IT and Cybersecurity Services

This is a short list of our capabilities. Contact us to see exactly how we can help you.


CISO as a Service

The CISO advises the executive team on how the organization needs to meet security requirements to do business in their given industry. The CISO oversees a team that has a view of the risks facing the enterprise and puts in place the necessary security technologies and processes to minimize the risks to the organization. They are empowered to communicate risks to decisions makers and take action independently when necessary. They also advocate for investment and resources to ensure security practices are given appropriate attention.

Chief Information Officer (CISO) as a service.

  • We will fill that gap and provide guidance and direction for C-Level executives, security engineers, operations staff, and developers.
  • We integrate with your environment in order to provide a rich toolbox of capabilities.
  • Introducing guidance and direction related to all things security while keeping key business objectives in mind.
  • Working on policies, procedures, compliance initiatives, and technical implementations or any other project needed by the company.
virtual_cisco

Managed Services

Many companies today are saving money by outsourcing aspects of their IT support. AgileSecOps offers a wide variety of managed services. The following is just an example of what we can do for your company.

Cloudflare Implementation and Management

Cloudflare offers some of the most advanced CDN, WAF, and other capabilities to secure and enhance your website.

  • Install, configure, and maintain a domain or multi-domain environment.
  • Provide advanced configuration and tuning to ensure the maximum uptime of your site.
  • Recommend features that will work to accelerate your website and overall customer experience.

***Just recently, we implemented Cloudflare for a fortune 500 that was under a denial of service attack. The total implementation time was less than one day. Their site is totally operational and operating at a more efficient rate than prior to the attack. This attack was against the logic of the site. The Web Application Firewall that Cloudflare offers took care of the attack in this situation. We were able to properly identify the rules and put them in place without interrupting valid users of the site.

Patch Management

  • We will take over your current patching toolset or stand up one if required.
  • Work with the organization to deploy the appropriately vetted patches per company standards and procedures.
  • Perform a follow-up vulnerability scan to ensure all systems are secure.

Firewall and Security Appliance Management

  • We will take over the responsibilities of managing and updating your companies security appliances.
  • Work with your change management procedures to make changes.
  • Provide monthly reporting on changes and security appliance activities.

Configuration Management

  • We will take over or install Ansible or Puppet within your environment.
  • Work with the developers and operations staff to create automation, utilizing the tools above, to speed the process of deployment and enhance security.

Vulnerability Management

Vulnerability management is the process in which vulnerabilities in IT are identified and the risks of these vulnerabilities are evaluated. This evaluation leads to correcting the vulnerabilities and removing the risk or a formal risk acceptance by the management of an organization.

We'll help you find the vulnerabilities before they become a problem and assist or perform the remediation service.

  • Internal and external vulnerability scanning. This can be a one-time or ongoing engagement.
  • Internal and external penetration testing.
  • Static code analysis assists in finding common coding flaws prior to or just after release.
  • We follow OWASP best practices and assist in educating developers and IT staff.


DevOps

We love to automate almost anything.

  • We have proficiency in tools like Puppet, SaltStack, Ansible, Python Fabric and if it hasn't been created we can write it.
  • Our DevOps capabilities are second to none. We can either integrate with your current DevOps team, build the practice up for you, or perform the activities as an outsourced project.

Let's not forget to involve Security.

Security is normally a team that works in a silo or something that is bolted on after the fact. We like to include Security into the DevOps process.


System Hardening

Hardening is the process of limiting the attack surface of a system or device by tuning or disabling services to meet the best security stance. This is usually done by following recommended standards or industry best practices. Normally, we following the Center for Internet Security (CIS) benchmarks. We can also utilize DISA's Security Technical Implementation Guide (STIG) as requested by the customer or if the customer is mandated by the DoD.

We utilize configuration management utilities such as Puppet or Ansible to ensure every system meets the same security baseline. These templates can either be passed onto the customer for further implementation or we can continue to assist as needed.


Compliance

Almost every organization has to deal with some sort of compliance. It may be mandated upon them by an overseeing body. This might be something along the lines of the Payment Card Industry and their PCI-DSS compliance. Or, an organization may want to become compliant in order to have the advantage on their competition. Customers like the feeling that their data is being secured to the best of the industries abilities and they tend to go with companies that can prove it.

There are so many different compliances out there. Regardless of what sector your business operates in we can help. We will help you meet the regulation or guideline that your industry and customers demand.

The following are some of the assessments we perform:

  • Information Security and Operational assessments
  • HIPAA
  • NIST 800-53
  • ISO 27001
  • The Cloud Security Alliance (CSA) STAR Self-Assessment
  • General Data Protection Regulation (GDPR)
  • PCI-DSS

Cloud Services

AgileSecOps can provide the guidance needed to help you make a smooth transition to the cloud. We can provide:

  • Guidance on setup and implementation
  • Review of your current cloud environment for security and cost enhancements
  • Configuration assistance to make the most of your cloud environment or if you are just now transitioning to the cloud
  • We can also take over the management of any cloud environment

One item that I think a lot of companies overlook is how secure that cloud application they want to use really is. We can perform a security risk assessment on the application and provide you with what's needed to make an informed decision on what provider or application to go with.

Even if you want to outsource you entire solution we can handle it.


Contact us: info@agilesecops.com LinkedIn