Cyber Security Services

Cyan’s entire cyber security ecosystem, including full management and support, is delivered as a subscription – so you only pay for what you need.

Cyber security breaches disrupt business and can cause considerable financial and reputational damage. If you suffer a cyber-attack, you not only stand to lose business, you may also face regulatory fines and litigation. All this on top of the costs of remediation.

Most cyber-attacks are automated and indiscriminate. Rather than targeting specific organisations, cyber criminals prefer to exploit the low hanging fruit and attack known vulnerabilities or points of weakness. Your business is always under threat, even though you may not even be aware. On average, each UK business with an internet connection will experience over 500 attempts a day to breach their corporate firewalls. Yet only half of these firms have applied even the most basic cyber security controls.

The most effective way to protect your business and minimise the risk of a cyber-attack is to reduce the surface area that is open to exploitation and educate staff how to recognise and act on threats. This cannot be achieved with a single product or service. In fact, the most effective cyber security strategies comprise of multiple products and services, each intended to address specific threats.

In partnership with some of the world’s leading and best-in-class cyber security vendors, our team of experts will help you plan and implement a cyber security strategy that’s tailored to your needs. Our approach to IT security ensures that all areas of your business are carefully considered – this is essential as threat protection cannot be one-size-fits-all. Gaps quickly appear if, for example, you have remote workers, or if you use cloud services.

Cyan offers the following Cyber Security Services:

Managed Anti-Virus/Malware

To successfully protect against known viruses and emerging malware and ransomware threats, you need an antivirus solution that not only uses traditional signature-based protection, but that also uses sophisticated heuristic checks and behavioural scanning to protect against previously unknown threats.

Our expert security team will help prevent the unexpected with full, real-time proactive monitoring of your systems to provide continuous data and hardware protection from viruses, malware and ransomware. We’ll ensure everything is kept up-to-date and we’ll even handle security alerts as they happen.

Managed Firewall

As the first line of defence for your network, firewalls are a critical layer of threat protection that should form the foundations of your security, compliance and risk posture. To be effective, firewalls require continuous monitoring and management to ensure your network stays online and malicious attacks are prevented at the gateway.

Our team of certified SonicWall experts install and configure next-generation firewalls for maximum security and provide ongoing administration, monitoring and response to security events. We take care of everything and make sure your network is protected against known vulnerabilities and exploits that could be used to attack your business.

Managed Web and Email Threat Intelligence

The vast majority of cyber threats attempt to exploit the weakest link – your end users – and what often looks like an innocent email containing a harmless web link can quickly turn into a data breach or full-blown ransomware attack. All it takes is one click of a mouse. This type of attack will often evade traditional anti-virus protection by coercing end-users into giving away credentials or browsing to infected websites.

Our advanced protection for web and email is designed to shield your end-users from both known and emerging cyber security threats. This is a 100% cloud-delivered service designed to protect users from zero-day malware, ransomware, spam, botnets and phishing. Instantly block access to malicious websites, quickly identify and remove inbound and outbound email threats. Sandboxing provides real-time analysis of suspicious files and links in email traffic before they reach your teams. We can also enforce web usage policies and monitor web usage across your organisation.

Managed Security Information and Event Management (SIEM)

Cyber-attacks increasingly use mutation to reduce the chances of being successfully detected. In fact, the global average time it takes for companies to identify a data breach is as a staggering 6 months.

The Cyan Managed SIEM service is a 24/7 proactive monitoring and threat detection/response platform designed to give instant visibility into unexpected security events. We monitor your entire IT estate for anomalies and suspicious network activities and can respond instantly to remediate, block, or terminate harmful threats or hackers.

This is a powerful tool that significantly reduces your exposure to the risk of a cyber breach. Real-time processing and correlation gives us a complete picture of what’s new or changed. From failed login attempts to a system-wide configuration change, a new mailbox added to Microsoft Office 365 to company files being moved to removable media (eg a USB drive) – we can analyse, categorise and respond to these events instantly.

