Threatcare Services
Threatcare Services
Partnering with the Threatcare Services team helps you build, measure, and maintain a solid cybersecurity foundation to securely scale your business with peace of mind.
Threatcare is your trusted source of Security Gap Analysis, Vulnerability Assessments, Penetration Testing, Secure Code Review, training, and other cybersecurity services that map directly to your organization’s unique needs.
Threatcare Service Offerings
Cybersecurity Gap Analysis
Threatcare performs Security Gap Analyses on your organization’s currently existing information security program (ability to detect or defend against adversary techniques, tactics, and procedures). This is done by working directly with your organization’s point of contact to reach your defined end goals. Threatcare then provides a comprehensive report to outline what was discovered.
Application Security Assessment
Threatcare performs an Application Security Assessment to ensure applications are secure. Application security assessments can and will combine automated scanning, code review, and a combination of static and dynamic analysis.
Vulnerability Assessment
Vulnerability Assessments review applications, networks, or other systems for any currently existing security vulnerabilities. Without mitigation, these may allow further penetration into a network by an attacker, or for important data to be exfiltrated.
Penetration Testing
Network
Threatcare checks the internal wired and/or wireless networks of a building, to ensure that systems that shouldn’t be talking to each other aren’t. We can determine if any devices connected to those networks are vulnerable to attack. We can then work to see if any of these vulnerabilities will lead to further network compromise of sensitive information.
Hardware (Firmware)
Threatcare reviews hardware connected to critical infrastructure and systems. We look for flaws in firmware to determine if there are any ways that an attack could lead to network compromise, and ensure hardware only accesses what it is supposed to.
Mobile Applications
Threatcare reviews an application to see if it can be securely used by end-users. We will test to make sure data is transferred in a secure manner and is stored securely on your host servers/devices.
Social Engineering
The human is the most difficult asset to secure, but Threatcare helps with our social engineering campaigns. We emulate what an attacker would do to gain access to your network. Everything from dumpster diving, to phone scams, to phishing campaigns.
Tabletop Exercises
Threatcare creates a Tabletop Exercise, which is used with offensive and defensive strategies to determine escalation workflow between teams and attackers, or vice versa. This is also used to help find where there are some holes in communication or system layouts.
Threatcare will initially speak with the internal engineering team to determine their services layout in order to get a high-level overview of system buildout. We use the Microsoft STRIDE™ modeling system to create a Data Flow Diagram (DFD) to scope the size of the network for which you want a threat model.
Threatcare uses the Microsoft STRIDE™ modeling system to review any potential threats to the system being reviewed. Results from threat modeling will be discussed between Threatcare and the engineering team of the selected system(s) to determine if the threats have been mitigated, unmitigated, or need further investigation by the engineering team.
API Security Assessment
Threatcare performs a Vulnerability Assessment on API keys utilized by internal and external systems, to ensure they cannot be abused to obtain more sensitive information (from either a business or its clients).
Secure Code Review
Threatcare reviews code for your application to check for security flaws. We can point out specific examples in code where there may be potential issues, so they can be secured before proceeding with business.
Policy Review
Threatcare reviews existing security-related policies and provides suggestions on improvements if required. We can also review where current policies may be lacking in order to provide added depth.
Digital Forensics & Incident Response
Incident Response allows a business to limit damage and recover faster from compromise or security incidents within the network. Threatcare creates policies and procedures specifically designed to reduce the aftereffects of a security breach. We can also audit already existing Incident Response policies for adherence and efficacy.
Custom Policy Creation
Threatcare creates policies in line with ISO-27001 or within other internal requirements (excluding PCI compliance-related policies). We can help get you prepared to meet minimum policy requirements before making further changes to any specified standards.
Threatcare Training
GDPR Workshop
Threatcare leads workshops for those businesses affected by Europe’s General Data Protection Regulation (GDPR). These workshops will enable you to build and/or update policies and procedures so that they fall within the regulation’s terms.
Threat Modeling
Threatcare offers on-site Threat Modeling Training across the United States. The training will teach staff how to create a working Threat Model, and how to properly apply it at your organization.