I.T Security Management
Expand All | Collapse All
Jayine Consulting’s portfolio of managed services forms the foundation of our risk management and compliance solutions. We allow clients to mix and match the services they need as their internal requirements change. From basic device and server monitoring to full lifecycle support, Jayine Consulting provides clients with complete outsourced risk management at an affordable cost.
Vulnerability Assessment and Management
Whether it's mandated by a specific compliance mandate or whether an organization wants to stay one step ahead of threats to critical assets, Jayine Consulting’s remote vulnerability assessment service continuously pinpoints at-risk devices and assets for remediation. Clients gain added situational awareness via Jayine Consulting’s workflows and detailed vulnerability reports from our experts.
Website Vulnerability Assessment
Jayine Consulting's Website Vulnerability Assessment, leverages the power of WhiteHat Sentinel, the only website vulnerability management solution that addresses every type of website vulnerability issue with accuracy and confidence. A web-based subscription service, WhiteHat Sentinel combines advanced proprietary scanning technology with expert analysis, allowing customers to identify, prioritize, manage and remediate website vulnerabilities as they occur. This comprehensive approach gives all parties a clear view of the organization's website security posture in an easy-to-manage, cost-effective manner.
Benefit of Jayine Consulting’s vulnerability assessment service:
- Provides on-demand proactive vulnerability management for organizations.
- Profiling of internal and external assets.
- Flexible asset grouping based on reporting and audit requirements.
- Full prioritization based on asset value.
- A comprehensive tool-set for workflow management and remediation tracking.
- Customizable, multi-view reports that make the most of existing security investments.
- Customized reports measuring effectiveness for analysts, auditors and management teams.
- Vulnerability assessment data leveraged as a part of our monitoring to automate threat identification and response.
- Assessment data extensible to Jayine Consulting’s Change & Configuration Management systems and client-based patch management or ticketing systems.
- 24/7/365 access to Jayine Consulting’s Managed Security Specialists.
Security Monitoring Services
Jayine Consulting provides comprehensive 24x7x365 monitoring of virtually any network and security device, endpoints, log management, and endpoint security solutions. Jayine Consulting 's monitoring service goes beyond monitoring and alerting: Our security monitoring solutions deliver total threat management across the infrastructure-from identification to investigation and log analysis to incident response.
Benefit of our Security Monitoring Services:
- Monitoring of the entire infrastructure, including routers, VPN'-s, firewalls, IDS/IPS, UTM appliances, log management solutions, servers, desktops, and endpoint solutions like CSA and NAC.
- Outsourced monitoring results in cost-effective security response and a reduced total cost of ownership.
- 24x7 log monitoring, analysis and threat alerting.
- Real-time visibility into security posture for reduced risk and improved regulatory compliance.
- Documented incident response workflow provides evidence of corrective action for compliance and audit purposes.
- Enhanced situational awareness from our team.
- Multi-vendor support that makes the most of existing security investments.
- Customized reports measuring effectiveness of client's security policy and controls, security performance, and compliance with specific industry or regulatory mandates.
- Reports address the needs of technical and business stakeholders alike.
- Monitoring support for all leading networking and security technologies from every leading vendor.
- Deep competency in monitoring and managing Cisco technology such as ASA, ISR, CSMARS, NAC, CSA, all generations of VPN, firewall and IPS systems.
- Stringent service levels guarantee service levels that ensure business continuity.
Configuration and Change Management
Managing security configurations in a dynamic environment is a daunting challenge for today's security teams. The rapid pace of change, combined with device complexity and resource constraints, often causes defenses to become misaligned with security policy. Jayine Consulting’s Configuration & Change Management service provides full outsourced management of the client's infrastructure. We ensure that devices, desktops, and servers receive proper patch, signature, and OS updates, whether in response to a security incident or as part of an ongoing proactive security process. This allows clients to focus on more strategic issues, such as security policy development without having to acquire the expertise needed to constantly re-configure a complex infrastructure. Finally, our detailed reporting provides a full audit trail of changes for compliance purposes.
