GET A QUOTE
GET A QUOTE

Slide MSSP
MSSP2020-10-02T14:02:26+00:00

At Dark Rhino Security (DRS), we deliver expert cybersecurity services based on value innovation and the Six Sigma process to ensure quality, scalability, and rapid action. We provide consultancy and managed services, which address the primary facets of cybersecurity prevention, detection, and response. Unlike most companies, DRS takes a proactive approach to cybersecurity which heavily focuses on prevention (thus fixing problems before they occur), instead of reactive approach which relies on detection and response.

MSSP

Managed Security Services Provisioning offers unparalleled monitoring and management of devices and systems to equip companies with a solid cybersecurity posture.

We tailor our services to meet the unique needs of our clients, who range from very small businesses and early-stage startups to enterprises. As a managed security service provider (MSSP), response, and forensics firm of choice, we offer unparalleled monitoring and management of security devices and systems. Our comprehensive and affordable solutions provide 8 × 5 and 24/7 services, designed to equip companies of all sizes with a solid security posture. Our team of highly skilled experts specializes in:

  • Identity and Access Management

  • Identity Governance

  • Next-Generation Endpoint Protection

  • Security Information and Event Management

  • Data Loss Protection

  • Next-Generation Firewalls

  • Proactive Threat Hunting

  • Penetration Testing

  • Incident Prevention, Incident Isolation, and Response 

Need OKTA Consulting or managed services?

GET A QUOTE

MORE DETAILS

A solid Identity and Access Management (IAM) program is foundational to an effective cybersecurity strategy and reducing risks to organizations. If you want to deploy or upgrade an IAM program, enable work from home, or are just starting your cybersecurity journey, the DRS solution, based on Okta™, is simply the best value in the industry. Any other program or method of acquisition simply doesn’t compete.

DRS offers your users, external partners and customers secure access to numerous workplace technologies and infrastructure, with a particular focus on cloud-based environments.

How we do it:

  • Equip you with a Single Sign-on (SSO) and Multi-Factor Authentication (MFA) solution designed to serve as a secure and efficient method for your end users
  • Determine which type of multifactor and policies are best for your company, to reinforce your end user authentication flow
  • Automate lifecycle management through provisioning, deprovisioning, and licensing
  • Consolidate employee user identities and attributes across multiple AD Domains and external identities through the creation of a Universal Directory (UD)
  • Simplify IT with an all cloud based SSO and MFA solution with out of the box integrations to applications
  • Increase efficiency and reduce costs with self-service options such as secure password resets
  • Implement standards designed to pass company audits or compliance rulings
  • Serve as an IAM help desk for end users and provide on-going reporting and on-going maintenance of the IAM platform

Why is this so important?

Implementing IAM and associated best practices gives you a significant competitive advantage in several ways:

  • It allows companies to extend access to information systems across a variety of on-premise and mobile applications and SaaS tools without compromising security
  • It automates identity management and decreases the number of helpdesk calls to IT support teams regarding password resets and other time-consuming, costly tasks
  • It means greater user access control to reduce risks of internal and external breaches
  • At their core, IAM solutions are designed to make life easier. Their usefulness impacts everyone within an organization. Streamlining provisioning makes for much more efficient onboarding processes. The inefficiencies of a new hire having to wait for access, sometimes for days or weeks, can be eliminated. Accounts are created with predetermined access based on assigned roles. Managers don’t waste time requesting access or removing permissions from former employees. Ultimately, everyone promptly has the access they need, allowing everyone to work much faster

The DRS cloud-native Identity Governance solution based on SailPoint IdentityNow™ enables organizations to rigorously manage user access in a centralized fashion. It delimits who has access to what and offers a succinct overview of how data is being used. It surpasses audits requirements in most industries and equips you with the highest levels of compliance parameters on the market today. Our solution is deployed quickly and connects to any application, mainframe, cloud infrastructure and data source in your company’s environment.

How we do it:

  • automate the process of reviewing and reporting user access privileges so you can quickly plan, schedule and execute comprehensive campaigns to ensure all types of users have appropriate access to corporate resources in your organization
  • streamline onboarding and off-boarding processes with best practice configurations and workflows, by automatically linking users to the applications they need to perform their duties
  • empower companies with a self-service platform for requesting and approving access to applications, collection of entitlements within applications or application bundles called “roles”
  • offer users an intuitive, self-service experience for managing and resetting their own passwords from any location and on any device, on- or off-network, by leveraging industry best practices, such as sequential MFA
  • create a library of policies to expose conflicts of interest and help eliminate fraud by requiring more than one individual be involved in any high-risk or sensitive task
  • enforce critical risk and compliance controls by spanning policies across multiple systems and applications
  • extend identity governance capabilities by controlling access to sensitive data with DRS’ Data Governance practice. Provided as an extension to DRS’ Identity Governance platform, you can discover where sensitive data resides, apply appropriate access controls to improve security, mitigate compliance risks, and support greater efficiency across on-premise or cloud storage systems
  • connect to applications, mainframes, cloud infrastructure, and data sources from across a hybrid IT environment, utilizing different standards-based connectors to additional applications that leverage information exchange protocols such as REST, SCIM, JDBC, CSV and LDA
  • connect different Identity Providers and IAM platforms to our Identity Governance solution while enhancing the power of SSO and MFA with true user lifecycle management

Why is this so important?

