SkOUT FAILSAFE™-Secure your People, Processes, and Technology
SkOUT FAILSAFE™ takes service and security to the next level. By reviewing compliance, testing your networks, and putting the right policies in place, SkOUT delivers FAILSAFE™ to your organization to make sure you are fully secure. SkOUT’s Trained team of Secure Intelligence Professionals will train your team and ensure that the best processes and technologies are in place and ready to respond.
SkOUT RISK REPORT™
SkOUT COMPLY NOW™
Internal and External MOLEFINDER™
SkOUT will analyze and assess all aspects of your network looking for vulnerabilities or potential shortfalls that you might not be prepared for. SkOUT MOLEFINDER™ will conduct the following tests and procedures:
Information Gathering Tests: SkOUT will identify live hosts, network topology, operating system, services provided, access control mechanisms, access servers and the interactions between systems.
Generic Vulnerability Tests: SkOUT will determine the presence of known vulnerabilities and exploit them. This includes vulnerabilities related to legitimately provided services such as FTP, SMTP mail exchangers and gateways, DNS, IMAP/POP, file and print sharing.
Network Characteristics and Topology Tests: SkOUT will determine the presence of vulnerabilities and exploit the vulnerabilities related to network topology, network components configuration and design principles, and protocol specific characteristics. These include tests that consider spoofing techniques, protocol specific tests such as usage of IP options, fragmentation, exploit of trust relationships, protocol encapsulation, routing tricks, and design and implementation flaws in several network protocols.
[Mis-Configuration Tests: SkOUT will attempt to identify and exploit typical miss-configuration problems.
Backdoor Tests: SkOUT will attempt to identify the presence of known backdoors in the company’s infrastructure and exploit them.
Final Report on Summary and Findings: SkOUT will provide a report with a summary that describes the objectives and scope of the work done, as well as the methodology used for each phase of the MOLEFINDER™ penetration test performed. The overall findings will present a brief synopsis of the findings and where vulnerabilities are classified according to their risk level (Critical, High-Risk, Medium-risk, Low-risk and Informational).
A draft report of findings will be provided for review and approval. A final report, from any actions from the draft report feedback will then be provided. This report includes:
● Executive Summary
● Test Results and a list of discovered vulnerabilities
● Recommendations of mitigation and remediation (tactical countermeasures)
VLAN Isolation: Verify that the different functional network segments are physically or logically isolated. For example, SkOUT will determine and ensure that the servers and workstations are isolated on the target network.
Exploit Tests: The tests will include common and proprietary hacking techniques including the use of automated tools, custom scripts developed internally and manual testing. During the performance of the Services, your organization’s internal environment will be tested for a variety of security issues, which may include but not be limited to:
● Outdated operating systems that can be utilized to perform exploits
● Privilege Escalation
● Man-in-the-Middle exposures
● Weak Credentials
● Utilize unnecessary services for unauthorized access
● Data Leakage Identification ]
SkOUT will attempt to exfiltrate data or critical information from an organization through the use of social engineering on employees at the organization. By misrepresenting intentions, identities and credentials, SkOUT can show gaps in training and security awareness of the organization.
Executive Summary on Vulnerabilities : The Social Engineering summary describes the objectives and scope of the work done, as well as the methodology used for each phase of the penetration test performed. The overall findings present a brief synopsis of the findings and where vulnerabilities are classified according to their risk level (Critical, High-Risk, Medium-risk, Low-risk and Informational).
[A draft report of findings will be provided for review and approval. A final report, from any actions from the draft report feedback will then be provided. This report includes:
● Executive Summary
● Test results and a list of discovered vulnerabilities.
● Recommendations for mitigation and remediation (tactical countermeasures).]
SkOUT RISK REPORT™
DFARS RISK ASSESSMENT
Assessment Report: SkOUT will determine compliance with each security control in NIST SP 800-171. As part of the Security Assessment activity, SkOUT will complete the Plan of Action & Milestones (POA&M) to show any gaps with existing security controls.
[Project deliverables include:
• System Security Plan
• Incident Response Plan
• Rules of Behavior
• Information Security Policy
• DFARS Compliance Briefing]
ISO 27001 RISK ASSESSMENT
SkOUT will provide enhancements to the organization that can be leveraged to drive strategic information security decisions and the future direction of your organizations Information Security Program.
