Active Defense™ Subscriptions

Vulnerability Management

Gain the expertise & resources to:

  • Analyze the results of your Vulnerability Management Scans and Assessments
  • Develop Vulnerabilities Reports that catalog assets and capabilities (resources) in your network and rank order the importance of each
  • Identify the vulnerabilities or potential threats to each resource
  • Prioritize Risk Treatment Options based on importance & vulnerability
  • Recommend action for mitigating or eliminating the most serious vulnerabilities for the most valuable resources
  • Ensure continuous risk mitigation and posture improvement.

Security Architecture Review and Recommendations

DefenseStorm’s Chief Information Security Officer documents and evaluates your security architecture relative to the latest security threat landscape, and makes recommendations for improvement, prioritized by risk level and corrective investments required.

Penetration Testing

Expert assistance to identify security vulnerabilities in your computer systems, networks, web applications and physical structures that an attacker could exploit. Results:

  • Identify security weaknesses
  • Test the efficacy of security policies
  • Test staff awareness of security issues
  • Identify compliance gaps
  • Help you make strategic decisions to prioritize remediation efforts

Social Engineering & Security Awareness Testing

It’s estimated that 91% of cyber attacks start with a phish. DefenseStorm leverages KnowB4’s security awareness training and simulated phishing platform to help you test employee awareness of phishing risks and compliance with organizational policies through simulated attacks. Employees improve security preparedness & awareness based on their performance on simulated tests and through an online library of content.

Endpoint Detection & Response

DefenseStorm’s TRAC Team leverages Veramine technology to expand your ability to:

  • Efficiently collect endpoint behavioral information
  • Automatically detect unknown threats
  • Search for indicators of attack
  • Accelerate incident response

Custom Integration Engagement

Include data from all systems important to you in your cybersecurity strategy. DefenseStorm experts will build custom integrations between the DefenseStorm GRID and any of your on-premise or cloud-based solutions. This enables data from these solutions to seamlessly flow into the DefenseStorm GRID so that its cybersecurity and cybercompliance functionality can fully leverage it.

Active Compliance™ Subscriptions

Active Compliance Monitoring & Reporting

To help you actively stay on top of compliance with FFIEC-CAT/ACET guidelines & your policies and controls, DefenseStorm’s TRAC Team uses the DefenseStorm GRID to track & monitor compliance, investigate issues and report on your compliance posture.

DefenseStorm’s TRAC Team:

  • Configures task schedules, workflows, person-specific responsibilities and reporting based on your usage of Active Compliance
  • Executes ongoing compliance task schedule tracking and monitoring, performs agreed-upon assigned tasks, investigates identified issues and works with you on remediation.
  • Creates and delivers Active Compliance Reports to demonstrates ongoing compliance posture.

Incident Response Planning & Testing

Gain the bandwidth and expertise to regularly update your Incident Response Plan and test it with both planned and ad-hoc stress tests. DefenseStorm experts help you infuse your Incident Response Plans with continuously up-to-date cyber knowledge and perspective, as well as procedural requirements prescribed by regulatory agencies.

Reporting Design & Development

Understanding and reporting on your cybersecurity posture and cybercompliance adherence can be nuanced and complex. Different internal and external audiences that need to receive, review and weigh-in on the information presented vary widely in their technical background and familiarity with cyber issues. We can help you:

  • Identify reporting needs
  • Design reports
  • Curate an active report library
  • Setup tasks and workflows to manage reporting at all levels.

Virtual Chief Information Security Officer (vCISO) Subscription

Federal and state regulatory bodies recommend separating the duties and oversight of Information Technology (IT) leadership and Information Security (IS) leadership. DefenseStorm can provide an expert to serve as your “virtual Chief Information Security Officer” to partner with your internal teams and deliver CISO-level strategic guidance, planning and execution oversight. Your vCISO will develop a clear and executable plan for evolving your cybersecurity and cybercompliance programs based on a variety of factors. You set the priorities based on your needs. Typical engagements include:

  • Cybersecurity and Cybercompliance Baseline Assessment & Risk Profile
  • Third-party risk analysis
  • Advice on your cybersecurity resource investment strategy & policy goals
  • Gap Analysis between your Risk Level and Cybersecurity Maturity Level, with a guide to closing the gap
  • Quarterly IT or Compliance Committee reporting & annual Board of Directors reporting
  • Oversight and planning advice to inform your InfoSec Program
  • Assistance with preparing for upcoming audits and audit responses leveraging the automated capabilities of the DefenseStorm GRID.