RedLegg’s Security Solutions are made up of Advisory, Managed Security Services
and Tradecraft Labs. These three groups have their own management team, goals and visions that line up with RedLegg’s overall mission. All three work together for a cohesive, comprehensive and full service client engagement.
Our approach to information security involves engaging with business owners to define acceptable risks, & inviting owners to participate in the evaluation process along the way.
Managed Security Services
RedLegg operation staff has over 20 years experience in providing Managed and Co-Managed Security Service. RedLegg helps make the most of your UTM, SIEM and Advanced Threat Investment by tuning, updating, monitoring and knowledge transfer. RedLegg Managed Security Services Team is based in the United States and treats your organization VIP allowing quick response to threats that may affect core business.
Unified Threat Management
- Health & Performance
- 27x7 Availability Monitoring
- Patch and Software Updates
- Policy Management
- Policy Backup
Managed and Monitored SIEM
- Daily Event Review
- Custom and Automated Alerting
- Integrated Ticketing System
- Detailed Monthly Reporting
Advanced Threat Defense Service
- 24x7 Advanced Threat Monitoring
- Extension of in-house team and skills
- Analysis of Findings and Alert Investigations
- Regulatory compliance support
- Events monitored 24x7
- Quick escalation
- Maintenance and Updates
Tradecraft Labs works close with you to determine if your companies external applications, web, mobile and internal applications are secure. RedLegg’s methodology is based on proven industry best practices from the Application Security Verifcation Standard (ASVS), Open Security Testing Methodology (OSSTM) and the Open Web Application Security Project (OWASP).
- Network Review and System Testing
- Application Testing
- Risk Analysis
- Internet of Things (IoT)
Virtual CISO (vCISO)
Data breaches. Privacy concerns. Regulatory Compliance. All companies in today’s digital world face these issues. But while larger enterprises may have the budget and resources necessary to tackle these concerns, many small and medium organizations lack the capacity. Existing personnel often handle operational security well, however some organizations may lack the budget and resources to tackle security problems from a higher tactical and strategic view.
RedLegg’s Digital Security Program (vCISO) allows your company to leverage the equivalent expertise of an experienced security team without the necessary time and investment to obtain them. From CISO-level strategic advice to operational expertise, our modular program allows an organization to obtain expertise and experience in one or multiple sections of information assurance. This helps save on budget and time by filling in expertise gaps found within your existing staff. Instead of hiring a single senior level person, pen tester, analyst or consultant, the organization immediately gains an internal team member with the knowledge of leaders within the security and information technology communities.
One of RedLegg’s Top Selling Offerings!
Enterprise Security Assessment
We take a multi-phase approach to enterprise security assessment that is designed to provide a holistic evaluation of security posture. The assessment includes a series of in-depth interviews, as well as hands-on technical evaluation.
- NIST CyberSecurity Gap Assessment, COBIT, HIPAA, FFIEC, NIST 800-171, ISO, 23 NYCRR 500
- Security Control Review
- Internal & External Penetration Testing
- Social Engineering
- Executive Briefing
Penetration Testing Assessments
Delivered by RedLegg’s Tradecraft labs, our comprehensive deliverables include a timely determination of exposure to risk & vulnerabilities as well as the identification, definition, & creation of a specific actionable remediation plan.
- Preventing financial loss through fraud (hackers, extortionist and disgruntle employees) or through lost revenue due to unreliable business systems and processes
- Providing due diligence and compliance to your industry regulators, customers and shareholders.
- Protecting your brand by avoiding loss of consumer confidence and business reputation
- Identifying vulnerabilities and quantifying their impact and likelihood so that they can be managed proactively
- Budget can be allocated and corrective measures implemented based on actual risk in place
GDPR Compliance Program Management
Helping your company to achieve GDPR Compliance!
Initial Privacy Impact Assessment (PIA)
- Audit of your company’s business processes to determine the type of personal data that is currently collected, stored, processed and exchanged with affected external entities
- Review of your established data minimization practices that must be implemented at every step in the data lifecycle to maintain GDPR compliance o Evaluation of your company’s ability to comply with the Right to Erasure (right to be forgotten) requirements
- Gap Assessment Report and high-level Remediation Plan to help you define compliance action items
Data Discovery and Access Control Audits
- Managed deployment of highly efficient tools that enable you to:
- Discover and analyze GDPR-related data residing on premises and in cloud-based applications and systems
- Evaluate data access/data protection controls and monitoring capabilities
vDPO (virtual Data Protection Officer) Service
- Provides real-life data privacy and information security experience
- Avoids conflicts of interest between the duties of DPOs and their other duties o Provides interaction and reporting to your company’s top management o Furnishes advice and recommendations for interpreting and applying the new data protection rules
- Helps you to manage, operationalize and maintain your GDPR Compliance Program
The human element is often the weakest link. RedLegg’s Social Engineering offerings are fun and very effective. Social engineering cannot be just a button or a single campaign and hope everyone has learned their lesson. Technology is constantly evolving, bad guys are getting smarter and smarter. RedLegg’s management, consistancy and intelligent linking of the calls, emails, training and games is a game changer in your current or non existant security awareness strategy.
- Email Phishing Attacks with choice of 26 template campaigns with multiple levels of difficulty and customization
- Phone Call Phishing Attacks with custom script and unique reporting tool
- Security Training on your LMS or managed via RedLegg
- Games, Quizes and Awards!
Secure Code Review
An effective Application Security Program builds security into all phases of the SDLC. The two initial components critical to building security into your SDLC are threat modeling and secure code reviews. Adopting a process for assessing the risks to your applications will ensure you are able to effectively prioritize efforts to complete reviews against those applications that are most critical to your business and pose the greatest risks to your clients.
To ensure our clients have secure code on their mobile or non-mobile applications, we perform a secure code review. This process involves reviewing customer-specific applications & carefully verifying the code, line-by-line, to ensure that every aspect is secure.