Ready Services Group Cyber Security Services

Secure your cyber presence

Incident Response

With incident response, RSG can help after the event occurs with forensic and deep expertise in reconstructing the event and working with law enforcement if needed. RSG will be responsible for developing a proactive IR plan, assessment and resolution of system vulnerabilities, assisting with maintenance of the best security applications, and providing support for your IR handling procedures.

  • Lessons learned: This is a step that is often overlooked but important to ensure information is fresh in the team’s mind. The purpose of this phase is to complete documentation if it could not be prepared during the response process and investigate the incident further to identify its full scope, how it was contained and eradicated, what was done to recover the attacked systems, areas where the response team was effective, and areas that require improvement. It should not be a time for placing blame, but instead a time to focus on preventing future occurrences of the incident that just happened.
  • Recovery: The recovery phase is where you restore your systems to full working order as it was before the incident occurred. This usually involves restoring from backups and testing the network to make sure no traces of the threat remain.
  • Eradication: We identify the root cause of the attack, remove malware or threats, and prevent similar attacks in the future. An example would be, if a weak authentication mechanism was the entry point for the attack, it should be replaced with strong authentication; if a vulnerability was exploited, it should be immediately patched. Although containment and Eradication may seem like similar steps, eradication differs from containment. In the containment phase, you are merely trying to prevent the problem from getting worse. In the eradication phase, you eliminate the threat from your network or your endpoint of application.
  • Containment: Containment is crucial within the incident response plan and can help stop the effect of an incident. Certain situations require different types of containment strategies to use. Our Cyber Security Analysts in-case there has been an incident, will request information from the customer and will work with our customers in order to access and contain the compromised systems, and will guide in the recovery of the assets, disable systems, identify the source of the problem, collect evidence, and assess the damage. Such containment shall not interfere with the incident response investigation.
  • Identification: In the event of a potential compromise of information or systems that has been detected, we will escalate the matter to our customers with a High Alert followed by a phone call to the responsible party that has been pre-determined by the customer. All High Priority events will be escalated to the designated contacts immediately and we will continue to contact these individuals until they are reached or until all the required methods of contacts have been exhausted. Lower priority items are escalated to customers in accordance with the recommended time to resolve the issue and will likely be communicated through email.
  • Preparation: This is an important step, and we advise our customers to have key members within their organizations to be available 24/7/365 who can identify and access critical assets and applications during incident response. Only allow access to systems and applications to authorized users. While it is extremely difficult to prepare for every possible contingency, having a plan established ahead of time in case of a data breach or compromise should be our customers' number one priority.

Managed Detection and Response (MDR)

Managed Detection and Response (MDR) is an advanced managed security service that provides threat intelligence, threat hunting, security monitoring, incident analysis and incident response. This is more than alerts from security monitoring - we use advanced security analytics on endpoints, user behavior, application, and network. MDR provides deep detection and uses artificial intelligence and machine learning to investigate and contain threats.

We will review security operations processes for completeness, incident response procedures and make suggestions to increase efficiency and completeness of the processes. We provide around the clock monitoring of your systems using sophisticated algorithms to substantially reduce false positives. The result is lower staffing requirements and reduced costs.

  • Cloud infrastructure attack detection
  • Unauthorized access detection
  • Anomalous privilege escalation detection
  • SQL injection detection
  • SIEMS analytics
  • FTP & cloud storage exfiltration
  • Network intrusion detection

Cyber Risk Assessment

The ability to identify, evaluate and prioritize cyber security risks to a company's daily operations will allow for more informed decisions and better security. An insufficient cyber security policy and solution process can expose a company to many types of threats. These threats can come in the form of blocked access to your network (ransomware), installation of malware or harmful software, obtaining company information through transmittal of data (spyware), and disrupting or rendering your systems inoperable. Managing these risks can prevent cyber attackers from damaging your business and customer information.

The scope of our CRA can be limited to one area/system of your business or the entire business. It can go as deep as just looking at policies and procedures to deep penetration testing in your systems.