Security Assessment Review:
SkOUT will perform a security assessment to analyze and score the configuration of your organization’s internal information technology systems. Assessments are made against the twenty critical security controls as defined by the International Organization for Standards (ISO) 27001 Information Security Management. [We will also gather information about the architecture by data collection and interviews with your organization’s technical staff, including a review of your current network design documentation.
In addition, we will attempt to discover gaps in your organization’s security posture and provide a report to you with an outline of recommended methods of prevention, mitigation, and remediation.
Security Framework Review:
CIS RISK ASSESSMENT
SkOUT performs a security assessment to analyze and score the configuration of your organization’s internal information technology systems. Assessments are made against the twenty critical security controls that are defined by the center for Internet Security (CIS). SkOUT will gather information about your organizations architecture by collecting data and conducting interviews with technical staff, including a review of the your current network and design documentation. SkOUT will attempt to discover gaps in security of your organization and will provide a report with an outline of recommended methods of prevention, mitigation and remediation.
[Security Framework Review: SkOUT will review your organizations existing procedures and compare them to our best practices. In additon, we will provide enhancements to the organization that can be leveraged to drive strategic information security decisions and the future direction of your Information Security Program.
Policy and Procedures Review: SkOUT will assess existing policies and procedures using industry best practices as a working framework. We will review policies and procedure enforcement for evidence of effective controls and implementation.
Architecture Review: SkOUT will review your organization for deployed/implemented security technologies using recommended industry standards and best practices to evaluate these security technology configurations for optimization and operations. SkOUT will also review organizational utilization of security architecture-generated information.
Security Score – SkOUT will deliver five scores in line with the CIS Controls which are based on the CIS security benchmarks for conformity.
Policy Gap Analysis – Analysis of gaps between your organization and your industry’s specific compliance regulations and best practices
Security Controls Gap Analysis – Best Practices for People, Processes, and Technology Gap Analysis
Security Technology Roadmap – Roadmap that contains steps needed to obtain a “best of breed” security program and technology posture]
DFS RISK ASSESSMENT
As of March 1, 2017, 23 NYCRR 500 – Cybersecurity Requirements for Financial Services Companies is in effect. This regulation promotes the protection of information technology systems and the customer information of regulated entities. It requires each company to assess its specific risk profile and design a program that addresses its risks to meet specified cybersecurity requirements.
SkOUT’s expert team of security industry veterans – with NSA, Military, and Intelligence backgrounds – are at your disposal to give visibility and intelligent insight into the (DFS) Cybersecurity Regulations and Requirements
Risk Assessment Profile and Descriptors: SkOUT will compile a list of personnel that participated in the risk assessment process and share key finding metrics based on risk to the organization (low, medium, high) in meeting compliance with the 23 NYCRR 500 DFS Cybersecurity Regulation.
[Technical Findings – SkOUT will deliver a report on specific definitions of risk based on exposure to the company.
Draft Report – SkOUT will provide a list of all risks identified during the assessment process will be presented to executive stakeholders outlining all determinations and recommendations of the assessment.
Final Report: Detailed descriptions of each information security risk finding section applicable to meeting the DFS cybersecurity regulation. This report will include updates from the draft report discussion. It will also serve as the primary source of information for your organization to meet Section 500.09 of the DFS Cybersecurity regulation. In order to fully comply, you will need to document how each risk was addressed. Risks can be addressed in many different ways: (full remediation, opening up lines of insurance to cover damages, accepting risk “as is,” etc).]
GDPR RISK ASSESSMENTS, TRAINING and PROJECT PLAN
GDPR Training: SkOUT will conduct a full day of training for your organization’s staff members who will be responsible for adherence to GDPR regulations in half-day or a full-day sessions with the focus on data protection. This includes a 3-6 hour session by SkOUTS GDPR Subject Matter Expert with any applicable documentation.
[GDPR High Level Assessment and Readiness Report: SkOUT will perform information collection and an assessment consisting of the following:
● identifying your organization’s type of data (customers, suppliers, finance, marketing, etc.,
● identifying where the data is stored
● identifying who is responsible for maintaining the data
● prepare a draft report
● identifying and documenting the environment, without any advisory effort at this point. SkOUT then performs an analysis of the data collected and may require some followup conversations, which can be performed via a conference call.
GDPR Recommendations and Project Plan: SkOUT will conduct a presentation for a review of the draft report to answer questions and perform a deeper dive into certain areas or criticality. Recommendations are expanded from the initial observations noted in the draft report. SkOUT, working with you, will create a project plan identifying who is going to do the work to perform the actions needed to be complaint with GDPR.]
