General Questions

Network/ Security consultants provide valuable service to help and to protect businesses. Unfortunately, consultants can also be cost excessive to small businesses who need their help but cannot afford the cost. At JDL, we try to provide a reasonable, administered security program that includes but is not limited to security assessments, compliance, breach response plan, and Policy review. Designed for small and mid-size businesses to provide them with the tools to create a level of education and protection against the threats of a data breach, all at a fraction of the cost of a consultant.

Your network IT consultant is important and provides valuable services to keep your IT operational and secure. JDL security services is another pair of eyes to verify that proper protections are in place for your organization. Our services should be another layer in your layered defense strategy against the bad actors constantly seeking to compromise your system.

All businesses who collect, store, transfer, or use consumer data are required to have security. JDL follows security frameworks to protect your business, your brand, and your clients.

Physical security refers to the protection of hardware, computer equipment, and other IT assets from external physical threats, such as unauthorized access, theft, or loss of backup media during transportation to external sites.

Application security refers to the security measures built into a software application itself to provide a secure computing environment. Common application security measures include authentication of the application, an access matrix for different levels of users, input validation to avoid the possibility of application flaws such as a buffer overflow, and application logging features, etc.  Application owners should determine with the development team application security requirements according to the criticality of the application in the design phase, as well as the sensitivity of the data to be processed.

A security policy should be practical, and work for your organization. The following should be considered:

  • The sensitivity and value of the assets that need to be protected
  • The legal requirements, regulations and laws of the Government in your jurisdiction
  • Your organization’s goals and business objectives
  • The practicalities in implementation, distribution and enforcement

Our security assessment is a point in time assessment of your environment while our MSSP offering is a continuous monitoring and assessment of your environment.

A security assessment is generally a good place to start if you have not done one recently and do not know the state of your IT security. If you have done a security assessment within the past year, the managed security service will provide continuous monitoring and protection to ensure that your data is secured.

Yes, you can convert to our managed services if you start with our assessment. We provide financial credits for organizations that start with our security assessment and wish to migrate to our managed security service offering.

Changes between modules are very seamless, with simple change in scope, you can start on a different module prorated, without any change to your previous contract period.

Firewalls are only part of a total integrated security system, and they have limitations. Firewalls can neither alert you to ALL intrusions, nor stop ALL security breaches. Unless you are constantly monitoring for intrusions, you cannot know for sure if your firewall is blocking all intrusions. IDS / IPS can be installed and used at strategic locations to continuously collect and examine information for suspicious activity 7 days a week, 24 hours per day. IPS also provides an active response system to stop the source of attacks or to minimize the impact of any attacks.

The first order of business before we commence of our service will be a signed non-disclosure agreement that protect both parties from disclosure of classified information and trade secrets.

Security services are invoiced based on milestones. Usually 40% at the beginning of the service and the outstanding balance at project signoff. MSSP services are paid monthly at the beginning of each monthly period for which services will be provided.

Our security assessment consists of two modules: 1. “Security Assessment Plus” is an efficient and cost-effective offering that incorporates a comprehensive evaluation rather than a single stand-alone test. 2. The “Security Assessment Pro” is a comprehensive service for security audit and amendment requirements, recommendation, risk analysis, and penetration testing.

Our Managed services are divided into two modules: 1. “Managed Detection and Response” has vulnerability assessment, 24×7 Monitoring and triage of security events with remote remediation support for your IT team. 2. “Managed Security Services” has Full security management for your environment include vulnerability assessment, 24×7 Monitoring, triage and remediation, configuration of security devices with on-site and remote support.

For More details, please visit our Services Page.

Security Assessment

That’s great! You can easily add multiple locations to your assessment plan.

The amount of time it takes to do an IT Security Audit depends on 2 criteria, the first being the number of internal and externally facing devices on your network, the second being the number of faults found. The more faults that are found, the longer the test may take to confirm if they are genuine or false positives.

JDL assesses the security risk of all networked, IP devices. This includes all routers, switches, hubs, firewalls, servers (all common operating systems), workstations, desktop computers, printers, and wireless access devices.

The security assessment scan is designed to minimize both the audit time as well as the network bandwidth it uses. Thus, the impact on network traffic load is minimal. In addition, if the target host or network performance deteriorates during a security assessment, the scanner will adapt dynamically and reduce the scan speed.

The security assessment identifies viruses, backdoors, worms, trojans, malware and other malicious applications. The security assessment uses authenticated scanning to determine malicious software on a host even if it has no listening service.

A security audit only provides a snapshot of the vulnerabilities in a system at a point in time. As technology and the business environment changes, periodic and ongoing reviews will inevitably be required. Depending on the criticality of the business, a security audit might be conducted quarterly, or every six months.

