HarborShield Cybersecurity

Mitigate risks with managed security

Security and Compliance Management

HarborShield will guide you through a maturity assessment and review of your current culture, people, processes and technologies, identifying opportunities for improvement in the areas of Governance, Cybersecurity, Data Privacy.

  • Documentation & Remediation - Full visibility into what your cybersecurity gaps are and how to address them. We match you with carefully vetted security options for remediation.
  • Dashboards & Reporting - Real-time dashboards and reporting that will allow you to understand the organizations cyber risk. This includes a risk-ranked vulnerability list to address. Our methodology and platform support most major security frameworks or mandates, such as but not limited to: NIST Cybersecurity Framework (CSF), HIPAA, NIST 800-171, CMMC.

Vulnerability Management

Vulnerability management has become a cybersecurity staple. Utilizing one or more "scanning" tools, your entire infrastructure(s) can be scanned for technical vulnerabilities.

  • Risk Mitigation prioritization and road mapping.
  • Satisfy NIST, HIPAA, CMMC, PCI and other regulatory requirements.
  • Identify (through the assessment process) false-positives and false-negatives that exist and exceptions.
  • Generate a list of the patches or other remediation that need to be applied.
  • Correlate critical vulnerabilities with critical assets.

vCISO

We have designed our Virtual Chief Information Security Officer (vCISO) role to be customizable and effective in helping prevent and eliminate any threats. With our vCISO you get all the same expertise, services, and benefits of a seasoned, highly certified cybersecurity team and a CISO. Your cybersecurity risks will be addressed in the same manner as a full-time team, ensuring your business is secure and compliant.

Penetration Testing

A Penetration Test, often called “red teaming” or a “red team exercise” is the practice of simulating as closely as possible the effect that cyberthreats could have on your business. It is a simulation of a real-world attack on targeted assets using the same tools and techniques that modern criminals use. This is done by understanding who your threats are, their capabilities, motivations and targets and “hacking” your systems the way they can.

  • Advanced Persistent Test - An Extension of a Scenario-Based Test over a prolonged period.
  • Scenario Based Test - Simulation of a specific threat or threat sources.
  • Perimeter Test - A Perimeter Penetration Test seeks to identify technical vulnerabilities in host systems in a perimeter, hosted environment, or DMZ.
  • Application Test - Application Penetration Testing is a type of ethical hacking engagement designed to assess the architecture, design and configuration of web applications.
  • Internal / External Test - An Internal and External Network Penetration Test seeks to identify vulnerabilities in resources accessible on the Client’s internal and external networks.

Policy Review & Development

HarborShield Managed Cybersecurity consultants conducts a presentation to provide an overview of the project objectives and results, as well as to review and discuss the report in detail.

  • Formatted Templates are Uploaded to Client Repository
  • Each Control Family is Formatted for Clients Environment [logo, names, implementation date]
  • Supporting Controls Defined [NIST 800-53R5; NIST CSF & CIS Top 20]
  • 20 Control Families
  • NIST 800-53 R5 Policy Templates [Utilizing HarborShield Phase 1 Recommendations]

Security Awareness Training

User behaviors are the root cause for most of your cybersecurity risks. Poorly written source code, misconfigured firewalls and clicking phishing links in emails – they all start with failures of your employees. Unfortunately, personal survival often equates to business risk. People are motivated by convenience and freedom, not cybersecurity. Once you understand this, you can build an Awareness program that uses this very same motivation to change behaviors and reduce people's risk.

Incident Detection & Response (SOC Monitoring - 24x7)

We provide multiple layers of resources to align with your organization, learn the context of your infrastructure, requirements and define a custom operational plan for efficient day to day security event management. With a named Customer Success Manager and Technical Account Manager it is easy to fully integrate with your organization, provide more value and reduce your workload.

  • SOC Managed Endpoint
  • SOC Firewall Management
  • 24x7x365 Breach Detection Response
  • 24x7 Breach Detection System SOC/SIEM

Digital Forensics

The identification, collection, preservation, analysis, production, and presentation of digital evidence for both internal investigations and legal cases.

  • Human Resource Investigation - Have or suspect a malicious insider? The HarborShield Managed Cybersecurity team can investigate, analyze, and present digital artifacts to assist in the ongoing employee investigation.
  • Impact Assessment - We have extensive experience of IT support services and development of custom tools to secure our clients.

Incident Response

This engaging and interactive exercise typically lasts a half of day and is focused on the decision-making and communication strategies that are critical to any incident response. In a controlled environment, participants can truly experience what it is like to respond to a sophisticated cyber-attack, increasing their level of awareness and gauging their readiness to manage a cybersecurity incident. Participants typically discuss the actions they would take without necessarily implementing them. This highly customizable exercise typically presents the participants with several initial pieces of information related to the potential cybersecurity breach.

  • Plan Development - The best time to prepare for a cyber incident is before it happens.
  • Tabletop Testing - Effective response & recovery requires a well-tested plan and a trained team of professionals with real- world scenarios.
  • Training - The incident response team needs to know what the plan is, how to follow it, and know it without referencing it during a real-world cyber incident.
  • Response Services & Digital Forensics 24x7 - The incident response team needs to the expertise and resources to effectively respond to and manage an incident from escalation to resolution.