Forthright Security utilizes a combination of specialized commercial security products to keep businesses safe.  Our implementation typically consists of a few core technologies, and a few core processes described below:   (NOTE:  This is a summary, not an exhaustive list)

  1. First, We place a server on your network (a virtual machine) that functions as a network Intrusion Detection System (IDS) to monitor traffic inside and outside the firewall.
  2. Second, we’ll be sure the firewall and network switching infrastructure are robust and correctly configured.
  3. Third, we’ll deploy a Host Intrusion Prevention System (HIPS) service to all workstations, servers, and devices, which monitor file integrity, registry entries, and other sensitive operating system files.
  4. Fourth, we set up custom rules based on certain “honeypot” files.  For example, we’ll make a fake Excel document that is named “Strategic Financial Projections to 2020.xlsx” or something of the sort.  Then we’ll explain to the CEO not to touch that file, and we’ll monitor that.  We then know if that file is touched, then it’s malicious behavior and personnel will be alerted.
  5. We’ll help our customers identify critical data and suggest how to implement Defense In Depth strategies to protect it.  We’ll also map out the customer’s network and figure out which systems are critical, which ones are exposed to the internet (higher risk machines), and we’ll document important items related to the customer & staff.  We’ll get plugged into the local IT department and the Management teams.  We’ll also set up an emergency response protocol so we all know how to respond when an event happens.
  6. From there on out, we’ll help the customer harden their network, servers, and workstations, and monitor for threats.
  7. Every week, we’ll deliver an actionable report to the customer indicating what needs fixed, and identify the highest priority.  Our goal is to reduce (Critical and High) risk on internet exposed systems first, then reduce (Critical and High) risk on internal systems next.
  8. Each company (customer) will have a Security Analyst and a Senior Engineer assigned.  You’ll have a support phone number and access to a customer portal where you can access your data and talk to your Forthright Security support team.  If your dedicated support team isn’t available (example – after hours), we’ll do our best to solve the problem with the team on hand or we’ll call their cellular to get your personal support engineer on the line.  We’re serious about customer service, we understand that time is critical, and we are here to protect your business no matter what!