The precarious balance of requests for more access with the need for secure processes is difficult to maintain. Thus, it’s crucial to develop strategies for managing and governing user access in an automated manner. A well-defined Identity Governance Administration (IGA) program is a critical piece of an organization’s security portfolio to support:

Regulatory Compliance

With regulations like the General Data Protection Regulation (GDPR), the Sarbanes-Oxley Act (SOX), and the Health Insurance Portability and Accountability Act (HIPAA) prioritizing and mandating data privacy, industries are focusing on access issues more than ever. Limiting and monitoring access is not only a crucial security measure, but also a standard requirement as it allows organizations to implement concrete compliance measures. An effective IGA solution makes periodic reviews and attestations of access business-friendly and comes with built-in reporting capabilities to meet relevant government and industry regulations and respond to audit requests.

Risk Management

IGA solutions are proactive, reducing the exposure of sensitive data by rigorously limiting and guarding access, thus minimizing risks. Firstly, they support the principle of least privilege, eliminating excess permissions and granting access to those who absolutely need it. Secondly, they rapidly terminate “orphaned” accounts, which are perfect targets for those looking to breach environments. Finally, IGA programs monitor for segregation of duty (SoD) violations. This critical risk management concept dictates that no single individual should complete a task, creating a built-in system of checks and balances.

Business Changes

Organizations grow and change continually, and an IGA solution makes the process more efficient and less risky by provisioning access based on roles, and not on individual accounts. This strategy works equally well for larger changes like mergers, acquisitions, and corporate reorganizations. IGA solutions shorten timelines for executing bulk additions or transitions of user accounts by automating and streamlining provisioning and approvals.

DRS serves as a Next-Generation Antivirus (NGAV) specialist and management expert, working with organizations to develop and fine-tune custom policies. Our NGAV-managed solution based on Cylance™ is designed to protect your infrastructure and quarantine threats that originate from the endpoint. It doesn’t use traditional threat definitions to determine actions, making it a robust solution, even against zero-day attacks.

How we do it:

  • use a behavioral analysis engine built upon artificial intelligence and machine learning
  • rapidly cross reference files and executables to a threat intelligence database thanks to our responsive help desk analysts, to ensure your business is functioning at full capacity in a secure manner
  • determine which files and executables are malicious based on the properties and predicted actions of the file. This type of threat protection is meant to stop zero-day threats that aren’t included in the traditional threat definition catalogues of many other endpoint solutions
  • initiate a set of discrete response tasks automatically if certain rules are triggered by the software. Playbook-driven response capabilities assist organizations in eliminating dwell time by ensuring threat responses are fast and consistent across any environment
  • offer support for Windows, OS X, and many flavors of Linux, as well as other tools such as JAMF, Orca, SCCM, and classic Group Policy
  • deploy the next-generation endpoint solution while there is an existing antivirus solution in an environment to ensure adequate coverage at all times

Why is this so important?

The first line of defense is the employee. Knowing what to take and not to take is key. The second line of defense is the endpoint. Utilizing next-generation endpoint security better arms your organization’s defenses against modern threats and the evolution of attack campaigns. Cylance™ features AI and machine learning which helps companies keep pace with the increasing number and sophistication of threats.

DRS Security Information and Event Management (SIEM) is a high-value solution easily afforded by small-to-medium businesses to enterprise clients. The solution is built on a rapid deployment model and collects events via syslog or lightweight agents. The solution leverages the MITRE ATT&K® framework to evaluate the actions in the environment and can integrate with a SOAR solution to trigger automated responses. The solution provides comprehensive:

Security Analytics

Intrusion Detection

Log Data Analysis

File Integrity Monitoring

Vulnerability Detection

Incident Response

Regulatory Compliance

Cloud Security

Container Security

How we do it:

  • forward syslog from compatible systems and deploy lightweight agents to collect detailed information, conduct device compliance and configuration evaluations, and prevent and respond to security events rapidly from our operations center

Why is this so important?

Organizations need a SIEM solution to monitor systems and report suspicious activities as the average number of data generated nowadays is too much to handle manually.

