At DYOPATH, we offer our clients the solution to these risks with our Managed Security Services and our integrated Security Service Bundle. Our Managed Security Services deliver unparalleled network protection for organizations of all sizes. We provide 24/7 protection and analysis, continuous, real-time monitoring, and universal automatic policy enforcement with the following offerings:
- Service Desk
- Network Operations Center (NOC)
- Cloud Services
But before we begin protecting our clients’ IT environments, we need to assess them to find out where they currently stand and what they need to support their business goals. We do this with our Security Assessment Plan.
DYOPATH’S Security Assessment Plan
We have developed a thorough Security Assessment Plan to offer our clients. We work closely with each client to customize the approach that matches their acceptable level of risk and individual needs and demands. Because of this, not all clients require each option within the overall plan. It is in this way that we are able to create value for our clients, by not only delivering on their exact needs, but bringing cost-savings to their organizations by removing unnecessary expenses.
Below is a brief overview of each option included in DYOPATH’S Security Assessment Plan:
We use automated vulnerability scanning tools to execute vulnerability scans against a client’s IT environment, sweeping for vulnerabilities, bad passwords, misconfigurations, and other issues. These tools are used in conjunction with proprietary scripts to reduce false positives and passed through analyst intelligence to provide prioritized risk ranking.
Source Code Review
Our analysts assess source code by inspecting documentation and source code, as well as using automated analysis tools. With this, they are able to identify potential vulnerabilities in source code, note the testing results, and provide a formal deliverable of findings and recommendations.
Architecture and Configuration Assessment
Configurations are assessed against industry security and the Center for Internet Security’s standards. When applicable, automated tools and custom scripts are used to catalog the policies, user, and group accounts.
DYOPATH’S security analysts use ethical hacking techniques to perform penetration tests to evaluate our clients’ controls to prevent, detect, and respond to attempts to compromise their IT environment. These techniques may include external (Internet), internal (protected by a firewall), wireless networks, and physical security.
IT Controls Assessments
Our security analysts assess and evaluate our clients’ IT controls to determine their existence, the level of formality and maturity, and their capability to support the ongoing mission of each client. A formal deliverable will also be prepared, detailing any supplementary controls that might be needed, testing results, and any additional findings and recommendations.
Forensic Audit Trail Assessment
Clients’ IT environments are audited for anomalous events such as indicators of compromise or breach. Testing results will be noted and presented in a formal deliverable, along with any additional findings and recommendations.
A comprehensive deliverable report will be provided to each client detailing the findings of their security assessment and their overall risk posture. This report will be a boardroom quality document with clear, concise, and prioritized recommendations regarding findings, severity rating, potential business impact, how to eliminate or sufficiently mitigate each discovered vulnerability, and estimated costs to remediate, specific to each clients’ infrastructure.
Our Security Assessment Plan follows a proprietary methodology that is modeled after the National Institute of Standards and Technology (NIST) and CIS/SANS Top 20 frameworks. Additional security control frameworks we may use, depending on our clients’ industry and compliance needs include: FISMA; NIST 800-53; PII/HIPAA; PCI; ISO 27001; SSAE16,18/SOC 2/3; and VDA version 4.1.1.
Our multi-disciplined and multi-tasking activities utilize best-in-class threat data and transform it into actionable guidance to deliver only the finest in cybersecurity for our clients. We also provide project management to act as the point person on our clients’ accounts, offering kickoff, status, and closeout calls, report generation and communication, resource coordination, and data consolidation.
Best-in-Class Security Services and Support Backed by Our Comprehensive Experience
We know that our potential clients have their fair share of choices in Managed Service Providers. Where DYOPATH stands apart is in our combination of technical excellence, comprehensive experience, and our steadfast commitment to customer satisfaction – resulting in a 98% user satisfaction rating.
We have over 17 years of providing advanced security solutions to clients in a variety of industries including oil and gas, energy, federal, state, and local governments, K-12 education systems, and fortune 500 companies. We meet rigid security requirements and compliance regulations to assure our clients of our proven processes for supporting and protecting their IT environments, along with employing highly respected and multi-certified (including CISSP, Secret, and Top Secret) personnel. With clients located in over 65 cities throughout the U.S., Europe, and South America, DYOPATH has established ourselves as a Total Solutions Provider, capable of delivering quality-driven IT capabilities and support services.