The JDL Security Program is a 12-month agreement. The policy automatically renews annually unless you provide written notice 30-days prior to the date of renewal.

Our on-boarding process has two simple steps.

  1. Information gathering
  2. Kick -start

Our pricing module is quote simple. Prices of each service will depend on attributes including but not limited to number of users, type of service, special requirements.

Request a Quote for Security Assessment And Management As a Service

Get in touch with one of our agents to get a sample report.

Request a Quote for Security Assessment And Management As a Service

IT Security Audit

An External Security Audit is where you have your Infrastructure and Network Security checked by a third party remotely. The purpose of an External Security Audit is to highlight weaknesses and configuration issues that you may not be aware of. This is done to help educate and to help protect companies from cyber security problems. The external security audit also makes sure that all the services your company uses are fully configured correctly with security in mind. Using the results from the IT security audit, you will be able to make changes and approve your business security to make it less appealing to internet hackers.

If you have an IT Security Audit it can highlight lots of issues that have been missed or overlooked as your business network has grown and become more complex over the years. Devices are easily configured using software wizards, but these wizards don’t always configure the device correctly and often just configure the bare minimum to get the system running. It is good to get an impartial view from a third party for your own peace of mind. If you have had regular IT Security Audits from a third party this can significantly reduce the impact of the penalties in the event of a data breach.

Doing an IT Security Audit highlights potential business critical issues that could cost the business thousands of dollars if left in their current state. It follows government best practice of having your systems tested regularly. It ensures you have mitigated the risk of hackers easily breaking into your system. It also gives you faith in your existing IT team or IT Support company that they are doing their job correctly and have all the necessary security in place.

Compliance

Compliance is a term which means that you meet the requirements of accepted practices, specified standards, terms of a contract, legislation, or prescribed rules and regulations. Each business in the United States is required to protect consumer data, although the regulations vary by state, industry, and regulatory oversight into their business.

Every business is different in terms of how they collect, use, and store data, therefore each business will likely have an individualized compliance program. Initially however, it may take anywhere from a few hours to a few weeks to get your program and compliance plan in place.

The National Institute of Standards and Technology is a division of the U.S. Departments of Commerce which promotes innovation and industrial competitiveness, while supporting, regulating, and establishing set standards of measurement and precision. NIST created the Cybersecurity Framework to help businesses collaborate on best practices and lessons learned, to help companies Identify, Protect, Detect, Respond, and Recover from a data breach or security incident.

The General Data Protection Regulation (GDPR) is a data protection and privacy law for the European Union and its residents which went into international law on May 25, 2018. The GDPR provides strict guidelines on how organizations collect and processes data of EU residents and can assign fines and penalties up to $20 million Euro or 4% of gross revenue.

Non-EU organizations that monitor the behavior of or offer goods and services to EU residents are required to comply with the GDPR. This includes any business with connections to the EU or EU residents through subsidiaries, vendors, or customers. (This means that everyone is affected by the GDPR.)

Support

The Managed Security Services (MSS) Support is a way to manage requests with our customers on the incidents they report, provide a knowledgebase of information about our products, provide additional downloads and manage subscription licenses.

Yes. Support requests are accepted via call or send an email [email protected]. Email requests must be sent from one of the email addresses provided to JDL as a support contact.

JDL determines the initial priority of your issue, though at any time, you may request to escalate or downgrade the priority of an issue via email.

When submitting requests for support, the customer must provide all data that is relevant for resolving each technical support request. Relevant data may include, but is not limited to, log files, descriptions of the hardware and software environment, examples of inputs as well as expected and actual outputs. This information should be as complete as possible, but sensitive information (e.g., account names, passwords, internal IP addresses) should be sanitized before sending to JDL.

JDL Security Services

 JDL Security ServicesSecurity Assessment
Plus
Security Assessment
Pro
Managed Detection
and Response
Web Application (Website) Scan
Internal and External Network Scan
Security Policy Review
High-level Remediation Suggestions and General Best Practices
Customize Technical and Summary Report; and Presentation
Initial network architecture review and recommendation
Recommendation on Hardware / Software replacement and upgrade or purchase
Compliance - HIPAA, PCI DSS, GDPR*
Web Application (Website) assessment and Penetration Testing
Internal and External Network assessment and Penetration Testing
Log Monitoring and Analysis
Active Directory Audit
Dark Web Scan
Overall risk analysis of network infrastructure
Virtual Chief Information Security Officer (VCISO) Services
Real-time Monitoring and alerting of core network infrastructure components
Web filtering / DNS Audit
24x7x365 Security Operations Center (SOC)
Malware and Forensic Analysis
Threat detection, triaging and forensics analysis
Remote incident investigation and response recommendations

* Compliance requirements and other services can be customized as add-ons.