Cyber Security

With an understanding of your organization’s risks and vulnerabilities, our team crafts a customized cyber security protection strategy for your business.

Incorporating industry best practices, the needs of your business and the architecture of your information technology infrastructure, we help you select and deploy a range of tools that keep your systems running efficiently while offering the level of protection you need to withstand an attack.

Or leading-edge protection measures include:

• Security Information and Event Management (SIEM)
• Firewalls
• Intrusion Prevention Systems (IPS)
• Multi-Factor Authentication
• End Point
• Web Application Firewalls (WAF)
• Switching
• Content Filtering (Web)
• Email Control
• Switches
• Artificial Intelligence (AI)

Solutions

If you choose to integrate your cyber security defenses with internal resources, our solutions team can work with your information technology staff to review your organization’s technology architecture and help you select a range of solutions to protect you from potential threats.

We will provide knowledge transfer to your team to operate this new security infrastructure and prepare you for any number of scenarios which are likely to occur over the near and long term.

Managed Services

Our Security Operations Center is also prepared to manage your cyber security investments for you.

We proactively monitor cyber security threats and provide alerts about attempted attacks, new vulnerabilities and the steps we’re taking to address these issues. We also address incidents as they arise and evolve your security portfolio to keep up with emerging trends; keeping your business safe and keeping you on the leading edge of cyber protection.

Understanding your risk profile and ensuring adequate defensive controls are the foundation of your cyber security strategy. But you needn’t wait until a real attack occurs to ensure these measures work.

To understand the effectiveness of your cyber security, we employ a combination of penetration testing and social-engineering tactics to breach your systems while your team attempts to monitor, identify and contain the active threat.

Penetration Testing and Vulnerability Assessments:

By using controlled automated and manual testing practices in real world conditions, our Red Team tests your organization’s cyber security resiliency by first identifying and then exploiting your vulnerabilities.

We can test web applications, web application programming interfaces (APIs), internal or external networks, mobile applications and mobile devices. Additionally, we also specialize in supervisory control and data acquisition (SCADA) and industrial control system (ICS) security.

Following the test, we document our findings in detailed reports, eliminating false positives while providing business context and detailed remediation recommendations.

Social Engineering:

Using known tactics often employed by criminals such as phishing emails, USB keys loaded with malware, physical access (such as someone posing as a new employee, repair person or researcher) and unsecured wireless connections, we do everything we can to gain access to your most valuable data.

Combining a broad range of potential scenarios and using them to highlight the areas where your organization’s cybersecurity posture is most vulnerable, we can pinpoint where you are most likely to face an attack and work with you to close those gaps.

Assuming someone will try to breach your systems and preparing for the likelihood they will succeed are necessary steps to ensure your business survives an incident with minimal financial and reputational damage.

Our Cyber Incident response team can help your organization prepare for security incidents. We work with you to create a crisis management plan and provide rapid response services in the event your systems are compromised.

Cyber Security Incident Response Plan

We help you build a crisis management plan which outlines the immediate steps you should take once you’re alerted to a security incident.

Your plan should include the actions required to identify and contain the threat, your disclosure obligations to ensure you maintain legal and regulatory compliance and a communications strategy to manage media and stakeholder concerns. Like a fire drill, this plan should be practiced and simulated frequently so your organization is well prepared to put it in action effectively and at a moment’s notice.

Incident Response Team

In the event your systems come under attack, our team is available 24 hours per day to assist you.

Our first goal is to determine whether a legal breach coach is required. We then focus on containing the threat, patching your systems, gathering forensic information (if needed) and preventing further damage.

We will then work with your team to restore services and manage any additional fallout from the breach – including the assistance of legal and public relations professionals (if not already involved) who will mitigate any potential reputational or financial damages that could result from the breach.

If your organization handles payment information – such as credit or debit cards – or stores any personal information such as medical records, your systems will require compliance with several different regulatory standards.

Our team has a thorough understanding of these standards and of the security controls you require to qualify. We are also well versed in the ins-and-outs of how to achieve, maintain and demonstrate that compliance.

We can assist you with:

• Payment Card Industry Standard (PCI)
• Interac Annual Compliance Program
• International Standardization Organization (ISO) 27001 and 27002
• Service Organization Controls (SOC) 1 and 2
• Personal Information Protection and Electronic Documents Act (PIPEDA)