Threat Management Services
Social engineering/Phishing/SMShing/Vishing/Spear Phishing: Assesses internal controls and how effectively an organization is mitigating the “human factor” as it relates to information security. Eide Bailly uses the same strategies that “malicious” attackers would use to gain confidential information from your organization to identify areas of improvement and opportunities for end user education.
Internal Vulnerability and Penetration Testing: Provides organizations with a thorough picture of their internal data networks, identifying weaknesses to the internal network configuration and 3rd Party applications that could allow unauthorized and/or unsuspected access to critical resources or the execution of unauthorized transactions on your internal network.
External Vulnerability and Penetration Testing: Provides organizations with a comprehensive view of their network as it appears from the Internet, identifying weaknesses in network configurations that could allow unauthorized and/or unsuspected access to the internal network from the Internet.
Web Application Penetration Testing: We utilize the web security testing methodology and standards defined by the Open Source Foundation for Application Security (OWASP) to evaluate the configuration and deployment of the online portal and key web applications being utilized. Wireless Security Testing: Assess your organization’s wireless footprint, attempt to find rogue access points, and assess the overall security of the wireless systems that are in place. Using this data, we will attempt to gain access to the organization’s network.
Sensitive Data Scan: Evaluate where sensitive information that is vulnerable to theft and misuse is stored in the organization’s endpoint environment and presents a significant financial risk to the organization. Examples of this sensitive data include credit card numbers, social security numbers and drivers license information.
Insider Threat Assessment: Assessment of technical controls, policies, and procedures to ensure proper logging, monitoring, investigation, and mitigation/response in the event that an insider threat attack occurs.
Endpoint Security Assessment: A comprehensive assessment from the perspective of the end user that provides a configuration review of native and installed security controls to identify areas of improvement in configuration, monitoring, and tuning.
Incident Response Services
Incident Response Retainer: Eide Bailly provides an organized approach to addressing the aftermath of a cyberattack by identifying, responding, and recovering from a cyber incident. Eide Bailly provides:
- Evidence Collection
- Digital Forensics
- Malware Analysis
- Technology Deployment
- Technical Remediation and recovery
Threat Hunting/Compromise Assessment: A proactive detection and examination of threats in your network environment as well as assess the security posture of environment by identifying threats in monitored infrastructure, evaluating the threat’s severity and prevalence, and providing a comprehensive report containing analysis.
Tabletop Exercise: A proactive and customized test, or series of tests, of an organization’s ability and readiness to respond to a cybersecurity incident, including:
- Identify deficiencies of the organization’s incident response knowledge
- Clarify roles and responsibilities during an incident
- Validate incident response plan and trainings
- Solicit feedback for program improvements
- Exercise the decision-making process when incidents occur
Incident Response Plan Review & Development: An Incident Response Plan is a tactical document representing organizational commitment to protect information assets. An IRP is one of the foundational documents of a comprehensive information security program.
Incident Response Preparedness Assessment and Ransomware Readiness Assessment: The assessment is designed to review the current Incident response program and provide recommendations on improvement. The outcome is a gap assessment of your Incident Response Program against Eide Bailly’s experience and industry standards and best practices.
Incident Response Playbook Development: An incident response playbook provides the organization with a set of scenario-based procedural guidance documents. These playbooks are built on past experience and alignment with industry standards and best practices.