Services and Products

The Services

BlueTeamAssess speaks WISP (Written Information Security Program).  Let us review your business and regulatory requirements and provide the necessary services and solutions to create a WISP that is sustainable for your business in a practical and affordable way. We offer a number of services useful in supporting your Security Program.

Security Health Check – Review technology and governance environment.  Use commercial scanning tools to identify network assets and state of configuration/security readiness.  Use commercial scanning tools to identify presence of ePHI, cardholder data, or other personally identifiable information (PII) on servers, PCs and mobile devices attached to the network.  Provide consultative time to interpret scanning results and identify any significant issues.

Incident Response Review – Review current incident response policy and procedure.  Review roles of Business Associates and other appropriate third-party service deliverers and any functional deliverables (e.g. medical service coding, medical billing, credit card processors) and identify incident response integration gaps

Policy and procedure review, development and consult – Review existing customer-identified policy and associated standards and procedures against different State and Federal requirements and best practices for the customer business.    Work with customer to develop required policies and associated standards and procedures to address customer-identified gap in governance.  Deliverables include initial drafts, customer review and any required modification, and final drafts or documents. 

Audit response and remediation consulting – Consult with customer to review findings from audit or other risk or vulnerability assessment conducted by internal organization or external third party.  Develop work plan for remediating findings and assist in creating any tickets necessary for tracking progress on remediation.  Where gaps exist in infrastructure to remediate findings, research feasible solutions in marketplace and recommend solutions to customers based on suitability to customer environment and effectiveness in remediating finding.

Business Associate or third-party service deliverer review and compliance consulting – Assist customer in reviewing Business Associates or other third-party service deliverer for DFARS, HIPAA, PCI or FFIEC compliance.  Activities can include review of findings from Business Associates or third-party service deliverer assessments or audits as well as direct investigation and assessment.

Vulnerability assessment – Use standard technology tools to scan or test in-scope assets in a non-intrusive manner for vulnerabilities.  Discovered vulnerabilities will not be exploited, but customer will be told whether exploit exists in the wild.  Provide customer with a risk ranked assessment that provides CVSS ratings where available and computed ratings where CVSS scores are not available.  The assessment will also identify whether published CVEs exist and whether an exploit is known to exist in the wild. 

Risk assessment — Conduct asset-based risk assessment for enterprise.  Assessment will include document review of all governance and architectural documentation including system and device configurations, event logs where available over the past 90 days (preferably 180 days), policies, standards and procedures, and vulnerability scanning of all information assets.  Assessor will interview at least one key technical and one key management resource for access control, network security, database management/ administration, system management for each server class and class of virtual environment, information security (if different from network security), and network administration/ management.  Deliverables will include executive summary, risk assessment on an asset class basis, findings ranked by security risk and potential impact to the business and a recommended remediation plan.

Security architectural/engineering services – provide support to customers in the deployment, configuration and/or administration of one or more of the following services:

  • Network security architecture—Review existing deployments of network and application firewalls, IDS/IPS, content filtering, antivirus, wireless and other network security services.  Evaluate architecture for potential exposure to external and internal attacks including APT like attacks and advanced evasion techniques.  If required, develop tactical plan to close perceived gaps.
  •  Access control – Using directory services such as AD or LDAP, Radius, and similar technologies.  Access control will look at servers and workstations, mobile devices, and employee owned devices allowed onto the network through direct attachment or VPN technologies such as IPSEC or SSL, if required, develop tactical plan to close perceived gaps.
  • Logging and monitoring – Review existing Security Information and Event Monitoring (SIEM) capabilities and practices within the organization.  Based on existing asset inventory, identify classes of event sources and capability of organization to collect and correlate logs from technology assets in the network to identify threats, vulnerabilities and potential attacks.  Assess organizational capacity to use logs to perform incident response and forensic analysis in the event of an identified attack from external or internal sources.
  • Configuration and Deployment assistance (systems assurance) – Assist customer by working with manufacturer or systems integrator to ensure purchased security device is configured and deployed to meet applicable regulatory requirements, customer requirements, and industry best practices.

Security Awareness Training – provide a customized course that combines custom content drawn and developed from actual use cases in the customer files and logs that will resonate with employees.  The service includes a pre-test and post-test to rate the effectiveness of the experience and can include phishing tests using carefully crafted email intended to hide in the normal traffic of the company.  Experience has shown that the value of this approach, particularly in the area of email security, has succeeded in motivating non-technical staff to not only recognize potential malware and phishing attacks but be able to instruct junior members of the organization in recognizing those attempts as well.

The Products

BlueTeamAssess LLC has reviewed the technology and solutions in the marketplace for their suitability for SMBs to complement the services described above.  The products offered at this time are the following:

  • Microsoft 365 – a subscription-based solution that provides a complete, intelligent solution, including Office 365, Windows 10, and Enterprise Mobility + Security, that empowers everyone to be creative and work together, securely.  This solution includes Office software, hosted email, advanced threat protection for email and digital rights management for sensitive communications and documents.
  • SkyKick – a subscription-based cloud backup solution using Microsoft Azure infrastructure that addresses challenges faced when moving from a premise based to a hosted exchange email solution and provides backup and archiving solutions for documents and email produced, sent and received in the Microsoft cloud environment.
  • Datto – A BCP/DR tool that provides on premises backup with cloud-based archiving to provide a secure, resilient backup solution for data and files produced in the office environment.
  • Malwarebytes – A premier malware detection and removal tool used to deep dive into the inner workings of your office PCs and Macs.  Malwarebytes for business offers industry leading endpoint  protection and response and will provide real remediation and ransomware rollback.
  • ManageEngine Office365 Manager Plus – a monitoring and configuration management tool that lessens the challenge of some areas of administration in the Microsoft 365 environment to meet certain areas of compliance and generate regular management reports.
  • SAINT Security Suite – A vulnerability assessment and penetration testing tool suite that can be used for internal testing and assessments, vulnerability management and meeting certain areas of compliance.  The SAINT offering can be configured to offer PCI-DSS quarterly scans that require certification by an approved scanning vendor.
  • EventTracker – a co-managed SIEM solution that offers 24/7 monitoring and alerting for SMBs.  This SIEM solution can also ingest findings from scans generated through the SAINT Security Scanner.
  • NeQter Labs Compliance Engine – A one box solution for SMBs that enables them to develop a compliance program including a written information security program that meets the DFARs requirements of NIST SP 800-171 and NIST SP 800-53.
  • Hook Security – Interactive phishing simulations to produce a customized offering for its customers that combines custom content and generic content to produce a phishing education program that resonates with customer employees. 
  • Dmarcian – Helps set your domain up to prevent others from spoofing your domain through email. Provides monitoring of outgoing email so that you have a first hand view of your outgoing email and whether the protections you have in place through SPF, DKIM and DMARC are working.
Proudly powered by WordPress