No company is immune to cyberattacks. While large-scale cyber security breaches of Fortune 500 Companies dominate the media, 40% of all cyberattacks target businesses with less than 500 employees. As cyber threats evolve and heighten concerns, it becomes increasingly difficult to know the right steps needed to protect your business.
The cyber security advisors of Friedman CyZen LLC, a Friedman LLP-owned company, bring you peace of mind by empowering you to make sense of cyber security and defend against attacks. Recognizing there is no one-size-fits-all strategy, we deliver customized solutions for the particular vulnerabilities of your organization.
Friedman CyZen’s custom-tailored approach will help you:
- Find unknown cyber risks in your organization.
- Augment IT resources so your internal team can focus on your day-to-day business.
- Mitigate and reduce the chance of a successful attack.
- Comply with the vulnerability and penetration testing requirements of NYDFS and recommendations of the SEC and other regulators.
Why choose Friedman CyZen?
- Human approach. An accessible team of people behind every process and procedure, rather than commonly used automated services.
- Deep-rooted experience. Cyber security consultants with decades of experience protecting entities including the U.S. Department of Defense and the National Security Agency.
- A step further. Solutions that go beyond the typical tunnel-visioned approach — solving the issue at hand and identifying other potential threats.
- Broad resources. Cutting edge expertise of cyber security consultants with access, as needed, to the extensive resources of a top 50 accounting and advisory firm.
Friedman CyZen’s multi-faceted suite of services, including assessment, testing, remediation and monitoring, support a range of businesses within the public and private sectors — from small- and medium-sized businesses to large-scale enterprises. Our extensive experience spans a host of industries including:
Gain peace of mind. To explore how your business can benefit from our cyber security consulting services, please reach out to a member of the Friedman CyZen team or contact us.
Friedman CyZen's cyber security consultants empower you with the tools and knowledge you need to safeguard your systems and networks in real-time for the long haul.
As standalone services or as part of your larger ongoing cyber security plan, our offerings put you in the driver's seat. We help you chart a unique roadmap that identifies vulnerabilities, recommends steps for remediation and strengthens your overall security posture.
Managed Response and Prevention
- Security Baseline Assessment
- Knowing where you stand is the first step toward cyber security readiness. Your Security Baseline Assessment includes a streamlined, enhanced vulnerability analysis and architectural review for small to medium businesses. Access:
- - A snapshot and current risk rating for your company, identifying root causes
- - Targeted remediation steps and a roadmap based on the severity of findings
- Vulnerability Management Program
- Minimize your organization’s risk exposure to current threats with your personalized, easy-to-follow Vulnerability Management Program Report. Our cyber security experts plunge into your systems and networks to uncover weaknesses with no disruption to our daily operations. We:
- - Deploy multiple commercial open source intelligence scanning tools to identify your organization’s low hanging, publicly available data and the vulnerabilities baked into your hardware devices, applications and services
- - Validate discovered vulnerabilities to minimize false positives
- - Add the necessary human element by manually probing discovered assets to identify vulnerabilities, which are undetected by automated tools
- Penetration Test
- Your customized Penetration Test Report details how deeply a hacker can gain access and pivot through your internal network, escalate privileges and retrieve your sensitive data and resources. Your Report will include:
- - Key risks to your environment posed by identified and exploited vulnerabilities
- - Tactical and strategic mitigation recommendations
- - Root cause analysis and a description of how vulnerabilities were exploited
- - Impact statement for each exploited vulnerability
- - Validation of all sensitive information accessed
- Determining the root cause of a breach will allow you to both remediate the issue and prevent a future occurrence.
