archlightsolutions

Cybersecurity Services

Services

Cybersecurity

Archlight provides comprehensive cybersecurity services that are tailored to every organizatiton’s specific needs. Archlight will help defend against cyberattacks with proactive, focused risk management and threat intelligence to give you the confidence that comes from knowing your operations are secure and protected.

Cybersecurity Services

Security Risk
Assessment

Third Party/Vendor Security Assessments

Social
Engineering

Account & Password Security Assessments

Medical Device Security Assessments and IoT Security

Security Staff
Augmentation

Internal & External Penetration Testing

Phishing

Physical
Security

Cloud Security
Assessments

Business Continuity
Services

Ransomware Protection
Support

Contact Us

Security Risk Assessment

Archlight provides security risk assessment services specifically tailored to the unique needs of your organization.

Does your organization need to comply with local regulations and standards?
Archlight offers a full suite of compliance, certification and attestation services based on industry best practices and standards such as the NIST Cybersecurity Framework (NIST CsF), The Health Insurance Portability and Accountability Act of 1996 (HIPAA), EU General Data Protection Regulation (GDPR), ISO 27001, as well as SOC (Service Organization Control)2.

  • Archlight’s team possesses decades of experience conducting information security risk assessments for reputable and internationally known organizations.
  • Archlight’s leadership team members has at least 15 years of directly relevant cyber security and privacy consulting experience.
  • Archlight’s team has relevant certifications including CISA, CIPP, ISO27kla, CDPSE.
  • Archlight specializes in risk assessment and compliance services.  We understand the specific needs and constraints of modern-day organizations, and we are therefore able to develop solutions that are appropriate for each client’s size, complexity, and needs.

Third Party/Vendor Security Assessments

Archlight performs 3rd party vendor security assessments that provide the level of assurance needed to ensure that your vendors are achieving the level of protection needed to comply with your policies, procedures and compliance requirements.

Archlight’s experienced team members can help you understand your third-party relationship risks and implementing effective controls to increase performance and compliance. We take a holistic approach and design flexible solutions that account for evolving regulatory demands and increase visibility into your relationships.

Our qualified team is fully equipped to provide third-party and vendor technology risk consulting services. We provide value-added, high-quality, meaningful recommendations needed to develop and execute an effective third-party risk management strategy. Through decades of successful technology risk consulting experiences, our advisors understand your business and technology requirements, while taking a holistic perspective to address your immediate and future state concerns regarding the effective use of technology across your business.

Social Engineering

Social engineering is the art of manipulating people to provide an attacker with confidential and private information. Social engineering allows attackers the opportunity to access an organization's network or access to a user’s system. A social engineer, for example, may call a user in an organization and pose as a help desk employee with the intention of manipulating the victim into providing their passwords and/or other sensitive information.

Technical assessments alone are simply not enough to defend against cyberattacks. People are the central component of any company process, and are often the primary gateway to sensitive data and processes Social engineering has become a very successful method for attackers to gain entry into a targeted organization. Once the access is gain, an attacker can easily then search through an organization’s network for sensitive information. Social engineers typically have two goals:

  • Data theft – in which attackers seek valuable or sensitive information or money

  • Data Sabotage – Attackers may seek to destroy and/or disrupt a victim’s environment with the intention of causing as much harm as possible.

Our team can perform numerous testing scenarios for your organization, including intelligence gathering from your environment through phone calls and phishing techniques. Conducting robust social engineering exercises reduces the total risk surface and exposes critical vulnerabilities in your organization and tests the efficacy of the organizational training and awareness programs.

Our experts will provide you with action items that will be tailored specifically to your organization to ultimately safeguard your environment from both internal and external threats.

Account & Password Security Assessments

User accounts and their associated passwords are oftentimes the weakest security link in organizations.

Weak passwords such as “abc123” and poor account management practices are a gateway for cyber attackers and unfortunately organizations are often found consistently using weak passwords. Our experts can help conduct tailored account and password assessments to expose your account and password vulnerabilities. Using your account databases, our experts will conduct a deep assessment of your accounts and passwords to identify weak passwords and identify high-risk default and generic accounts. We will then provide you with a detailed report of our findings as well as robust remediation steps to ensure your environment is well protected.

