H2s services revamped and updated

Nothing stands still in cyber security, and whilst the principles of risk management remain the same as ever, how these are applied to fight off the continuing evolvement of cyber attacks, has to evolve alongside that. To that end H2 is constantly reviewing and updating its services offering, alongside its product portfolio, to reflect its adherence to the principles of risk management, whilst providing the protections needed against the latest attacks.

We thought it timely to republish the full list of services that we now provide, especially whilst we're waiting for our website to be updated. So here they are:

Cyber Maturity Assessment

A cyber maturity assessment is the ideal way for businesses to fully understand their current cyber security position and to assess what needs to be done to protect themselves effectively, going forward.?It is often the best place to start when thinking about protecting themselves effectively from the growing number of online threats and risks.

Conducted by H2 experts as a fixed cost project, its outcome is a report which shows you exactly where your business is in terms of cyber risks and information security in a way that is demonstrable and easy to understand.

THE BENEFITS OF A CYBER MATURITY ASSESSMENT INCLUDE:

·?????It is a comprehensive on-site or remote review of all your hardware and software to identity potential cyber risks and vulnerabilities.

·?????It includes mapping all your systems so you can clearly see their connections and interrelationships.

·?????The investigation process includes interviews with your staff and an examination of your current cyber policies and procedures.

·?????It also covers assessing your current security architecture and technical controls in relation to preventing cyber risks.

·?????The report includes an industry recognised risk score, so you know how you compare to others and know how you are currently performing in terms of cyber protection maturity.

·?????The report’s findings are detailed in a comprehensive easy to understand way.

·?????The report also explains how individual services can be used together to create a comprehensive risk management strategy for your business.

·?????Any recommendations made in the report can be phased in over time at a pace and budget to suit you.

?Cyber Essentials and Cyber Essentials Plus

Cyber Essentials and Cyber Essentials + are simple but effective, Government backed certifications that will help you to protect your organisation, whatever its size, against a whole range of the most common cyberattacks. Any company wishing to do business with the public sector is required to achieve certification and it is great way to demonstrate your commitment to keeping your client’s data secure, regardless of the sector you are working in.

H2 has chosen not to join the IASME consortium themselves, but instead to draw on?its many years of experience working for major government departments, certified under a previous scheme, to deliver robust and accreditable cyber security solutions. We have partnered with a member of the IASME consortium to carry out the necessary auditing functions required to achieve certification. In this way we do not mark our own homework and provide our clients with an additional level of assurance, that there has been an effective and robust analysis of their network and processes, to ensure that the certification is as effective as it needs to be.

Cyber Security Awareness Training

Cyber Awareness Training, or rather the lack of, is a favourite hobby horse of ours, particularly as it affects non-technical staff where it is vitally important for both managers and employees. If you don’t know what threats exist, then how can you look out for the signs, and how can you effectively target your security spend. Likewise, staff must know what to look out for, how attacks are formulated and how they are carried out. A good motivator for staff is that, to put it bluntly, their jobs are on the line if the business is hit badly and loses money. Most SMEs are running businesses where cash flow is king, and they simply can’t afford the kind of hits that many are experiencing.

A major misconception is that cyber security is an IT issue. Wrong, it’s a business issue. This misconception is generally arrived at because it is seen as having complex technical solutions that only the ‘techies’ fully understand. However, this is not the case. Cyber security needs to be in the culture of the company, a culture that protects the business from harm. Each person must have at least a basic understanding of the issues they face and how their attitude can affect the cyber security posture of the entire organisation.

It cannot be stressed enough that whilst your staff are your greatest asset, they can also be the biggest threat regarding cyber security. Most data leaks are caused not be personnel doing anything deliberately wrong, but by doing things they didn’t know they shouldn’t.

H2 can deliver awareness training face to face, online via MS Teams or Zoom.

360o Perimeter-less Protection in a Hybrid World

The threat landscape has always been ever changing and we have long been playing catch up to the cyber criminals and scammers but working patterns have now changed so much and in such a short space of time, that we have created a whole new avenue of problems for ourselves.?The global pandemic has changed working patterns so that the office is no longer the bastion that it was, and our network boundary is now our laptop, phone, or tablet, wherever we may be working from.

Here at H2 we have been very busy coming up with solutions to meet these new requirements.?We have aimed at driving down complexity and cost and at the same time recognising the ‘new normal’, whatever that may mean for your company, and covering off zero day attacks and ransomware, two of the most dangerous threats to all organisations. But our solutions are aimed at the SME which means they must be affordable as well as innovative and comprehensive.?We think we’ve done just that.

