Cybersecurity Services

Does your organization need to comply with local regulations and standards?
Archlight offers a full suite of compliance, certification and attestation services based on industry best practices and standards such as the NIST Cybersecurity Framework (NIST CsF), The Health Insurance Portability and Accountability Act of 1996 (HIPAA), EU General Data Protection Regulation (GDPR), ISO 27001, as well as SOC (Service Organization Control)2.

• Archlight’s team possesses decades of experience conducting information security risk assessments for reputable and internationally known organizations.
• Archlight’s leadership team members has at least 15 years of directly relevant cyber security and privacy consulting experience.
• Archlight’s team has relevant certifications including CISA, CIPP, ISO27kla, CDPSE.
• Archlight specializes in risk assessment and compliance services.  We understand the specific needs and constraints of modern-day organizations, and we are therefore able to develop solutions that are appropriate for each client’s size, complexity, and needs.

Archlight’s experienced team members can help you understand your third-party relationship risks and implementing effective controls to increase performance and compliance. We take a holistic approach and design flexible solutions that account for evolving regulatory demands and increase visibility into your relationships.

Our qualified team is fully equipped to provide third-party and vendor technology risk consulting services. We provide value-added, high-quality, meaningful recommendations needed to develop and execute an effective third-party risk management strategy. Through decades of successful technology risk consulting experiences, our advisors understand your business and technology requirements, while taking a holistic perspective to address your immediate and future state concerns regarding the effective use of technology across your business.

Technical assessments alone are simply not enough to defend against cyberattacks. People are the central component of any company process, and are often the primary gateway to sensitive data and processes Social engineering has become a very successful method for attackers to gain entry into a targeted organization. Once the access is gain, an attacker can easily then search through an organization’s network for sensitive information. Social engineers typically have two goals:

• Data theft – in which attackers seek valuable or sensitive information or money

• Data Sabotage – Attackers may seek to destroy and/or disrupt a victim’s environment with the intention of causing as much harm as possible.

Our team can perform numerous testing scenarios for your organization, including intelligence gathering from your environment through phone calls and phishing techniques. Conducting robust social engineering exercises reduces the total risk surface and exposes critical vulnerabilities in your organization and tests the efficacy of the organizational training and awareness programs.

Our experts will provide you with action items that will be tailored specifically to your organization to ultimately safeguard your environment from both internal and external threats.

Weak passwords such as “abc123” and poor account management practices are a gateway for cyber attackers and unfortunately organizations are often found consistently using weak passwords. Our experts can help conduct tailored account and password assessments to expose your account and password vulnerabilities. Using your account databases, our experts will conduct a deep assessment of your accounts and passwords to identify weak passwords and identify high-risk default and generic accounts. We will then provide you with a detailed report of our findings as well as robust remediation steps to ensure your environment is well protected.

Unfortunately, in today’s world, poorly configured accounts with typical passwords can lead to a full compromise of your network.

Our staff augmentation services ensure you have the expertise you need to respond to your cyber security and data privacy challenges, without having to search for, interview, hire, and retain personnel.

Our expert team members can quickly deliver effective solutions to meet your needs. Save time with the right expertise at the right time without having to invest in prolonged hiring and vetting processes. Specifically, Archlight can help by:

• Providing you a full-time resource at any stage of your project cycle to minimize any project disruptions or delays.

• Identifying and filling a temporary role to meet your short-term needs.

• Providing you with subject-matter experts for your specific technical and/or regulatory needs.

• Recruiting on your behalf to find identify fully-vetted security and privacy experts to meet your short and long-term needs.

Phishing attack perpetrators target employees by convincing them to give up confidential credentials and then use these credentials to gain access to an organization’s network. Our team will conduct simulated phishing attacks by sending emails appearing to come from a legitimate source in an attempt to collect credentials from employees (i.e. requesting to verify user names or passwords or other sensitive credentials). The carefully designed phishing emails come from fake addresses and are formatted with professional logos and graphics to appear genuine to the recipients as if coming from a legitimate source such as a business partner. They are targeted to employees or executives with access to critical systems or confidential information (such as personally identifiable information or PII).

Conducting phishing exercises helps to reduce the risk and exposure to some of these attacks and helps to determine the effectiveness of the security training and awareness program.

Social engineering exercises also help an organization test the effectiveness of its policies and procedures.

We use a structured analysis process that allows us to develop a deep understanding of your organization, conditions, and unique security risks and threats.

Our engagement team will consider all aspects of your physical security controls and identify any weaknesses. In addition, we will identify opportunities to reduce costs by providing solutions that address several risks. Our team will also employ several strategies and techniques to attempt to circumvent and breach your physical security controls to identify your security vulnerabilities. We can assess both your physical and environmental protections currently in place at your locations.

Our team have backgrounds in  security, auditing and emergency response which can take a large view of threats and controls at your locations.

Our experts will assess the criticality of your organization’s business and clinical processes to determine the impact and consequences of loss of business operations and the impact on patient safety. Ultimately, our business and clinical continuity services will help you minimize your company’s level of risk and increase your overall resiliency.

Archlight has a selection of Business Continuity consulting services to help alleviate the pressure. Our Business Continuity experts can help develop your Business Impact Analysis, completing your risk assessments, create your Business Continuity and Incident Response plans, or testing the plans you already have in place. Do not be caught unprepared.

Whether you’re starting from the beginning or building on an existing program, Archlight can adapt its approach to meet your needs by either implementing BCP in full or by selecting those services that meet your specific business needs.

Let our experts help you identify cloud configuration vulnerabilities and provide you with tailored guidance on areas of cloud security improvement. We can help secure your implementation on leading cloud platforms such as Google Cloud, MS Azure, Amazon Web Services, and other cloud providers.

Our cloud security assessment process can provide you with insights into your current adoption of cloud
processes. Our cloud security services can help you determine your security risk by evaluating your infrastructure security through our assessment processes and through the use of industry leading frameworks. Our cloud security services can also assist you at any stage of your cloud transformation, allowing you to focus on your core business and drive innovation.

Take advantage of our Office 365 security implementation assessment process to ensure your platform is optimized and that your data is appropriately protected.

Archlight can provide robust security reviews and certifications of cloud hosted platforms including Center for Internet Security (CIS), HITRUST CSF Certification, SOC 2 Type 2 Attestation and Cloud Security Alliance Cloud Controls Matrix (CSA CCM).

What is ransomware?

Ransomware is a type of malware that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. Ransomware encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them.

​Why Archlight?

Our experts are well versed in providing services to ensure you are well protected from a ransomware attack. Our team will carefully assess your company’s current ransomware protection infrastructure as well as your vulnerabilities to provide you with optimal ransomware protection services.

The best prevention is vigilance and we take pride in training and educating your staff in best practices to avoid falling victim to the most common methods (such as email phishing scams) that attacker will try to use to manipulate them into introducing malware to your network.

Our experts will minimize extensive, time consuming discovery and documentation processes to quickly deliver what matters most, prescriptive guidance to decrease your prospects of becoming a  ransomware victim.