of a URL or attachment.

2. Two Factor Authentication

Passwords are easy to compromise. They can be stolen, guessed, or hacked, and you might not even know someone is accessing your account. Two-factor authentication adds a second layer of security to your online accounts. Verifying your identity using a second factor (like your phone or other mobile device) prevents anyone but you from logging in, even if they know your password. With Push notification, you'll be alerted right away (on your phone) if someone is trying to log in as you.

3. Mobile Device Security

OSIbeyond Mobile Device Security provides centralized management of smartphones and tablets to help safeguard devices and data. Mobile Device Security includes the following compliance and security features:

  • Set granular security policies for specific devices or persona policies that span across devices.
  • Specify passcode policies and encryption settings.
  • Detection of and restrictions on jailbroken and rooted devices.
  • Remote location, locking and wiping lost or stolen devices; selectively wipe corporate data while leaving personal data intact.
  • Near real-time compliance rules with automated actions.

4. Phishing Security Tests

OSIbeyond conducts automated monthly employee Phishing Security Tests. Phishing Reply Tracking allows you to track if a user replies to a simulated phishing email and can capture the information in the reply. You can also track links clicked by users as well as test and track if users have opened Office attachments that enable high-risk macros.

Should an employee fall for one of the simulated phishing attacks, you have several options for correction, including instant remedial online training. The scheduled monthly simulated phishing attacks are highly effective and immediately allow you to see if employees fall for these social engineering attacks.
Interested in Learning More?

Contact Us

OSIbeyond

4833 Rugby Avenue, Suite 400
Bethesda, MD 20814
301.312.8908