Evaluates external network presence by executing continuous scans of public, static IPs for accessible services and vulnerabilities. This service provides weekly vulnerability reports and ad-hoc alerts.
Provides an opportunity for determining the potential susceptibility of personnel to phishing attacks. This is a practical exercise intended to support and measure the effectiveness of security awareness training.
In order to create the SOC-CM (Capability & Maturity) model, first extensive literature was studied, then used on 16 organizations - for uncovering how the theory and practise functioned in production-SOCs. This information was used to create the SOC-Capability & Maturity framework covering 5 domains and 25 aspects or elements shown below.
In blue, the domains ‘business’, ‘people’ and ‘process’, indicates that only maturity is evaluated. The purple domains ‘technology’ and ‘services’ indicate that both capability and maturity is evaluated.
A Risk and Vulnerability Assessment (RVA) collects data through onsite assessments and combines it with national threat and vulnerability information in order to provide an organization with actionable remediation recommendations prioritized by risk. This assessment is designed to identify vulnerabilities that adversaries could potentially exploit to compromise network security controls. Methodologies that a Risk and Vulnerability Assessment may incorporate include the following:
- Scenario-based network penetration testing
- Web application testing
- Social engineering testing
- Wireless testing
- Configuration reviews of servers and databases
- Detection and response capability evaluation
After completing the Risk and Vulnerability Assessment, NEANCO produce and present a report that includes business executive recommendations, specific findings and potential mitigations, as well as technical attack path details. An optional debrief presentation summarizing preliminary findings and observations is also available.
The Cyber Resilience Assessment (CRA) evaluates an organization’s operational resilience and cybersecurity practices. This assessment is derived from the CERT Resilience Management Model (CERT-RMM), a process improvement model developed by Carnegie Mellon University’s Software Engineering Institute for managing operational resilience. The Cyber Resilience Review evaluates the organization’s capacities and capabilities in performing, planning, managing, measuring, and defining cybersecurity resiliency across these domains:
The Cyber Resilience Assessment will provide an organization with a more robust awareness of its cybersecurity posture by providing and facilitating the following:
- Improved enterprise-wide awareness of the need for effective cybersecurity management.
- A review of capabilities essential to the continuity of critical services during operational challenges and crisis.
- Integrated peer performance comparisons for each of the 10 domains covered in the assessment.
- A comprehensive final report that includes options for improvement.
An External Dependencies Assessment (EDA) evaluates an organization’s management of external dependencies. This assessment focuses on the relationship between an organization’s high-value services and assets—such as people, technology, facilities, and information. It evaluates how the organization manages risks derived from its use of the Information and Communications Technology supply chain when performing its services. The EDA evaluates the maturity and capacity of an organization’s external dependencies & risk management across three areas:
An EDA will provide an organization with an informed understanding of its ability to respond to external dependency risks by providing and facilitating a) an opportunity for internal discussion of vendor-related issues and the organization's reliance upon external entities in order to provide services, b) improvement options for consideration derived from recognized standards and best practices and c) a comprehensive report on the organization's third-party risk management practices and capabilities that includes peer performance comparisons.
Cyber Infrastructure Assessment
A Cyber Infrastructure Assessment (CIA) evaluate the effectiveness of organizational security controls, cybersecurity preparedness, and the overall resilience of an organization’s cybersecurity ecosystem. This survey provides a service-based view opposed to a programmatic view of cybersecurity. An organization’s critical services are assessed against more than 80 cybersecurity controls (NIST and CIS20) grouped into the following high-level domains:
After completing the survey, the organization will receive a user-friendly dashboard to review the results and findings of the survey. Completing the Cyber Infrastructure Survey will provide an organization with the following:
- Effective assessment of critical service cybersecurity controls.
- Interactive dashboard to support cybersecurity planning and resource allocation.
- Peer performance data visually depicted on the dashboard.
Simulates the tactics and techniques of real-world adversaries to identify and validate exploitable pathways. This service is ideal for testing perimeter defenses, the security of externally-available applications, and the potential for exploitation of open source information.
Evaluates known and discovered publicly-accessible websites for potential bugs and weak configuration to provide recommendations for mitigating web application security risks.
Cyber Security Evaluation Tool (program)
NEANCO helps install and configure the Cyber Security Evaluation Tool, which is a stand-alone desktop application that help asset owners and operators through a systematic process of evaluating Operational Technology and Information Technology. After completing the evaluation, we help the organization analyze the reports that present the assessment results in both a summarized and detailed manner. The organization will be able to manipulate and filter content in order to analyze findings with varying degrees of granularity.
Validated Architecture Design Review (VADR)
A Validated Architecture Design Review (VADR) evaluates your systems, networks, and security services to determine if they are designed, built, and operated in a reliable and resilient manner. VADRs are based on standards, guidelines, and best practices and are designed for Operational Technology (OT) and Information Technology (IT) environments. A VADR includes:
Discover more NEANCO cybersecurity services contacting us. We have a broad services catalog - and if we don't have it - we have partners that can step in. NEANCO offer you an - all in one place. A call or a few clicks can point you in the right direction of the applicable services.
Providing an essential and significant contribution to your business success - through bold ideas, Point of View's and efficient solutions - is our sole purpose. We challenge, and provide recommendations in order to evolve and mature your business operation.
The approch for collecting the necessary insight requires experience, best practice, preparation, solid project leadership and hard work. We challenges our selves daily, as well. Time is of essense in several of the engagements and assignments we take.
Having experience from solutions in literaly all domain areas - from business critical applications - like ERP, CRM, HR, BI to the full range of security solutions vendors - we can most likely provide specific and holistic end-to-end recommendations to most business concerns.