DISASTER RECOVERY AND DATA BACKUP
Downtime strikes IT organizations from a multitude of sources. From the relatively rare natural disaster to the more commonplace user errors, malicious attacks or patching, IT teams can guarantee that downtime will strike some of their systems every year.
The cost of that downtime can be high. For revenue-generating systems, it’s measured in thousands of dollars every hour. For business systems, lost productivity is similarly costly. Less easily defined are the potential losses associated with customer loyalty, end user dissatisfaction and competitive positioning.
[SkOUT RESCUE™ enables IT organizations to maintain the highest availability of their Windows and Linux servers by preventing downtime and data loss. The software does this using a continuous replication mechanism that maintains a secondary copy without taxing the primary system or network. With support for physical, virtual or cloud source systems or target environments, the RESCUE™ Availability solution is a comprehensive replication option for organizations.
No delays, no data loss
SkOUT RESCUE™ continuously replicates changes from the source environment into a secondary target anywhere in the world. Once the initial seeding is complete, changes are transmitted in real time, ensuring the replica is in sync. The software replicates files, applications or an entire server, including its system settings.
Rapid failovers prevent downtime
In the event of a disaster to one system or an entire data center, a failover to the secondary location can be easily invoked. The secondary systems spin up and users are rerouted with only a few seconds or minutes of interruption.
Negligible performance impact
The production servers protected by SkOUT RESCUE™ will not experience any performance degradation due to the replication. As changes are captured and transmitted at the byte level, impact to network performance is minimal.
Physical systems support
Physical systems, which are typically critical to operations, are often left out of the disaster preparedness plan. To ensure all IT systems are protected, the RESCUE™ Availability solution can replicate Microsoft Windows or Linux servers on any underlying platform and to any target: physical, virtual or cloud. This enables IT to unify its business continuity solution across all platforms in a single solution.]
SkOUT COMPLY NOW™
INFORMATION SECURITY COMPLIANCE ASSESSMENTS
Security Awareness Training: SkOUT will provide training of users and staff on maintaining a secure enterprise. This session can either be done onsite (U.S. location) or remote. The session will take about 1-2 hours of a presentation and interactive session. Session includes, but not limited to, knowledge for an understanding and business value of security best practices.
Access Control :This policy establishes the Access Control Policy, for managing risks from user account management, access enforcement and monitoring, separation of duties, and remote access through the establishment of an Access Control. The access control policy helps you to implement security best practices with regard to logical security, account management, and remote access.
[Acceptable Use: The purpose of the Acceptable Use Policy is to outline the acceptable use of computer equipment. These rules are in place to protect the employees, consultants and your organization. Inappropriate use exposes you to risks including virus attacks, compromise of network systems and services, and legal issues.
Business Impact Analysis: The purpose of the Business Impact Analysis policy is to outline the requirements, expectations, and responsibilities regarding the Business Impact Analysis (BIA) process within your organization.
Business Continuity Management: Customer has established the Business Continuity Management (BCM) policy that will enable Customer to meet our strategic, operational, contractual, legal, and client requirements. Compliance with this policy is mandatory for all your employees and consultants. Compliance with this policy ensures that business continuity activities are conducted and implemented in an agreed and controlled manner so as to cause minimal impact to business from various disruptions. Your organization achieves and maintains a business continuity capability that meets the business needs and is appropriate to the size, complexity, and nature of Customer’s growing business.
Change Management: The purpose of the Change Management Policy is to manage changes in a rational and predictable manner so that staff and users can plan accordingly. Changes require planning, approval, forethought, careful monitoring, and follow-up evaluation to reduce negative impact to the user community and to increase the value of information technology resources. Managing changes is a critical part of providing robust, reliable and valuable information technology architecture.
Communication and Operation: The purpose of the Communication and Operation Management Policy is to ensure that the information processing and communications facilities are used and operated in a defined and secured manner.
Compliance Management: The purpose of the Compliance Management policy is to outline the requirements, expectations, and responsibilities regarding compliance management process within your organization.
Data Classification and Handling: The purpose of data classification and handling procedures is to identify the sensitivity of information so that it can be handled in accordance with security requirements from a compliance, legislative, and best practice perspective. Your organization identifies how to classify information and the subsequent protections that must be in place to transmit, store, dispose of, and access the data.