  1. Detecting Incidents

A SIEM solution exposes incidents that otherwise can go unnoticed. This technology analyzes log entries to detect indicators of malicious activity. Moreover, since it gathers events from all sources across networks, the system can reconstruct the attack timeline to help determine its nature and impact. The platform communicates recommendations to security controls—for example, directing a firewall to block malicious content.

  1. Compliance with Regulations

Companies use SIEM to meet compliance requirements by generating reports that address all logged security events among these sources. Without a SIEM program, an organization needs to manually retrieve log data and compile the reports.

  1. Incident Management

A SIEM solution improves incident management by allowing the security team to identify an attack’s route across the network, identifying the compromised sources and providing the automated mechanisms to stop the attacks in progress.

DRS protects you from potential breaches in the cloud and on the endpoint thanks to its robust, all-encompassing Data Loss Protection (DLP) solutions. By utilizing our expertise in DLP pattern development and keeping up with the latest technology trends, we understand data and how users, systems and events interact with it.

How we do it:

  • scan Software as a Service (SaaS) environments with state-of-the-art Cloud Access Security Broker (CASB) software, Bitglass™ and Code42™, to match up with correlating DLP patterns and protect locally stored files from exfiltration, accidental deletion, or malicious extraction
  • limit end users from sending sensitive or critical information outside of the corporate network by allowing, encrypting or blocking data from being transferred
  • provide security administrators with the ability to control transferable data by end users
  • manage and secure data creation, data at rest, data in motion, data in use and data deconstruction
  • monitor and protect your company’s data without the need to deploy an agent on the endpoint
  • integrate directly with your identity provider to allow Single Sign-on (SSO) access

Why is this so important?

With recent data breaches and the General Data Protection Regulation (GDPR) enactment, chief information security officers are prioritizing Data Loss Protection (DLP) security strategies and tools. Confidential data, whether corporate or customer-related, can be leaked from almost any computing device today, including physical and virtual servers, databases, end-user equipment, flash storage devices, and mobile devices.

According to the Ponemon Institute’s 2016 Data Protection Benchmark Study, organizations around the world are dealing with an average of 20 data loss incidents per day. The same study found that a simple data leak of 100,000 customer records for one company can turn into direct and immediate costs of over $21 million.

The role of DLP technology is to identify, monitor and protect data in storage as well as in motion over the network. DLP systems are used to enforce policies so as to prevent the unauthorized access or usage of confidential data. Data loss can occur due to intentional misuse, leakage, carelessness or theft.

DRS combines knowledge and expertise to deploy and continuously manage firewalls in accordance with the highest security standards. Our MSSP offering is purposely designed to improve end-user productivity whilst bolstering your organization’s security stance.

How we do it:

  • work with relevant parties to install and set up firewalls according to industry best practices and required compliance standards
  • remove outdated/unwanted legacy firewall technology and replace it with DRS partnered hardware
  • provide firewall check-up services as well as a formal current-state analysis of all edge devices, thanks to our proprietary firewall audit technology
  • analyze for redundant/outdated rules and client-specific VPN policy configurations

Why is this so important?

A firewall is only as good as the policy structure that governs its behavior. It’s therefore critical to keep up-to-date policies so inadvertent gaps don’t surface due to an evolving threat landscape.

DRS offers ongoing threat hunting to bring experience and human intelligence into play when dealing with advanced persistent threats that can lie dormant for 200+ days in many instances. Threat hunting looks for a needle in a haystack, to correlate individual activities that could appear innocuous but represent a serious threat when combined.

How we do it:

  • employ highly experienced professionals with deep knowledge and insights on what non-obvious correlations constitute a threat
  • use industry standards and proprietary tools to scan multitudes of logs and events data to find suspicious activity
  • establish a strong baseline at the beginning so DRS understands what is standard and what is not
  • work hand in glove with our Incident Prevention, Isolation and Response (IPI&R) service to bring Six Sigma based statistical processes to indicators of compromise

Why is this so important?

There is no intelligence in artificial intelligence. An over-reliance on modern technology platforms and tools to establish security is a fundamental flaw in any cybersecurity strategy if people and processes are relegated as secondary participants. Bad actors diligently use human intelligence to test all aspects of a process and/or technology to find exploitable flaws. Since humans are imperfect, any process or technology so designed will be imperfect. Imperfection can never design perfection. It is critically that human intelligence, intuition, and experience are employed when hunting a threat from a highly intelligent and determined adversary.

Penetration testing is a commoditized service that is necessary to ensure compliance and get reassurance that established cybersecurity systems, protocols, and processes are working as designed. DRS performs penetrations tests and provides attestation reports on the findings.