Unfortunately, in today’s world, poorly configured accounts with typical passwords can lead to a full compromise of your network.

Medical Device Security Assessments and IoT Security

82% of healthcare organizations that have so far deployed medical IoT devices have experienced cyberattacks against those products – putting patient data at risk and undermining confidence in the industry. In addition, according to Frost & Sullivan’s Internet of Medical Things (IoMT) forecast to 2021report, by 2020, 30 billion connected IoT and medical devices are expected to be a part of the healthcare ecosystem.

Whether you’re creating a new IoT/medical product or deploying a medical device, our experienced and skilled consultants will help you identify risk and vulnerabilities and apply solutions to mitigate security issues across your medical device & IoT ecosystem.From managing a large inventory of devices to conducting vulnerability scans on medical and IoT devices, healthcare organizations face many challenges in ensuring all their critical devices are effectively secured. Our team at Archlight has extensive experience conducting comprehensive risk assessments to give you insights on your most vulnerable areas. We can help you build an effective and robust medical and IoT device security program to protect you from attackers.Through proven security and privacy-by-design principals, Archlight can help you identify and assist in the remediation of security and privacy issues throughout the device lifecycle. Archlight’s risk assessments are designed to meet your organization’s specific business needs. Partnering with Archlight will greatly improve your medical equipment’s security posture and ensure your customers, and patients are well protected. Archlight provides several service offerings for medical and IoT devices:

Whether you are in the early phase of development or are already deep in production, Archlight can help secure and protect your medical and IoT devices from compromise of an attack and stay ahead of the competition.

Security Staff Augmentation

Let us help you find cybersecurity (and bilingual) talent who have extensive experience in the healthcare industry.

Our staff augmentation services ensure you have the expertise you need to respond to your cyber security and data privacy challenges, without having to search for, interview, hire, and retain personnel.

Our expert team members can quickly deliver effective solutions to meet your needs. Save time with the right expertise at the right time without having to invest in prolonged hiring and vetting processes. Specifically, Archlight can help by:

  • Providing you a full-time resource at any stage of your project cycle to minimize any project disruptions or delays.

  • Identifying and filling a temporary role to meet your short-term needs.

  • Providing you with subject-matter experts for your specific technical and/or regulatory needs.

  • Recruiting on your behalf to find identify fully-vetted security and privacy experts to meet your short and long-term needs.

Internal & External Penetration Testing

Are your organization's IT systems and network sufficiently protected against external attacks?

Archlight’s team and strategic partners have the knowledge and capabilities to conduct penetration testing (ethical hacking) that simulate the actions of a hacker or malicious insider in a real-life attack scenario. Such authorized tests are performed by ethical hackers (white hats posing as black hats) to ensure that your organization has visibility and understanding of security risks, weaknesses, and response capabilities for applications, systems, or networks allowing action to be taken to protect your assets from damage before it’s too late.

Technical assessments alone are simply not enough to defend against cyberattacks. People are the central component of any company process, and are often the primary gateway to sensitive data and processes Social engineering has become a very successful method for attackers to gain entry into a targeted organization. Once the access is gained, an attacker can easily then search through an organization’s network for sensitive information. Social engineers typically have two goals:

  • Data theft – in which attackers seek valuable or sensitive information or money

  • Data Sabotage – Attackers may seek to destroy and/or disrupt a victim’s environment with the intention of causing as much harm as possible.

Our team can perform numerous testing scenarios for your organization, including intelligence gathering from your environment through phone calls and phishing techniques. Conducting robust social engineering exercises reduces the total risk surface and exposes critical vulnerabilities in your organization and tests the efficacy of the organizational training and awareness programs.

Our experts will provide you with action items that will be tailored specifically to your organization to ultimately safeguard your environment from both internal and external threats.

Phishing

Does your organization and do your employees have the skills necessary to identify and prevent phishing attacks aimed at obtaining sensitive information from your organization’s staff?

