John Whitcraft – Owner
They are like an insurance policy for me, I know that if I'm down, I'm going to have the best technical people in town to help me get up and going if that is what we need. And so, to me it is worth every penny that we spend to make sure that happens.
Security Posture Assessment
Sometimes a second set of eyes (or in our case, a team of eyes) is the best way to get the overall picture, and our Security Posture Assessment is perfect for that. Intended to be a “deep-dive” into the security-related elements of your network, it begins with a discovery of your computing assets and uses both manual and automated methods. We execute a vulnerability assessment, taking into account a variety of risk categories, conduct interviews to provide us with sufﬁcient information to complete a qualitative risk assessment, assess the existing security policies and see how the current configurations of your security controls are set to gauge how effectively they are enforcing the restrictions prescribed by the security policy.
We provide a written account of our ﬁndings and recommendations from this assessment, and work with you to determine the best course of action for your organization. This gives you a thorough audit of your network security, and creates an action plan to address any vulnerabilities. Of course, we can help address these concerns if you would prefer to focus on other projects within your organization – it’s up to you!
Security Policy Development
Having a strong, well-written security policy provides the framework for ensuring the security of your information assets. This document describes the security controls that govern an organization's systems, behavior and activities. At the highest level, a security policy does not specify technologies or particular solutions. Instead, it seeks to define a specific set of conditions to help protect a company's assets and its ability to conduct business. In essence, a security policy explicitly prescribes the need for the availability, integrity and/or confidentiality of the organization's computing and information assets, thereby validating the need for security controls.
Technical Control Implementation
Any number of technical controls can be deployed to help mitigate IT risk. With four Cisco Certified Experts (CCIE) on staff, and a team holding over 400 industry certifications, Symplexity has a host of seasoned consultants with the expertise to design and implement solutions for the following, just to name a few:
- Identity management, including BYOD
- Email security
- Next-Generation Firewall
- Network and Host Intrusion Prevention (IPS)
- Advanced Persistent Threat (APT) management
- Remote-access and site-to-site VPN connectivity
- Web 2.0 security
- Data Loss Prevention (DLP)
- Regulatory compliance (e.g., HIPAA and HITECH, PCI-DSS)
Penetration Testing and Social Engineering
Following the deployment of technical and/or administrative security controls, it's wise to regularly test their effectiveness. After all, how else can you be sure that they're doing what they're supposed to be doing? Symplexity has the resources to test these controls, as well as test password strength via staged brute-force attacks. Our penetration testing engagements are carefully scoped and scripted so that you can be sure your organization's controls are being fully engaged.
Symplexity can also assess the efficacy of your employees' security awareness. Working closely with your team, we can craft a phishing email campaign targeted at your employees. After launching the campaign, we'll provide a report that details who clicked what, as well as what information they provided. In short, this type of social engineering activity can quickly highlight those employees who may need security awareness training.
Let's Talk Strategy
We would love to learn more about your goals and help develop a technology plan for today and tomorrow.Request a Meeting →