Our solution is based on sound risk management techniques allied with products which work seamlessly together or as individual solutions.?Whether you need one of these, two, three or all four, depends on your requirements and to some extent, your size of company and the vertical you operate in.?Two of these products are very new to the UK market but are tried and tested in other countries, notably the US.?The access management solution has been in use in Europe for some time whilst the anti-malware solution which covers off zero day and ransomware, has been in use in the enterprise market, especially government and CNI for some years and is only now available in an affordable way, for SMEs.

WHAT IS ZERO DAY, ZERO TRUST ARCHITECTURE AND WHAT DO WE MEAN BY SHIELD TECHNOLOGY?

·?????Zero Trust is a security framework requiring all users, whether in or outside the organization's network, to be authenticated, authorized, and continuously validate for security configuration and posture before being granted or keeping access to applications and data.

·?????A zero-day exploit is?an attack that takes advantage of a security vulnerability that does not have a fix in place. It is referred to as a "zero-day" threat because once the flaw is eventually discovered, there is "zero days" to then come up with a solution.

·?????Advanced shield technology is a ‘one time’ fit security solution that prevents against malware, ransomware, zero-day attacks, and all other cyber threats, known and unknown.

·?????Shield technology does not use signatures so there is no need for constant updates to add newly discovered threats and no risk of becoming a zero-day victim. The system proactively scans workstations, laptops, and other devices for sensitive data using smart patterning, and assigns a financial value to the risks you’re exposed to.?It tracks and audits data risk in real time by continually monitoring incoming and outgoing sensitive data flows to and from your perimeter-less organisation.

H2 now has a framework which allows one or more solutions to work together in a managed scenario for the client, giving that client peace of mind that their critical data is being protected.?H2 provides timely reports regardless of the technologies being used and ensures that such technologies fit with the client requirements.

All solutions come with an offer of a free proof of concept, at the end of which the solutions can remain in place, or be removed, depending upon the client.?Pricing can be formalised at that point, but guide pricing can be given in advance of any POC being started.

So, before you simply renew your anti malware solution, please call us and discuss the issue.?You will be surprised.

Data Protection?Services

H2 Cyber Risk Advisory Services understands that for many mid-market enterprises, employing a dedicated person to manage their data protection requirements, or reallocating an existing employee’s time to it, is expensive and not always possible.

Whilst larger companies may have the resources to cover this cost, many smaller businesses haven’t, yet under the UK GDPR, many?have the same legal obligation to have a Data Protection Officer as firms with multi-million pound turnovers.

The fact is that most?businesses that collect or process personal data are?required by law to have a nominated Data Protection Officer. This includes many businesses and sectors that you may not initially think of, from estate agents?(who retain significant amounts of personal and financial information) to pharmacy chains, solicitors, financial advisors,?and manufacturers.?This list is far from exhaustive.

Therefore, H2 has partnered with Actifile (for more information on Actifile see the Innovations tab on our website), to deliver a service that SMEs can afford so that they are no longer behind the curve.??

The personal details of employees also come under UK GDPR, so every business that employs staff – regardless of whether they collect and process customer personal data – is required to have a Data Protection Officer.

What’s more, the company MD or CEO is not permitted to be the business Data Protection Officer; it must be independent from the management of the company and who won’t be dismissed or penalised for performing data protection tasks.

Our Data Protection service fully fulfils the requirements of UK GDPR and gives you access to a live named expert who manages your data protection and GDPR activities for you on a monthly subscription basis.

THE BENEFITS OF HAVING A MANAGED DATA PROTECTION?SERVICE INCLUDE:

·?????It will identify all your data holdings, where each document resides and what your level of risk exposure is, before advising how this risk can be reduced to an acceptable level.

·?????No need to employ someone new or allocate an existing member of staff to data protection.

·?????The?service provides a data professional?who is always available to you during the working week.

·?????They will respond to your data protection queries and questions within two hours.

·?????They will manage Subject Access Requests (personal data requests from customers or employees) that you receive and are obligated in law to respond to.

·?????They will manage and investigate any data breaches that you experience.

·?????They will undertake a Data Protection Impact Assessment (DPIA) for you to highlight and minimise the data protection risks of a project.

·?????They will liaise with the Information Commissioner’s Office (ICO) for you.

·?????They will provide you with regular advice and guidance on data protection.

·?????They are available for a low fixed cost every month.

Privileged Access Management

Cyberelements.io is a Zero Trust Privileged Access Management solution securing all type of access. It is a platform to secure both standard and privileged access to applications and resources. The unified experience offered by cyberelements allows organisations to rapidly connect users, whether they were on site or working remotely. It enables a secure access to IT and OT systems in few minutes. Eliminating the need to use multiple and complex cybersecurity tools. Advanced security is granted through a Zero Trust approach combining Privileged Access Management (PAM) and Identity & Access Management (IAM). Prioritising identity and context as the new security parameter.