How we do it:

  • establish the scope

◦ IP ranges

◦ domains

◦ social engineering

◦ limits and controls on data extraction and exfiltration

  • provide any needed controls and appliances to the client for penetration testing
  • perform penetration test within scope
  • provide detailed reports of findings and risks

Why is this so important?

Penetration testing is typically performed as a measure of good security hygiene and to reconfirm that compliance standards are being met. Time is of the essence in penetration testing. DRS goals to client timelines and reporting obligations for all penetration tests performed.

Incident Prevention, Incident Isolation, and Response (IPii𝜋r) needs are typically the most expensive services provided by cybersecurity firms and our competitors. The term incident response in itself is very reactive. DRS is completely changing the game in this arena with its proprietary solution. Firstly, by adopting a proactive approach as opposed to a reactive one and secondly, by offering affordable solutions so that even the smallest firms have access to world-class protection, equivalent to that of the most guarded financial institutions. This disruptive service is based on Six Sigma and the tenets of NIST and SANS processes. The broader environment is statistically sampled on an ongoing basis with critical assets under continuous monitoring with Infocyte™ technology. This ensures that a very high-fidelity and changing picture of compromise assessment is available at any given time. DRS offers an SLA for isolation and response which is unmatched by any competitor. IT and security professionals often forget that IPii𝜋r is a process, and not a singular action

How we do it:

  • implement functional and strategic benchmarking of all known critical assets
  • ensure proactive identification and elimination of active threats in your environment
  • leverage independent and automated forensics-based analysis of physical and virtual environments
  • continuously monitor to identify, investigate, and respond to advanced cyber threats at scale
  • perform a statistical sampling of assets on a quarterly basis to ensure compliance

Why is this so important?

A proactive approach to prevention, isolation, and response is key in keeping an environment compromise-free. Should this occur, rapid action to isolate the threat is critical in preventing legal, reputation, financial and data losses. At a most fundamental level, putting in place IPii𝜋r with good endpoint protection achieves a highly protected environment.

WHY CHOOSE US?

WE’RE DRIVEN BY VALUE INNOVATION

We’ve developed strategic partnerships and vendor relationships with industry experts to offer world-class tools at exceptional rates. We’re constantly scanning the market to modernize our services, thus equipping our clients with comprehensive solutions and an infallible security posture. We render the competition irrelevant through value innovation, thus opening market opportunities that have historically been untapped.

WE LISTEN

Protecting all aspects of your business is our priority. Our dedicated staff will coordinate an exhaustive consultation process with your team to understand your unique requirements. From the conception phase to post-project support, we promise to deliver custom solutions to suit your needs, every step of the way!

WE’RE FLEXIBLE

Whether you require a turn-key solution or select services to address gaps with your in-house security team, we’ve got you covered! Our polyvalent approach is designed to improve your on-premise and cloud-based cybersecurity posture, around the clock, no matter the size of your company, infrastructure and budget.

WE’RE INTERNATIONAL

We have multiple teams readily available and are constantly expanding to new markets. Along with our head office in Columbus (US), we have experts in London (UK), Montréal (Canada) and Copenhagen (Denmark).

WE GIVE BACK

We support organizations that have a positive impact in their communities. We invest in philanthropic programs and rally around charitable work and causes that are important, because it’s part of our core values.

In recognition of their service to our country, Dark Rhino Security actively seeks to recruit and employ veterans throughout its workforce.  The brave service members who have served our nation’s interests deserve employment and academic opportunities, once their military service is at an end. We are very proud that almost 50% of our team have served our country

WE’RE QUALIFIED

Our team is highly certified and offers training. Because our field is constantly evolving, we prioritize ongoing education and invest in cutting-edge technologies to respond to emerging trends with razor-sharp precision. As a result, our skilled engineers can deliver in-depth cybersecurity training to professionals of all paths.

WE’RE INTERNATIONAL

We have multiple teams readily available and are constantly expanding to new markets.

WE’RE FLEXIBLE

Whether you require a turn-key solution or select services to address gaps with your in-house security team, we’ve got you covered!

WE’RE QUALIFIED

Our team is highly certified and offers training.

CASE STUDY

Client Success Story: How DRS Implemented a Robust IAM Solution on Complex Legacy Systems with Minimal Operational Downtime

Our client, a major player in North American cross-border trade, has service locations at major gateways along the Canada-U.S. border, in addition to trusted logistics partners around the world. They help ensure on-time and cost-effective distribution of their customers’ goods and offer services to importers and exporters across the continent. They use real-time and innovative technology tools, web portals and service specialists to provide a wide variety of time-sensitive and logistically complex services. They facilitate global trade through Canada/U.S. customs [...]

Go to Top