Lean Security Reviews

Finding opportunities for you to better use the security measures you already have, so you can be more secure and save money for the projects that matter.

Becoming 100% secure is impossible. That said, it is possible to identify and resolve common problems so the average attacker is encouraged to focus on easier targets. With a Lean Security Review conducted by one of our experienced security consultants, your company will receive a personalized document that provides practical, smart recommendations to combat common and industry-specific security issues.

If you qualify, the security review is completely free and in no way signs you up for a future engagement. If you think we can help you further … fantastic. If not, we are satisfied in learning about how your business works and in your learning about yours. We are happy knowing our advice may save you from a future compromise. The fact is we are all in this fight together. If our free review can help you ward off attacks, we all get one step closer to winning.

Request your personalized Lean Security Review today!

To provide reasonable coverage in a limited amount of time, our review covers six different threat vectors

Network Threats are those that are commonly envisioned when thinking about information security. These threats typically come from the Internet or other untrusted networks and are addressed through control of your network traffic.

Web Attacks are much like network threats, but are “pulled” by your own people, rather than “pushed” by attackers.  Web Attacks must be accessed, typically through a web browser. Web Attacks often require tricking one of your employees in order to be successful. In today’s online community, social media has become a prime target.

Malware is a short-hand term for “malicious software.” This threat is often given names like “virus,” “worm,” “trojan,” “spyware,” “adware,” or “bot,” but the technical details distinguishing these from one another are less important than the impact they can have upon your business … which can be extreme and directly focused on your bottom line.

Application Control and Patch Management refers to how you manage the growing number and versions of applications on your network. Application control issues range from the simple, like removing unneeded applications, to the complex, like defining ongoing patch and version requirements needed to manage the software and hardware on your network.

Data Loss events are those that keep many owners awake at night. The data on your systems is typically a combination of sensitive internal information and custodial information, being stored on behalf of your clients and customers. If you lose control over this information, your competitors can gain advantage or your customers can leave. In worst case scenarios, there can also be hefty fines from regulatory bodies.

Trust is necessary in all organizations. However, it can be abused. It is important to identify where your trust relationships exist and what could happen if they are taken advantage of. This allows you to define a detection and response process and minimize the cost of a breach of trust.


What you can expect

Interview – First, we need to meet, either in person or via the phone. This process seldom takes more than an hour. Having performed several hundred consultations, we have developed a specific set of questions that help us understand your company and identify potential security issues.

Analysis – Next, we analyze your interview data against the six threat vectors and identify the strength of your organization’s defense.

Strategy – Finally, we create a strategy document that details ways by which you can boost your lines of defense. We take into account issues specific to your industry, such as HIPAA and PCI compliance concerns, as well as issues related to your corporate structure. Small and large businesses often require different security postures due to differences in terms of threats and resources. The end result is a document tuned to your needs that is packed with detailed information about potential security vulnerabilities, compliance issues and specific advice on how to address these security concerns.