Phishing attack perpetrators target employees by convincing them to give up confidential credentials and then use these credentials to gain access to an organization’s network. Our team will conduct simulated phishing attacks by sending emails appearing to come from a legitimate source in an attempt to collect credentials from employees (i.e. requesting to verify user names or passwords or other sensitive credentials). The carefully designed phishing emails come from fake addresses and are formatted with professional logos and graphics to appear genuine to the recipients as if coming from a legitimate source such as a business partner. They are targeted to employees or executives with access to critical systems or confidential information (such as personally identifiable information or PII).

Conducting phishing exercises helps to reduce the risk and exposure to some of these attacks and helps to determine the effectiveness of the security training and awareness program.

Social engineering exercises also help an organization test the effectiveness of its policies and procedures.

Physical Security

Weak physical security can endanger the confidentiality, integrity and availability of your data and the safety of your staff and customers. In addition, numerous regulations require the use of strong physical security controls.

We use a structured analysis process that allows us to develop a deep understanding of your organization, conditions, and unique security risks and threats.

Our engagement team will consider all aspects of your physical security controls and identify any weaknesses. In addition, we will identify opportunities to reduce costs by providing solutions that address several risks. Our team will also employ several strategies and techniques to attempt to circumvent and breach your physical security controls to identify your security vulnerabilities. We can assess both your physical and environmental protections currently in place at your locations.

Our team have backgrounds in  security, auditing and emergency response which can take a large view of threats and controls at your locations.

Cloud Security Assessments

A business continuity plan will help minimize and possibly even prevent serious consequences and downtime following a disaster or a major security disruption such as a data breach or ransomware attack. An effective business continuity plan will also help limit the impact on patient safety and minimize overall business or clinical disruption.

Our experts will assess the criticality of your organization’s business and clinical processes to determine the impact and consequences of loss of business operations and the impact on patient safety. Ultimately, our business and clinical continuity services will help you minimize your company’s level of risk and increase your overall resiliency.

Archlight has a selection of Business Continuity consulting services to help alleviate the pressure. Our Business Continuity experts can help develop your Business Impact Analysis, completing your risk assessments, create your Business Continuity and Incident Response plans, or testing the plans you already have in place. Do not be caught unprepared.

Whether you’re starting from the beginning or building on an existing program, Archlight can adapt its approach to meet your needs by either implementing BCP in full or by selecting those services that meet your specific business needs.

Business Continuity Services

Secure your transformation to the Cloud.

Let our experts help you identify cloud configuration vulnerabilities and provide you with tailored guidance on areas of cloud security improvement. We can help secure your implementation on leading cloud platforms such as Google Cloud, MS Azure, Amazon Web Services, and other cloud providers.

Our cloud security assessment process can provide you with insights into your current adoption of cloud
processes. Our cloud security services can help you determine your security risk by evaluating your infrastructure security through our assessment processes and through the use of industry leading frameworks. Our cloud security services can also assist you at any stage of your cloud transformation, allowing you to focus on your core business and drive innovation.

Take advantage of our Office 365 security implementation assessment process to ensure your platform is optimized and that your data is appropriately protected.

Archlight can provide robust security reviews and certifications of cloud hosted platforms including Center for Internet Security (CIS), HITRUST CSF Certification, SOC 2 Type 2 Attestation and Cloud Security Alliance Cloud Controls Matrix (CSA CCM).

Ransomware Protection Support

Do not become a victim to a ransomware attack. Let Archlight help shore up your defenses to minimize the risk of business disruption and paying high ransom fees.

What is ransomware?

Ransomware is a type of malware that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. Ransomware encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them.

Why Archlight?

Our experts are well versed in providing services to ensure you are well protected from a ransomware attack. Our team will carefully assess your company’s current ransomware protection infrastructure as well as your vulnerabilities to provide you with optimal ransomware protection services.

The best prevention is vigilance and we take pride in training and educating your staff in best practices to avoid falling victim to the most common methods (such as email phishing scams) that attacker will try to use to manipulate them into introducing malware to your network.

Our experts will minimize extensive, time consuming discovery and documentation processes to quickly deliver what matters most, prescriptive guidance to decrease your prospects of becoming a  ransomware victim.