  • A network assessment gives you an in-depth analysis of your IT environment to help you make informed decisions regarding system upgrades and overall maintenance.
  • It gives you a clear roadmap to help you revamp your IT infrastructure, helping you save money and giving your team the time to focus on strategic activities.
  • A strong network assessment gives you full visibility into your organization's network to chalk out a proactive security strategy against global cyberthreats as well as end-user vulnerabilities.
  • Network assessments expose loopholes in your current operations, presenting you with opportunities for improvement.

CSO as a Service

With CSO as a Service, RSG will be able to provide a security audit for review and assist with prioritization of remediation activities. We will work with you to develop a security roadmap for suture enhancements and/or budget planning. This should also provide insight for security feature implementation during projects, along with current and future operations. We will work with key stakeholders to develop a security awareness program.

  • The CSO solution is designed to scale up or down depending on your business needs.
  • A CSO will enhance leadership, provide a third-party perspective to appropriately align cyber security strategies with corporate priorities, and enable your company to bring a higher degree of focus, execution, and continuity to your cyber security program initiatives in a highly cost-effective manner.
  • Significantly reduces the learning curve related to architecture design, policy development, mobile security policies, and compliance frameworks that are deployed throughout your corporate enterprise.

Identity Access Management

Identity Access Management is essential to a business with multiple accounts. This service offers your business the ability to control what accounts are able to access certain information. Providing this type of security gives your business protection because it limits the amount of people who are able to view information that they do not need to view. Limiting access based on accounts can drastically increase your business's cyber security level.

  • Securely connect every user to the right level of access.
  • Integration with Biometric authentication that relies on a user’s personal unique characteristics.
  • Integration with Biometric authentication that relies on a user’s personal unique characteristics.
  • Reduces overall level of management needed and costs for your business.
  • IAM systems help companies better comply with government regulations by allowing them to show corporate information is not being misused.
  • Companies that properly manage identities have greater control of user access, which reduces the risk of internal and external data breaches.
  • Access privileges are granted according to policy, and all individuals and services are properly authenticated, authorized, and audited.

Endpoint Protection

An endpoint is any device that connects to a computer network. It can be a laptop, desktop computer, cell phone, tablet, or IoT (Internet of Things) device. Regardless of the type of endpoint, it’s your company’s window to the outside world and if left unsecured a hacker’s doorway into your network. Let RSG’s team of experts help protect your network from bad actors. Our endpoint protection service packages offer the following features and more:

  • Automatic updates
  • Website content filtering
  • DNS filtering
  • Malware protection
  • Ransomware eradication & removal
  • Memory exploit protection
  • Offline protection
  • Protection from file-less attacks
  • Blocking of zero-day attacks
  • OS hardening
  • Role-based access
  • Multi-factor authentication

Cyber Maturity Assessment

The goal of this service is to provide your company with the ability to see the weak spots in your organization’s network that are vulnerable to threats.

This service includes:

  • Specifically points out areas where you can improve your organization’s security level and points out the priorities on how to improve.
  • Compares the maturity level to other organizations facing similar risks and challenges across the board.
  • Determine the maturity of your organization and provides strong guidance on how to improve your security.
  • Identify gaps in your cybersecurity program across people, processes, and technology.
  • Computer security report card: This assesses individual computers at a high level based on various security criteria. The report card provides a measure of how well a computer complies with security best practices.
  • Data breach liability report: To mitigate the risk of civil litigation and other penalties when a data loss or theft occurs, our cyber liability and data breach report is designed to expose just how vulnerable your organization may be.
  • An external vulnerability scan: A comprehensive report includes security holes and warnings of your network and firewall’s vulnerabilities.
  • A security risk report: An overall showing summary of risk score and problem areas in your network.

Phishing Protection

Since the COVID-19 Pandemic Small and Medium businesses are some of the most likely targets for a phishing attack due to their lack of protection and training. Currently, 94% of viruses are delivered by email and the main cause of the virus download is human error or curiosity.

  • Realtime protection, constantly updated.
  • Ability to report a potential email that could be spam. Once determined to be spam the email will be removed from all mailboxes.
  • Simple color-coded banners to inform users of the status of an incoming email.
  • Blocks brand forgery, CEO/key employee impersonation (spear phishing), malware, and viruses.
  • Block users from opening URLs in emails to a website trying to steal employee information.