The Legal CyberSecurity Security Stack

Our Offered Desktop/Server/Laptop Security Stack (Changes may be made as new threats are realized):

1. Datto/Autotask RMM – Remote management and monitoring of devices. The RMM allows for direct support take over and/or activity to keep computers running efficiently and safely. The RMM tool can be used by authorized users of our clients to remotely access computers from the road with other devices in a more secure way.
This software also allows for remote access to address security events immediately via remote takeover, scripting tools, or remote launched infection removal tools. 

2. Webroot or SentinelOne Anti-Virus – Both are known as Enterprise-Class anti-Viral (AV) products. Managed and deployed by us so it’s always up to date and helps prevent infections and provides remediation if something does sneak through the other layers.
Both provide a small footprint unlike many of the consumer-grade AVs like AVG, Avast, Norton, MacAfee, etc… Enterprise-class takes advantage of cloud-based definition files and advanced heuristics to better and more quickly address emerging security threats.

3. ThreatLocker – Application, storage, and privilege control with ringfencing. You need more than an Anti-Virus (AV). AVs are generally good for reducing/correcting infections that are already on the machine. ThreatLocker works to prevent them from ever getting on the machine in the first place. Instead of treating the symptoms of an infection, ThreatLocker allows us to prevent the infection in the first place.

• Application Control – Only users authorized can run applications. This process limits applications and users to only installing things they are authorized to do, controlling who does updates, who is allowed to change configuration files. These processes go one step further than the built-in controls from within most software.
• Ringfencing – This is a process that makes sure applications stay in their lane (i.e. only do what they were designed to do, Word for editing documents, Excel for working with spreadsheets, etc.). This sets policies and limits for what applications can do, and ONLY what they are meant to do. This helps protect against hackers using Office file macros to launch their attacks and download their code. Also prevents other software from executing programs used to deploy ransomware and keyloggers on your network.
• Privilege – All users run as standard users which eliminates the local administrative rights (Thus preventing application and users from installing software, hacks, and running files without the right permissions). On a case-by-case basis or for some software like QuickBooks. Admin rights can be given for that application alone so the user can do what is needed but is restricted from installing or changing other software unless previously approved. Whenever new software is needed, we are prompted to allow and raise the privilege needed.
• Storage Controls - Provides an authentication and approval step for installing new software that has not been previous approved. Storage control prevents the BYOD that are not running ThreatLocker from accessing network files and programs. This prevents unpatched or insecure laptops and devices from accessing business data unless fully secured. Storage control also addresses network shares and program access to help prevent internal compromise that goes beyond access controls found in Windows shares.

4. Breach Secure Now  - Security Training, Dark Web Scanning/Monitoring, Policies, and Compliance.
Have a complete security solution by adding training, monitoring of breached materials, and rock solid security policies. Instead of writing your own use legally reviewed and detailed documentation to protect you and your data. Professional training and weekly micro-training that takes 2-3 minutes will keep you and your employees fully aware of the current security threats and how to avoid them.
Our package also includes regular phishing simulations and attacks to test training and help prevent bad habits by employees.

Optional Add-ons. 

8. Blackpoint Cyber/NovaSoc – Both provide a 24x7x365 SOC (Security Operations Center) to customers through a partnership with us. They provide direct security monitoring of the entire network and computer activities watching for security issues and behaviors. When rogue behaviors are detected, immediate action is taken to remedy the issue or disable the affected device so the infection cannot spread through the network further.
The SOC service is really the last line of defense when an infection has gotten past the initial layers. To have fully compliant SEC, HIPPA, and other regulatory compliance, deploying a SOC is a suggested step. Our partners in this specialize in only providing Security response so they are centered on providing something that used to be limited to very large corporations.
We encourage all our customers with more than 5 computers to seriously consider using this service. Those under 5 in special cases will be appropriate and will be considered on a case-by-case basis.

10. HIPPA, SOC, etc… Compliance Training and Controls – Add on for offices that have governmental requirements to protect health and customer data. If you have a need to improve your compliance training and documentation we could very well be able to help at an affordable level. 
This is an add-on and extension of the previously mentioned Breach Secure Now.

For offices using the Full Mircosoft or Google Office Suites we can provide further phishing and email security with:

ProofPoint Essentials Pro – ProofPoint protects email from phishing attacks, virus attachments, rogue links and emailed virus exploits (where a virus uses your email client to send viruses to others). Also included is Email backup and archiving of up to 10 years of emails. This software also provides an emergency inbox for continuity.

IronScales Core - IronScales includes IronTraps, an automated email phishing protection, detection, and incident response module that eliminates the need for highly trained security analysts to manually deal with every email phishing threat while reducing the time from phishing detection to remediation from weeks or months to just seconds.