Security in Depth
Whether you call it “information security” or “cyber security”, Conversant Group understands it is more than a techno buzz-word: it’s the reality of doing business in the modern, interconnected era. Whether you’re struggling finding qualified security experts or just overwhelmed with security questions from clients and auditors, we’re here to serve as your virtual aid.
The Perimeter is about protecting your internet/external facing services-your firewalls, Intrusion Protection System (IPS), threat intelligence services, remote connection technologies such as VPN, and any other services in your DMZ.
There is no cyber security without physical security. It's important that you cover your bases with basic physical security before addressing the issue of cyber threat. Here we look at everything from access cards to biometrics, power management, fire suppression, and security guards to protect your assets.
How your network is constructed has a tremendous impact on what can be done to ensure its security. This layer includes segmentation strategies, 802.1x Network Access Control (NAC) technologies, certificate management, encryption-in-motion, and even your wireless infrastructure.
Logical Access Control
Logical Access Control covers how you manage, authorize, and provide for your users throughout your environment. Key principles are Role-Based Access Control (RBAC), Privileged Access Management (PAM), and Two-Factor Authentication (2FA).
The intersection of the user and the computing device puts a lot of focus on endpoint security. Here we span traditional technologies like Anti-Virus (pattern-based and next-gen), Data Execution Protection (DEP), encryption, and secure configurations. However, it also includes enterprise-level functions like asset, change, & configuration management, as well as patching.
Monitoring and Incident Response (IR)
This layer encompasses what people usually think about in regard to cyber security: Security Event and Incident Management (SEIM) systems, log management, incident response, and forensics.
All IT cyber security exists to support business goals. But at the end of the day, effective security must be a program, not a project. In this layer, we cover strategic planning (including budget and staffing), metrics, policies, as well as vendor & contract management.
The central focus of cyber security is to protect data-- this essential layer covers key strategies to support that end. Key concepts include encryption technologies, Data Loss Protection (DLP), Disaster Recovery, and even documentation of data repositories and flows.
The business side of cyber security is about risk management, so like the stem it runs through all layers. This layer covers core concepts like conducting Risk Assessments, the development of a Risk Register and resulting Mitigation Plans. However, it also includes Vulnerability Scanning and Maturity Models.
Users are commonly considered information security’s Achilles heel. However, we believe that through Awareness Training, Specialized Training, and Continuous Testing, the enterprise can ENABLE the user to be the cornerstone of your security program. The key to this philosophy is rewarding users for good behavior rather than just penalizing them for mistakes.
Monitoring & IR
Information Security Officer
The guidance and leadership of a veteran CISO is the lynch-pin of a security program. Our vCISO offers you the ability to benefit from the decades of experience and knowledge of our CISO without having to fund an additional executive member.
As a business leader, you make decisions about risk every day: which project to tackle first, how to address your next case, what partnership you enter, and even how you spend your budget. Your ability to secure your network is solely based on your ability to manage risk.
your information security controls
Organize and simplify your responses
for client security requirements
Quantify and control your risks; identify
your firm’s risk tolerance and residual risk
requests for security
Test your network from the perspective of an attacker. Our ethical hacking team approaches your network with varying levels of privileged information to impersonate anything from an insider threat to an external attacker. Gain insight on exploitable vulnerabilities within your network.