Security

Security in Depth

Whether you call it “information security” or “cyber security”, Conversant Group understands it is more than a techno buzz-word: it’s the reality of doing business in the modern, interconnected era.  Whether you’re struggling finding qualified security experts or just overwhelmed with security questions from clients and auditors, we’re here to serve as your virtual aid.

3
“The bad guys never sleep.  Neither do we.”
Let us support your security program – standing in the gap between your critical assets and those who threaten them – with our managed, cloud-hosted, next-generation SEIM solution:

Layered Security

Perimeter

1:

The Perimeter is about protecting your internet/external facing services-your firewalls, Intrusion Protection System (IPS), threat intelligence services, remote connection technologies such as VPN, and any other services in your DMZ.

Layered Security

Physical Security

2:

There is no cyber security without physical security. It's important that you cover your bases with basic physical security before addressing the issue of cyber threat. Here we look at everything from access cards to biometrics, power management, fire suppression, and security guards to protect your assets.

Layered Security

Network

3:

How your network is constructed has a tremendous impact on what can be done to ensure its security. This layer includes segmentation strategies, 802.1x Network Access Control (NAC) technologies, certificate management, encryption-in-motion, and even your wireless infrastructure.

Layered Security

Logical Access Control

4:

Logical Access Control covers how you manage, authorize, and provide for your users throughout your environment. Key principles are Role-Based Access Control (RBAC), Privileged Access Management (PAM), and Two-Factor Authentication (2FA).

Layered Security

Endpoint

5:

The intersection of the user and the computing device puts a lot of focus on endpoint security. Here we span traditional technologies like Anti-Virus (pattern-based and next-gen), Data Execution Protection (DEP), encryption, and secure configurations. However, it also includes enterprise-level functions like asset, change, & configuration management, as well as patching.

Layered Security

Monitoring and Incident Response (IR)

6:

This layer encompasses what people usually think about in regard to cyber security: Security Event and Incident Management (SEIM) systems, log management, incident response, and forensics.

Layered Security

Security Strategy

7:

All IT cyber security exists to support business goals. But at the end of the day, effective security must be a program, not a project. In this layer, we cover strategic planning (including budget and staffing), metrics, policies, as well as vendor & contract management.

Layered Security

Data Protection

8:

The central focus of cyber security is to protect data-- this essential layer covers key strategies to support that end. Key concepts include encryption technologies, Data Loss Protection (DLP), Disaster Recovery, and even documentation of data repositories and flows.

Layered Security

Risk Management

9:

The business side of cyber security is about risk management, so like the stem it runs through all layers. This layer covers core concepts like conducting Risk Assessments, the development of a Risk Register and resulting Mitigation Plans. However, it also includes Vulnerability Scanning and Maturity Models.

Layered Security

Users

10:

Users are commonly considered information security’s Achilles heel. However, we believe that through Awareness Training, Specialized Training, and Continuous Testing, the enterprise can ENABLE the user to be the cornerstone of your security program. The key to this philosophy is rewarding users for good behavior rather than just penalizing them for mistakes.

Perimeter

Physical

Network

Logical Access
Control

Endpoint

Monitoring & IR

Security Strategy

Data Protection

Risk Management

Users

Virtual Chief
Information Security Officer

The guidance and leadership of a veteran CISO is the lynch-pin of a security program. Our vCISO offers you the ability to benefit from the decades of experience and knowledge of our CISO without having to fund an additional executive member.

Risk Assessments

As a business leader, you make decisions about risk every day: which project to tackle first, how to address your next case, what partnership you enter, and even how you spend your budget.  Your ability to secure your network is solely based on your ability to manage risk.

Evaluate the effectiveness of
your information security controls

Organize and simplify your responses
for client security requirements

Quantify and control your risks; identify
your firm’s risk tolerance and residual risk

Overwhelmed with
requests for security
documentation ?
If you do not have the expertise to setup a risk management program, let us help. Our experienced and certified work force can evaluate the existence and effectiveness of your security controls. We can even help you communicate those needs up the chain to enable (and fund) real, sustainable change.

Penetration Testing

Test your network from the perspective of an attacker. Our ethical hacking team approaches your network with varying levels of privileged information to impersonate anything from an insider threat to an external attacker. Gain insight on exploitable vulnerabilities within your network.

Vulnerability Scanning
Through the use of automated and manual techniques, our experts check your networked devices for thousands of known vulnerabilities and misconfigurations. Get a wholistic, detailed understanding of the security posture of your devices.
Incident Response
In the case of a cyber security incident, you need the right skills to get your organization back to normal operations as quickly as possible. Our experts offer both strategic and technical expertise to help your firm recover from cyber security incidents.
User Awareness Testing
The end user is both your most important security control and your most vulnerable target. Our engaging and interactive training and tools provide the ability to empower your users to properly use and secure your network.

get more
information
about
security

download PDF
downloads page

Other Services:

Executive Consulting

Assessments

Infrastructure

contact us