Managed Password Security

Establishing an effective password policy is critically important. Attackers are commonly looking for easy ways to access data using valid, trusted credentials – and weak passwords are an easy attack vector. Cracking simple and even moderately complex passwords is no longer a difficult task and powerful password hacking tools are now freely available to download. On top of this, leaked credentials from data breaches yielding billions of user accounts and passwords are giving cybercriminals the upper hand. Implementing secure a password policy is absolutely essential, however, relying on your staff to remember strong or complex passwords can be a burden on productivity.

The Cyan Managed Password Security service removes this burden while ensuring that company-wide secure password policies can be set and implemented effectively. Your staff are automatically guided through the process to ensure all password security recommendations are met. If at any time they forget their password, or need to change it, they have access to a secure 24/7 service that will walk them through the process. The dictionary feature adds further protection by blocking the use of weak passwords, or passwords that have made it on to breached lists.

Managed Multi-Factor Authentication (MFA)

Managing IT risk is complex, especially with the dynamic nature of today’s business world. Users have the flexibility to work from anywhere on any device and often connect to company data and email from outside the network perimeter. Establishing strong password policies is vital but securing access to privileged information needs more than just good password management. If a hacker breaches security using stolen login credentials they will gain access to a company network undetected. They could even pose as an employee and send email, or worse, manipulate payment transactions.

Adding a second factor or layer to your authentication workflow is the most effective way to minimise this risk. MFA asks the user to verify their identity by requesting an additional step be taken during the login process. This could be a PIN code, a push notification to a mobile app, or even a phone call.

Penetration Testing

Sustained and continued adoption of new and emerging technologies has made it difficult to discover and remove all of an organisations’ vulnerabilities and successfully defend against cyber-attacks. Missing a simple software application update, or not applying firmware upgrades to key network infrastructure can leave your business and assets worryingly exposed. Without appropriate testing, there is no way of ensuring that other cyber defences provide adequate protection against cyber-attack.

Vulnerability Scanning for PCI DSS Compliance ​

66% of customers say they would be unlikely to do business with an organisation that experienced a breach where their financial and sensitive information was stolen (source: Verizon 2017 Payment Security Report). Firewalls must leave certain ports open for the operation of web, mail, FTP and other Internet-based services, leaving you vulnerable to exploitation.

The PCI-DSS standard is the result of collaboration between some of the major credit card brands and was developed to encourage and enhance cardholder data security, and to facilitate the broad adoption of consistent data security measures involved in payment card processing. To comply with PCI DSS, merchants and service providers must conduct and pass a quarterly vulnerability test (meaning one scan every 90 days, or 4 scans per year). This service provides the PCI scan certification necessary to demonstrate quarterly compliance.

Cyber Security Essentials

Any organisation with an Internet presence is at risk from automated cyber-attacks, but not all organisations have equal resources to deal with them. Cyber Essentials offers a sound foundation of cybersecurity hygiene measures that any business can implement and build upon. In fact, implementing these measures could significantly reduce your exposure to vulnerabilities.

The Cyber Essentials scheme provides five security controls, which, according to the government, could prevent around 80% of cyber-attacks. There are two levels of certification – Cyber Essentials or Cyber Essentials Plus. Each will enhance your business’s reputation by proving to customers that you take the security of their information seriously and are taking the necessary steps to reduce cyber risks. Working in partnership with a CREST-accredited certification body our team of experts will manage the entire certification process for you and oversee all assessments and vulnerability scans to ensure that the security controls you implement are effective.

Staff Awareness Training

For most businesses, employees are still the weakest security link, leaving companies exposed to risk. Over 90% of cyber-attacks start with a phishing email, and recent studies suggest that the fastest growing security threat to business is no longer malware but impersonation email attacks. To protect against this overwhelming threat, you need to develop an effective education programme to raise awareness among staff.

Cyan offer a range of user awareness courses that will demonstrate to staff why their organisation is a target for cyber criminals and how attackers will seek to target them. The short courses are delivered via an online E-learning portal and staff can study from their desk and around their existing workload. The courses use non-technical terminology, making it easier for staff to understand. Attendees will learn practical and simple tips to better protect themselves at work covering areas such as social engineering, password security and e-mail attacks. By giving staff an awareness of the cyber threat they face, it means they are more likely to detect and respond to suspicious activity, resulting in actual incidents being dealt with quicker and reducing the risk of potential damage.

Recommended Posts