- Security Architectural Review
- Block leaks before a security deluge. Your comprehensive Security Architectural Review Report will identify the gaps and vulnerabilities within your organization’s security processes and procedures, which details the following:
- - Comparison of your risks against industry best practices and frameworks including, National Institute of Standards and Technology (NIST), International Organization of Standardization (ISO) and Center for Internet Security (CIS)
- - Identified gaps in your security processes and procedures
- - Vulnerabilities in your network device configurations
- - Recommendations for network design, process and procedure improvements
- - Configuration recommendations for your network devices
- Spearphishing Simulation and Training
- Our live 60-minute Spearphishing (SPH) Simulation and Training is designed to educate your organization with best practice approaches that increase system-wide resiliency. Our cyber security consultants help you identify social engineering threats spanning phishing, pretexting, baiting, quid pro quo and tailgating in a methodical and easy-to-follow approach:
- - Employees receive three waves of inconspicuous, malicious emails
- - A report is then generated, which includes:
- - Statistics concerning click rate and credential harvesting based on individual employees or departmental trends
- - Calculated overall risk to Spearphishing attacks
- Social media risk due to password reuse and blending of work and personal digital presence
- - We tailor an intensive training, which incorporates the simulation results to highlight user pitfalls
- Gain 24x7x365 monitoring that volleys malicious activity while highlighting ways to strengthen your overall security posture through our Managed Response and Prevention (MRP) service, which:
- - Provides exploit protection, malware protection, mitigation, remediation and forensics
- - Deploys sensors on all endpoints while collecting syslog/json from other devices on network to SIEM like solution
- - Implements one to two months of baselining activity to determine applications and processes needed for daily use
- - Leverages open-source intelligence across client networks to determine potential threat vector and vulnerabilities
- - Blocks and protects your systems and networks from malware, ransomware, adware, insider threat, and other malicious activity by isolating devices, applications, and processes from becoming potential avenues of propagation
- - Conducts remote investigation and threat hunting
- - Collects information to :
- - Providing endpoint data and artifacts that would otherwise take hours or days to collect
- - Separating high-risk threats from false positives and low-risk threats
- - Providing unique IOC query capabilities designed specifically for security analysts and incident responders
- When a cyber breach occurs, immediate action is key in order to mitigate a ripple effect across your systems and networks. However, we don't stop there. We continue to work closely with you to implement processes and procedures to prevent and minimize future incidents. Our Incident Response actions:
- - Identify the threat vector used and determine the extent of a breach or incident by identifying affected assets and services
- - Deploy custom and commercial tools and run live scans to determine external and internal vulnerabilities to zero in on the malicious activity
- - Log review to analyze the low-level details of a breach with a proper chain of custody
Digital Currency Security
- Close the gap between compliance and security by eliminating weak links in your cyber security chainmail. Based on your industry-specific needs, our cyber experts compare your current policies and procedures against evolving regulatory requirements through the following steps:
• - Reviewing your environment within relevant regulatory requirements
• - Examining your environment within the current industry best practices and security frameworks
• - Identifying the critical business processes and services
• Assessing implemented controls for effectiveness and relevancy
• Interviewing relevant stakeholders to identify gaps in processes and procedures
- The rapidly evolving digital currency space has created a cyber security knowledge void at the organizational level. Cyber attackers are exploiting this education gap by targeting exchanges, companies participating in ICO’s, blockchain platforms and consumers.
- Our accredited cyber security consultants, certified by both the Blockchain Council and C4, will help you enforce best practices, provide blockchain synching analysis and monitoring systems and networks to combat cyber attacks. Your Digital Currency Risk Assessment includes:
- - Best Practice Enforcement:
- - Safeguarding cryptocurrency wallets from threat actors
- - Analyzing secure storage and use of private keys
- - Reviewing incident response policies and procedures to protect cryptographic seeds and keys and decrease the risks associated with lost funds and disclosed trade secrets, and increase the availability of the information system to its users
- - Ensuring the secure generation of cryptographic keys and seeds used within a cryptocurrency or blockchain database
- - Analyzing security systems, technical controls, and policies that protect the information system from all forms of risk as well as penetration and vulnerability tests designed to identify paths around existing controls
- - Reviewing of processes and procedures that cover the removal of cryptographic keys from digital media. Due to the manner in which file systems allocate data on digital media, digital forensic techniques can be employed to read old data that has previously been deleted.
- - Verifying assets are controlled solely by the owner of the platform. This aspect covers the proof of control of all funds that should be held by the information system
- - Audit log reviewed and maintenance. This aspect covers the information system’s maintenance of audit logs that provide a record of all changes to information throughout the system
• Implementation of best practices and procedures within the context of the Cryptocurrency Security Standard from C4. Pending that a company fails to pass the risk assessment, CyZen will assist in recommendations and implementation of C4’s level 3 protocol, ensuring that a successful risk audit can be conducted
• Managed service for vulnerability management, incident mitigation and prevention through 24/7 monitoring, and expert advice from seasoned security experts
• Blockchain synching and analysis of specified wallet addresses and transaction ID’s to ensure successful transactions are conducted