Data Retention: The purpose of the Data Retention Policy is to ensure that the retention of information is stored and documented in a defined and secured manner.
Disaster Recovery: The purpose of the Disaster Recovery Policy is to define the requirement for disaster recovery (DR) process implemented by your organization. It is imperative that a DR process is followed and a detailed DR Plan is developed that describes the process to recover IT systems, applications, and data from any type of disaster that causes a major outage.
Human Resources and Personnel: You must ensure that your organization’s systems and networks remain secure and are properly protected. The purpose of this policy is to ensure personnel security controls and related procedures are implemented to protect the privacy, security, and integrity of information technology resources against unauthorized use.
Incident Response: The Incident Response policy will help create a Customer Incident Response Team (IRT) and will lay out the requirements for its creation and operation. This policy details the response requirements supported by the published process document. An “incident” is defined as a single or a series of unwanted or unexpected information security or privacy events that have a significant probability of compromising business operations and threatening information security or privacy.
Information Security Program: The purpose of the Information Security Program is to describe the Customer Information Security Management System (ISMS) as the foundation for the Customer Information Security Program (ISP). The ISP is aligned with the requirements of the International Organization for Standardization (ISO) 27001 & ISO 27002 and is intended to help customers mature their overall risk and security programs while protecting the confidentiality, integrity, and availability of its information assets.
Logging and Monitoring: The objective of the Logging and Monitoring policy is to set the requirements for logging and monitoring on your organizations production networks and information systems to detect deviations from security policy and unauthorized activities. This policy provides the minimal foundation for logging and monitoring requirements on your information systems and networks.
Mobile Device: The Mobile Device policy lays out the requirements in regards to mobile device to ensure securing your resources (including hardware, software, and information) by explaining important concepts with the goal of having employees understand their responsibility to mobile device usage.
Network Security: The Network Security policy lays out the requirements in regards to securing computerbased resources (including hardware, software, and information) by explaining important concepts with the goal of having employees understand their computer security needs and responsibilities.
Remote Access and Teleworking: The purpose of Remote Access/Teleworking policy is to provide requirements for remote access connectivity into your organization’s Network.
Patch Management: The purpose of the Patch Management policy is to outline the requirements, expectations, and responsibilities regarding patch management throughout your organization. IT specifying what those with responsibilities for IT hardware and software need to do to ensure their assigned materials are kept up to date.
Physical Security and Environmental Protection: The purpose of the Physical Security & Environmental Protection policy is to outline the requirements, expectations, and responsibilities regarding the Physical Security and Environment Protection Process within your organization.
Risk Management: This policy describes your organizations risk management principles and expectations applicable to all types of risk in all activities undertaken by or on behalf of your organization. IT also outlines roles and responsibilities for the Chief Executive Officer (CEO), the Chief Risk Officer (CRO), and all employees and consultants.
Security Awareness and Training: The purpose of the Security Awareness & Training policy is to outline the security measures required to protect electronic information systems and related equipment from unauthorized use.
Supplier Relationship: The purpose of Supplier Relationship policy is a set of principles, processes, and tools that can assist your organization to maximize relationship value with suppliers and minimize risk and management of overhead through the entire supplier relationship life cycle.
System Acquisition, Development and Maintenance: You must ensure all information system projects are authorized and tested prior to implementation. This policy provides direction and support for managing the acquisition, development, and maintenance of your systems.
Technical Vulnerability Management and Mitigation: You must ensure your systems and networks remain secure and are properly protected against known security vulnerabilities and weaknesses. Network vulnerability scanning is an automated process for you to proactively identify security vulnerabilities within the network architecture to assist in determining if the security vulnerabilities can be exploited and/or pose a potential threat to your organization.
Virus and Malware Protection: The purpose of the Virus Malware policy is to describe the virus and malware protection requirements.]
SECURITY TRAINING with SkOUT BOOTCAMP™
SkOUT BOOTCAMP™ puts you in the room with some of our Expert Secure Intelligence Officers. The team will provide training for users and staff on maintaining a secure enterprise day to day. The session will take about 1-2 hours and will include a presentation and interactive exercises. The Session includes real life case studies and knowledge shares for an understanding of the business value of security best practices, FAQ’s, common threats and education on the emerging threat landscape. The security training can be tailored for specific audiences and be delivered in person or through the web.