Threat Management Services
Social engineering/Phishing/SMShing/Vishing/Spear Phishing: Assesses internal controls and how effectively an organization is mitigating the “human factor” as it relates to information security. Eide Bailly uses the same strategies that “malicious” attackers would use to gain confidential information from your organization to identify areas of improvement and opportunities for end user education.
Internal Vulnerability and Penetration Testing: Provides organizations with a thorough picture of their internal data networks, identifying weaknesses to the internal network configuration and 3rd Party applications that could allow unauthorized and/or unsuspected access to critical resources or the execution of unauthorized transactions on your internal network.
External Vulnerability and Penetration Testing: Provides organizations with a comprehensive view of their network as it appears from the Internet, identifying weaknesses in network configurations that could allow unauthorized and/or unsuspected access to the internal network from the Internet.
Web Application Penetration Testing: Utilizes web security testing methodology and standards defined by the Open Source Foundation for Application Security (OWASP) to evaluate the configuration and deployment of the online portal and key web applications being utilized. Wireless Security Testing: Assess your organization’s wireless footprint, attempt to find rogue access points, and assess the overall security of the wireless systems that are in place. Using this data, we will attempt to gain access to the organization’s network.
Sensitive Data Scan: Evaluates where sensitive information that is vulnerable to theft and misuse is stored in the organization’s endpoint environment and presents a significant financial risk to the organization. Examples of this sensitive data include credit card numbers, social security numbers and drivers license information.
Insider Threat Assessment: Assesses of technical controls, policies, and procedures to ensure proper logging, monitoring, investigation, and mitigation/response in the event that an insider threat attack occurs.
Endpoint Security Assessment: Comprehensively assess from the perspective of the end user that provides a configuration review of native and installed security controls to identify areas of improvement in configuration, monitoring, and tuning.
Network & Application Security Services
External Penetration Testing: Reviews the potential vulnerabilities that exist when trying to gain entry into your networks. This focus on outside factors will help expose weak areas that could be exploited by a cyberattack.
Internal Vulnerability Testing: Examines internal factors that will threaten security. We’ll evaluate your IT security from the inside, looking for ways internal employees can exploit your data.
Web Application Testing: Reviews your website and web applications for security and performance. This ensures they are not only functioning, but they’re also clear of any potential risk to your organization.
Incident Response Services
Incident Response Retainer: An organized approach to addressing the aftermath of a cyberattack by identifying, responding, and recovering from a cyber incident. Eide Bailly provides:
- Evidence Collection
- Digital Forensics
- Malware Analysis
- Technology Deployment
- Technical Remediation and recovery
Threat Hunting/Compromise Assessment: A proactive detection and examination of threats in your network environment as well as assess the security posture of environment by identifying threats in monitored infrastructure, evaluating the threat’s severity and prevalence, and providing a comprehensive report containing analysis.
Tabletop Exercise: A proactive and customized test, or series of tests, of an organization’s ability and readiness to respond to a cybersecurity incident, including:
- Identify deficiencies of the organization’s incident response knowledge
- Clarify roles and responsibilities during an incident
- Validate incident response plan and trainings
- Solicit feedback for program improvements
- Exercise the decision-making process when incidents occur
Incident Response Plan Review & Development: An Incident Response Plan is a tactical document representing organizational commitment to protect information assets. An IRP is one of the foundational documents of a comprehensive information security program.
Incident Response Preparedness Assessment and Ransomware Readiness Assessment: The assessment is designed to review the current Incident response program and provide recommendations on improvement. The outcome is a gap assessment of your Incident Response Program against Eide Bailly’s experience and industry standards and best practices.
Incident Response Playbook Development: An incident response playbook provides the organization with a set of scenario-based procedural guidance documents. These playbooks are built on past experience and alignment with industry standards and best practices.