HarborShield Cybersecurity

by HarborShield Cybersecurity

Mitigate risks with managed security

 Write a review

Security and Compliance Management

HarborShield will guide you through a maturity assessment and review of your current culture, people, processes and technologies, identifying opportunities for improvement in the areas of Governance, Cybersecurity, Data Privacy.

  • Dashboards & Reporting - Real-time dashboards and reporting that will allow you to understand the organizations cyber risk. This includes a risk-ranked vulnerability list to address. Our methodology and platform support most major security frameworks or mandates, such as but not limited to: NIST Cybersecurity Framework (CSF), HIPAA, NIST 800-171, CMMC.
  • Documentation & Remediation - Full visibility into what your cybersecurity gaps are and how to address them. We match you with carefully vetted security options for remediation.

Vulnerability Management

Vulnerability management has become a cybersecurity staple. Utilizing one or more "scanning" tools, your entire infrastructure(s) can be scanned for technical vulnerabilities.

  • Correlate critical vulnerabilities with critical assets.
  • Generate a list of the patches or other remediation that need to be applied.
  • Identify (through the assessment process) false-positives and false-negatives that exist and exceptions.
  • Satisfy NIST, HIPAA, CMMC, PCI and other regulatory requirements.
  • Risk Mitigation prioritization and road mapping.

vCISO

We have designed our Virtual Chief Information Security Officer (vCISO) role to be customizable and effective in helping prevent and eliminate any threats. With our vCISO you get all the same expertise, services, and benefits of a seasoned, highly certified cybersecurity team and a CISO. Your cybersecurity risks will be addressed in the same manner as a full-time team, ensuring your business is secure and compliant.

Penetration Testing

A Penetration Test, often called “red teaming” or a “red team exercise” is the practice of simulating as closely as possible the effect that cyberthreats could have on your business. It is a simulation of a real-world attack on targeted assets using the same tools and techniques that modern criminals use. This is done by understanding who your threats are, their capabilities, motivations and targets and “hacking” your systems the way they can.

  • Internal / External Test - An Internal and External Network Penetration Test seeks to identify vulnerabilities in resources accessible on the Client’s internal and external networks.
  • Application Test - Application Penetration Testing is a type of ethical hacking engagement designed to assess the architecture, design and configuration of web applications.
  • Perimeter Test - A Perimeter Penetration Test seeks to identify technical vulnerabilities in host systems in a perimeter, hosted environment, or DMZ.
  • Scenario Based Test - Simulation of a specific threat or threat sources.
  • Advanced Persistent Test - An Extension of a Scenario-Based Test over a prolonged period.

Policy Review & Development

HarborShield Managed Cybersecurity consultants conducts a presentation to provide an overview of the project objectives and results, as well as to review and discuss the report in detail.

  • NIST 800-53 R5 Policy Templates [Utilizing HarborShield Phase 1 Recommendations]
  • 20 Control Families
  • Supporting Controls Defined [NIST 800-53R5; NIST CSF & CIS Top 20]
  • Each Control Family is Formatted for Clients Environment [logo, names, implementation date]
  • Formatted Templates are Uploaded to Client Repository

Security Awareness Training

User behaviors are the root cause for most of your cybersecurity risks. Poorly written source code, misconfigured firewalls and clicking phishing links in emails – they all start with failures of your employees. Unfortunately, personal survival often equates to business risk. People are motivated by convenience and freedom, not cybersecurity. Once you understand this, you can build an Awareness program that uses this very same motivation to change behaviors and reduce people's risk.

Incident Detection & Response (SOC Monitoring - 24x7)

We provide multiple layers of resources to align with your organization, learn the context of your infrastructure, requirements and define a custom operational plan for efficient day to day security event management. With a named Customer Success Manager and Technical Account Manager it is easy to fully integrate with your organization, provide more value and reduce your workload.

  • 24x7 Breach Detection System SOC/SIEM
  • 24x7x365 Breach Detection Response
  • SOC Firewall Management
  • SOC Managed Endpoint

Digital Forensics

The identification, collection, preservation, analysis, production, and presentation of digital evidence for both internal investigations and legal cases.

  • Human Resource Investigation - Have or suspect a malicious insider? The HarborShield Managed Cybersecurity team can investigate, analyze, and present digital artifacts to assist in the ongoing employee investigation.
  • Impact Assessment - We have extensive experience of IT support services and development of custom tools to secure our clients.

Incident Response

This engaging and interactive exercise typically lasts a half of day and is focused on the decision-making and communication strategies that are critical to any incident response. In a controlled environment, participants can truly experience what it is like to respond to a sophisticated cyber-attack, increasing their level of awareness and gauging their readiness to manage a cybersecurity incident. Participants typically discuss the actions they would take without necessarily implementing them. This highly customizable exercise typically presents the participants with several initial pieces of information related to the potential cybersecurity breach.

  • Plan Development - The best time to prepare for a cyber incident is before it happens.
  • Tabletop Testing - Effective response & recovery requires a well-tested plan and a trained team of professionals with real- world scenarios.
  • Training - The incident response team needs to know what the plan is, how to follow it, and know it without referencing it during a real-world cyber incident.
  • Response Services & Digital Forensics 24x7 - The incident response team needs to the expertise and resources to effectively respond to and manage an incident from escalation to resolution.