Our Configuration & Change Management provides monitoring clients with complete device and endpoint security management including:
- Comprehensive device and endpoint management including Firewall, Router, IDS/IPS, UTM, Log Management and VPN.
- Extensive knowledge of multi-vendor network and security technology.
- In-depth knowledge of Cisco security technology such as ASA, CSA, NAC, CS MARS, and ISR.
- Rule set changes and validation to ensure policy compliance.
- Configuration changes, upgrades, and signature updates.
- Proactive patch management.
- General maintenance, backup, and recovery.
- Proactive patch management.
- Performance and availability management for devices.
- Detailed reports providing full audit trail of changes.
Jayine Consulting's professional services help clients address important gaps in their security infrastructures or processes in support of risk management or compliance initiatives. Whether delivered as part of a complete solution or as a standalone engagement, clients gain access to some of the brightest minds in the industry who can, in turn, leverage our extensive knowledge base of best practices derived from successful client engagements.
Network Risk Assessment
Jayine Consulting’s Network Risk Assessment is often the first step in a client engagement. Our consultants conduct a thorough evaluation of a client’s security posture, and present a detailed findings document that outlines top risk factors and proposed remediation steps. The final deliverable represents a deep analysis of the client’s systems, policies, and controls in the context of the client’s business and regulatory climate.
The Network Risk Assessment consist of the following phases:
- Security Policy Audit: Evaluates security policy based on availability, business continuity, and compliance requirements; it also establishes key risk factors and security metrics.
- Technical Security Evaluation: Analyzes the security architecture in the context of security policies and control objectives to uncover vulnerabilities.
- Threat Management Assessment: Examines threat identification, investigation, and incident response processes.
- Disaster Recovery & Business Continuity Planning: Ensures that plans for returning systems to operational standards are in place to minimize business interruption should an incident occur.
Jayine Consulting’s Penetration Testing service will help you determine the exposure level of these Internet-exposed web applications and perimeter network to external attacks. Our Penetration Testing team will validate the security controls and identify existing and potential vulnerabilities that, when exploited, can have a significant impact on your business.
Our penetration testing methodology, which is derived from best practices such as OSSTMM, OWASP, NSA security guidelines, and our penetration testers have gathered years of experience. This methodology ensures that we cover every aspect of the testing without compromising the out of box thinking of the analyst that is required for such activities. Our analysts utilize automated tools (free, commercial, and propriety) and manual testing (when required) to identify and exploit vulnerabilities.
Our team works with clients to develop reports that provide clear and concise findings and a prioritized matrix of actions and recommended workflow. The reports include:
- Executive summary (jargon-free, true executive-level summary).
- Priority matrix, indicating remediation priorities, and risks.
- Detailed impact analysis of the identified vulnerabilities.
- Findings and recommendations to improve security posture.
- Knowledge transfer to client’s IT team.
Benefits of Jayine Consulting’s Penetration Testing services:
- Experienced security analysts with the specialized skills and tools needed to mitigate client risk.
- Testing conducted in a safe and controlled environment without compromising.
- routine business activities.
- Reduced investment in employing full time security analyst, tools and technology.
- Part of an overall risk management solution that addresses the audit requirements of policy & compliance frameworks such as ISO 27001, SOX, HIPPA, PCI, etc.
Network Architecture Assessment
Jayine Consulting evaluates the current design structure of various security controls- both processes and technologies-to gauge their effectiveness. In addition to interviews with key stakeholders, the evaluation is based on a review of policies, architecture diagrams, and operational reports from the current infrastructure. The evaluation takes an in-depth look at the strengths and deficiencies in the technical security architecture. The assessment also looks at the potential impact of the security architecture on availability and compliance.
Our consultants analyze every key aspect of the architecture including:
- Logical and physical design-including the underlying rationale.
- Security technology inventory.
- Asset inventory.
- Outbound and inbound connectivity.
- Security procedures and processes
- Network topology.
- Network and host access controls.
- Log-in procedures and authentication requirements.
- Business continuity plans.
- Containment and incident response procedures.
- Health of security controls.