Centralise your users’ management in a single security platform:

Zero Trust approach:

H2 has partnered with Cyberelements to provide a distinctive double-barrier architecture allowing only outgoing flows from your infrastructure and therefore no port opening.

Backed with a protocol break with an URL rewriting technology, and random & volatile network ports between the resources and the users to reenforce security. This ZTNA approach secure access while hiding the organisations resources from the Internet.

?Privileged Access Management:

For critical access where users handle sensible data, cyberelements offer Privileged Access Management functionalities. The key features include session recordings, and real time analysis & monitoring allowing organizations to not only watch sessions but also block the session when needed. A Password Vault is also proposed with automatic rotation and injection. With the Just-in-time gives you have the possibility to give an access to specific applications and resources for a certain time.

Identity and Access Management:

Easily synchronise cyberelements to your organisations existing repositories from any any SAML et OIDC provider. The platform can also be connected to various Multi-Factor Authentication (MFA) solutions. Finally, the Single-Sign On (SSO) allows you to improve your user experience by removing the hassle of credential management.

Secure access from anywhere

Secure access to SaaS, Cloud, and on-premise resources

Secure standard, critical resources

Secure both IT and OT

Secure remote access:?Instantly give a secure access from anywhere to both internal collaborators and 3rd?parties whether you have a BYOD policy (Bring your own device) or not.

Secure privileged users’ access:?Insure your most critical data and assets security with cyberelements. Privileged users can access using any protocol: web, RDP, SSH.

vPAM:?Protect your infrastructure from Supply Chain Attacks. Whether your 3rd?parties include customers, suppliers, or partners you can give them a highly secure access within minutes.

OT:?A single platform to secure your IT and OT systems. It enables the segmentation and isolation of all access contexts.

Penetration Testing, Vulnerability Assessment and Social Engineering Testing

H2 has recently added the above services to its portfolio and a price that is really affordable for SMEs.?Services include:

Internal/external network audit, including but not necessarily limited to:

·?????Host Discovery

·?????Service Scanning and discovery

·?????Banner Grabbing/OS Fingerprinting

·?????Scan for Vulnerabilities

·?????Manual and automated exploitation

·?????Post-exploitation & network privilege escalation

·?????Active Directory recon and admin takeover

·?????NAS and fileservers takeover

·?????Virtualization Management Security Test

SMB/Net-Bios exploitation

·?????Credentials memory dump

·?????Sniffing, spoofing, and relaying

·?????DNS vulnerability exploitation and exfiltration

·?????workstations, firewall/router, switches, access points, servers

·?????Internal Audit based on PTES (Penetration Testing Execution Standard)

?Internal Network Audit Workflow

·?????Port Scanning

·?????System Finger printing

·?????Services Probing

·?????Exploit Research

·?????Active directory takeover

·?????Manual Vulnerability Testing and Verification

·?????Manual Configuration Weakness Testing and Verification

·?????Limited Application Layer Testing

·?????Firewall and ACL Testing

·?????Administrator Privileges Escalation Testing

·?????Password Strength Testing

·?????Network Equipment Security Controls Testing

·?????Database Security Controls Testing

·?????Internal Network Scan for known Trojans

·?????Third-Party/Vendor Security Configuration Testing

·?????Tailored Best Practice Recommendation report

OUR SECURITY ENGINEERS ARE CERTIFIED WITH:

·??????CCSP Certified Cloud Security Professional

·?????Certified Incident Handler (ECIH)

·?????CompTIA Pentest +

·?????Certified Penetration Testing Consultant (CPTC)

·?????Offensive Security Certified Professional OSCP

·?????Offensive Security Web Exploitation (OSWEAVAE)

·?????Certified Ethical Hacker

·?????CISM Certification Security Manager

·?????Nexpose NACA Certified Administrator

·?????Nexpose Certified Administrator

·?????Fortinet - Network Security Associate

·?????CCNA CISCO Certified Routing and Switching

·?????AZ-900|Microsoft Azure Fundamentals

·?????GCP| Google Associate Cloud Engineer

·?????Cisco - Certified Network Associate (CCNA)

·?????CREST CPSA certification

·?????Splunk - Core Certified User

Here at H2 we have spent a lot of time and energy researching solutions for the SME sector that will provide affordable and flexible one-off and ongoing data protection and cyber risk protection services.

To learn more about the services we provide please click here?https://www.hah2.co.uk/

Please feel free to give us a call or email

Alternatively, you can book a slot using our Calendly link,?https://calendly.com/kevin_hah2

T: 0845 5443742

M: 07702 019060

E:?[email protected]

Trust H2 – Making sure your information is secure