At eSentire, our risk assessment is designed to identify risk across four key areas: organizational, programmatic (security), human and technical. Leveraging intelligence from our MDR platform, we identify your organization’s risk measured via assessments against industry standard frameworks, technical testing, phishing and malicious network activity monitoring.
A Complete Assessment
Once the assessment is complete, our experts will provide a combined view into all areas of risk with detailed analysis and recommendations for addressing critical gaps to meet compliance demands and protect your business from threats.
- Identifies areas of greatest risk and prioritizes remediation of what was discovered
- Aligns business objectives and security risks
- Measures effectiveness of your existing technical security controls
- Identifies threats that have bypassed preventative methods
- Validates security awareness training
- Pinpoints employees of greatest risk
- Satisfies compliance needs, including HIPAA, SEC, NYCRR, PCI 3.x.
Components of a Risk Assessment
Security Program Maturity & Risk Analysis
Provides an in-depth assessment of the maturity and associated risks of the client’s information technology environment. It uses the eSentire Security Framework, which is based on the NIST Cybersecurity Framework, a comprehensive set of policies, procedures and security controls.
Malicious Activity Assessment
Implementation of a single esNETWORK™ sensor in watch-only mode into the client premises for thirty (30) days, to identify malicious activity with near real-time alerts for any potentially malicious activity from the eSentire 24/7/365 Security Operations Center.
Tests end users through customized simulated phishing engagements. Users that present potential risks via exploitation of the human element are identified and remediation guidance is provided to implement into security awareness programs
A point-in-time exercise utilizing a scanning tool that deliberately probes a network or system to discover its weaknesses. Results are analyzed by security experts and prioritized by severity with remediation guidance.
Simulates the actions of an external and/or internal attacker. Using the latest tactics, techniques and procedures, the penetration tester attempts to infiltrate and exploit systems and gain access to data. Exercise results in identification of systematic weaknesses with areas of remediation ranked by criticality.
Executive Summary Report
Targeted toward a non-technical audience so they are apprised of risks and mitigation strategies as a result of the engagement, including recommendations to remedy issues or reduce risk.
Detailed Technical Report
Targeted toward technical staff and provides detailed findings and recommendations, including methodology employed, risk ratings and remediation steps.
Make the Case for an eSentire Risk Assessment
- Organizational assessments conducted by certified professionals with experience from the C-level to technical implementation and controls
- Technical testing conducted by experienced penetration testers (e.g. CEH, OSCP, CISSP, etc.)
- Applies tactics and techniques used to bypass traditional security controls as seen through the eSentire Managed Detection and Response platform
- Clear reporting with risk prioritization and detailed findings
- Includes detailed discussion with eSentire Advisory Services and Technical Testing team members
- Satisfies compliance requirements