Security risks to your IT infrastructure, end-user devices and business data are increasing every day. Traditional methods that rely on simply installing software for detection and blocking at the perimeter are no longer adequate. It's time for a new security model that accepts the guaranteed threat of attack and focuses on a way to address it. You need to start thinking of security in a holistic way that will allow you to continue business while addressing security breaches.

Consider the following approach when putting together a security plan:

  • Reduce - you need comprehensive awareness and visibility of what's on the extended network in order to implement policies and controls to defend it.  This will enable you to reduce the amount of threats your environment will encounter.
  • Survive - Once an intrusion is accomplished, you need to be able to continuously detect malware and block its intent. At the same time, you need to be able to start the restore process if you can't access your systems or data.  Having a plan to do this will help you survive an attack.
  • Examine -  You need to lower the impact of an attack by identifying points of entry, determining the scope, containing the threat, eliminating the risk of re-infection, and remediating. This post examination helps prepare you for future events.

Challenges:

There are many reasons to rethink your security strategy.  Starting with how are you going to design it, how are you going to manage it, how are you going to fund it and how are you going to keep it up to date.  Below are a few common challenges business faces when it comes to security.

  • Controlling end-user devices and exposure to outside networks
  • Network segmentation
  • End-user education
  • Content control within the work environment
  • Controlling treats exposed through email
  • Security response protocols
  • Outdated firewalls
  • Securing branch locations and home offices
  • Finding IT staff with security skills and certifications
  • Securing cloud environments]

Offerings:

End-point Security Management:

  • Malware protection including anti-virus
  • Vulnerability patch management
  • Access control
  • Web control - (where you can/can't go on the web)
  • Encryption
  • Back-up strategy/methodology/auditing/testing (do you have it and does it work)
  • Firewall
  • Email
  • Event Resolution/remediation - this is an add-on service available to customers who are utilizing SRC's Security Management services.

End-User Training and Phishing

Our awareness program, offered as a service, provides web-based training along with frequent simulated phishing attacks that work.

  • Baseline Testing - we provide baseline testing to assess the phish-prone percentage of your users through a simulated phishing attack.
  • Train Your Users - Partnering with KnowBe4, you will have access to the world's largest library of security awareness training content. This includes interactive modules, videos, games, posters, and newsletters. Training is automated with scheduled reminder emails.
  • Phish Your Users - We provide best-in-class, fully automated simulated phishing attacks, as well as hundreds of templates with unlimited usage.
  • See Results - Enterprise-strength reporting shows the stats and graphs from both training and phishing. Reports are ready to share with management and quickly will show a return on investment.

Windows Patch Management

Patching Windows servers is a critical part of maintaining your IT environment. Unfortunately, it is often overlooked or completed without the proper management to make sure it is done right. We have seen first-hand the impact this basic maintenance task can have if left undone. Our Windows Patch Management service includes the following:

  • All software licensing
  • Management and maintenance of patching software
  • Application of all OS recommended patches monthly
  • Review patches to identify any patches that should not be applied
  • Apply critical security patches as necessary outside of regular patch cycle
  • Patch validation after each patch cycle
  • Schedules, including reboot scenarios, built to minimize downtime
  • Central download points used to conserve bandwidth
  • Servers grouped based on locations, security, or policy requirement
  • Monitor and maintain patch compliance
  • Scheduled off-hours monthly maintenance window
  • Device-level patching configuration
  • Monthly patching status report

Why SRC:

For organizations looking to improve their data security, SRC Technologies can help by taking on the day-to-day management of securing your technology endpoints. There are many things to consider when attempting to secure your IT environment.  Our security engineers are ready to apply their vast knowledge to help give you peace of mind.