Businesses like yours are under attack by nation states, criminal organizations, and activists who are seeking to gain corporate intellectual property, customer data, competitive advantage, disrupting your business operations. Your business priorities, coupled with the various motives of the attackers, make a one-size-fits-all approach to cybersecurity solutions impractical. The size and scope of a security portfolio for one company or industry may not be practical for you. Additionally, defending against modern threats doesn’t necessarily require the most advanced technology - it requires a plan and diligence. At Ascent, we approach Cybersecurity in 5 domains: Security Strategy and GRC, Identity and Access Management, Infrastructure Protection, Data Protection, and SIEM/Operations. Finally, we have 2 important and unique capabilities: Incidence Response and White Team Hunts. For Ascent, we take the skills that many of our cyber architects and leaders gained defending our nation from cyber threats to enterprises of all sizes. By taking a cyber warfare approach to your environment, we help you allocate your valuable resources to defending the correct territories to successfully combat those malicious actors trying to steal your assets.
Our Cybersecurity Offerings
Security Strategy and GRC
Assessing your current security posture and making a plan to stay ahead of the malicious actors is a tough task with risks that can cost your company money and its reputation. Threats are constantly changing and sadly the bad guys get more clever every day. Coupled on top of that is constantly changing regulations, meaning your Governance, Risk, and Compliance (GRC) teams are constantly struggling to meet the obligations put on your company. And with GDPR having global impact to virtually every company, the challenge is only increasing. Ascent's security practice is here to help you assess your environment, rationalize or leverage your tooling better, and help build or support your existing strategy.
In the beginning of networked computing, keeping the bad guys out generally meant building a bigger wall effectively. Networking firewalls and complex methods to get to your infrastructure on premises was the logical method. In the age of the internet and mobility, however, walls only serve to keep your employees from being productive. Cloud computing, mobile platforms, and IoT has pushed the network in to shared internet spaces. Managing and securing your identities and your end points are the new infrastructure edge where walls don't exist. By leveraging our leading Productivity capabilities with Microsoft 365, especially EM+S, Ascent will help you integrate those solutions by simplifying your environment with fewer point solutions and increasing capabilities rolled out via cloud services.
SIEM and Operations
Recognizing and reacting to threats means more than just having the tools in place - it means integrating the tools with the processes and experience to see the threats and react in time before a compromise becomes a breach. With the evolving threats fooling the evolving tools, keeping your process and operations up-to-date with the latest threat intelligence will help you avoid danger. With Ascent's experience in cyber warfare within the military, our cyber security team has years of experience under constant threat from individuals to nation states.
Unfortunately, the malicious actors get through every now and again. Not always is it catastrophic, but every time there is a breach you need to respond by understanding what happened, what data was exfiltrated or otherwise compromised, and how to stop the damage. Our team of experts have been involved in responded to many high-profile breaches, including by highly-sophisticated actors, hacktavists, and by nation states. Ascent will respond with cool heads and the tools necessary to root out the damage and help you close the holes that enabled the compromise and the eventual breach to occur, allowing you to assess the damage and prepare a recovery plan.
White Team Hunts
Modifying the famous saying a bit, "There are those who've been compromised and those who just don't realize they've been compromised." Do you know if you've been compromised, even if no action has been taken against you? Is there a bot or a piece of malicious code sitting in your environment, waiting to be activated? Ascent has a team of hunters who stay completely confined within your network (i.e., defensive hunts, not offensive hunting) to determine where there may be any active or passive malicious actors. Following the kill chain backwards, we can help you find the threats in your environment and build your plan to remediate. Our White Team Hunts, which was a capability previously only feasible for the largest financial institutions and government bodies, are a unique service that we can provide to customers of all sizes.
Identity and Access Management
Credential Theft remains the top cause of breaches for companies, accounting for well more than half of all breaches. Ascent Solutions created an Active Directory assessment to baseline companies against published best practices and, after performing assessments across companies ranging from 20 employees to 20,000 employees, the results were grim. Only 1 company we ever surveyed was prepared to meet the threats with a healthy AD environment and the processes and tools to keep the bad guys out. Ascent uses a combination of partners, including Microsoft and BeyondTrust, extensive training, and experience in cyber warfare to work with our customers to protect their most critical vulnerability: their identities.
Compliance and security are two different things, even though quite often they fall under similar categories. You can be compliant with your data by following all your Governance, Risk, and Compliance (GRC) related rules and still be unsecure. This is especially true in an era of increasing unstructured data (like documents, e-mails, and spreadsheets), increasing data gathering devices (like IoT devices), and increasing demand for mobility solutions. Coupled with our Identity and Access Management practice, Ascent leverages the strong tools available through Microsoft EM+S suite to ensure your data remains your data, accessed only by authorized people and systems and only in the time frames allowed to them.
We have a wide range of security assessments built through our experience and leveraged by customers around the country.
- Active Directory Health
- Windows Security
- Microsoft 365 Secure Score Action Plan
- Cloud Services Security Assessment
- GDPR Readiness Assessment
- PCI Readiness Assessment
- HIPAA Readiness Assessment
- PII Readiness Assessment
- CIS Readiness Assessment
- Enterprise Mobility + Security - All Solutions
- EM+S Identity Management including Azure AD, MIM/PAM, Multi-Factor Authentication, SSPR, SSO
- EM+S Threat Management including ATA, ATP
- EM+S Rights Management including Azure Information Protection, Windows Information Protection, O365 Information Protection
- EM+S Cloud App Security
- Azure Operations Management System (OMS)
- BeyondTrust PowerBroker
- Quest AD Migration Manager
- Readiness and Security Health Assessments
- Cyber Key Terrain Workshop