A subscription-based service that builds and strengthens your security program

coreSecurity is our custom solution to securing businesses with 10-300 employees. Whether you are unsure of how to start an information security program or are looking to take it to the next level, coreSecurity is perfect for you. We’ve packaged some of our most effective and efficient services into a program designed with security and affordability in mind. We’ll deliver essential solutions that every business should have and help bring your company’s information security program to maturity.

Perfect for:

  • Small to medium sized businesses and non-profit organizations
  • Businesses who want to start a security program

Provides you with:

  • High-impact, cost-effective solutions focusing on information security best practices
  • A trusted security adviser, going beyond a point in time assessment
  • More time, money, and resources to focus on your primary business objectives, leaving us to focus on your information security program
 Penetration Testing

Penetration Testing

Emulating real-world attackers to reveal your true risk to a cyber-attack

Penetration testing demonstrates how well your network and information assets are protected by emulating real-world attackers. Combined with a comprehensive security program, penetration testing will help reduce the risk of a data breach. By emulating your adversary, Rigid Bits will help you discover critical exploitable vulnerabilities and remediate them before you are compromised. Rigid Bits customizes every penetration test to fit your needs, from compliance requirements to red team testing, for small businesses to Fortune 100 companies.

Using a proven methodology, we work with your staff to identify unique threats to your business and define key assets that are at risk. Engagements begin with defining your unique testing goals and the attack scenarios that will be used. Our experienced and certified team then use real-world attacks against your environment to identify and exploit high-risk vulnerabilities. During the engagement, our team stays in close contact to provide status reports and prompt notification of critical risks. We offer both executive and technical debriefs at the end of every engagement, ensuring a full understanding of the exploitable vulnerabilities in your environment and recommended remediation steps.

Common services include:

  • External Network : Attacks against your external perimeter. This emulates an attacker on the internet.
  • Internal Network: Attacks from an established internal network point. This emulates an already compromised system or a malicious employee or contractor, for example.
  • Wireless Network: Attempting to compromise the environment through wireless technologies.
  • Physical Testing: We will hop fences, pick locks, and use social engineering in an attempt to gain unauthorized physical access.
  • PCI Penetration Testing: Testing that complies with PCI-DSS requirements.
  • Web Application:Web application focused testing.
  • Red Team: A customized and blended approach of all the above, emulating different adversaries

Perfect for:

  • Businesses who want to identify their true risk to a cyber attack
  • ​Meeting compliance or regulatory mandates

Provides you with:

  • A detailed report on high-risk and exploitable vulnerabilities in your environment and recommended remediation steps
 Vulnerability Assessments

Vulnerability Assessments

Provides you with the data you need to ensure your greatest risks are addressed and monitored

Vulnerability assessments discover and quantify security vulnerabilities in your environment. It is an in-depth evaluation of your information security posture, exposing weaknesses and providing the appropriate mitigation steps required to either eliminate those vulnerabilities or reduce them to an acceptable level of risk.

If your organization is required to comply with HIPAA, SOX, or PCI, a vulnerability assessment is more than a best practice – it’s required. In the event of a data breach, the lack of effective vulnerability scanning and reporting will show negligence. Vulnerability assessments provide a quick, easy, and cost-effective check to verify your systems are secured.

Our vulnerability assessment service will provide you with the data you need to make sure your greatest risks are addressed and monitored. We’ll categorize their severity and help you understand which ones should be addressed as a high priority. Vulnerability assessments should be performed throughout the lifetime of your company’s operation and should be conducted at a minimum quarterly. ​

If you are looking for a more in-depth assessment of risk, Rigid Bits also offers Penetration Testing. Our Penetration Testing services will determine your true risk of a cyber attack and empower you to better secure your business-critical systems and data.

Perfect for:

  • Businesses who want to quickly identify and rank vulnerabilities in their environment
  • ​Meeting compliance or regulatory mandates

Provides you with:

  • A report on vulnerabilities in your environment, with detailed remediation steps
 Social Engineering

Social Engineering

Test your security awareness training

Social engineering is the art of manipulating people to perform actions or divulge confidential information. Many companies deploy expensive and high-end technical controls to protect their sensitive data, yet fail to realize that the weakest link is almost always their employees. Real world attackers consistently take advantage of human behavior to get what they want. Social engineering tricks employees into breaking normal security procedures resulting in the compromise of sensitive company information, or even access to internal systems.

Rigid Bits will challenge your organization by attempting to access buildings, performing email phishing, dropping USB drives with enticing files, and calling employees to harvest sensitive information and test your information security controls and awareness training.

Looking for ongoing testing? Rigid Bits offers recurring employee phishing that allows you to determine your risk to an attack by using simulated real-world scenarios on users. We can help you track your susceptibility to phishing attacks by employee, department, and region in a safe and controlled environment.

At the end of the engagement, you see real results and can assess the performance of your employees. From there, Rigid Bits offers training to spot and stop future social engineering attacks.

Perfect for:

  • Businesses who want to test the effectiveness of their security awareness training
  • Educating users on the dangers of common social engineering attacks

Provides you with:

  • Insight into the effectiveness of your security awareness training
  • The ability to identify at-risk users and departments
 Incident Response

Incident Response

Prepare for and respond to a security breach

Your Incident Response (IR) capabilities start with a plan. Rigid Bits will put you on the right track and prepare you to respond effectively to a breach. We will help your organization identify roles and responsibilities, define security events, delegate tasks and actions, establish communication channels and protocols, and develop a plan sufficient to stop and remediate an information security incident.

Incident Response
In the event of an incident, we’ll be on the ground, ready to provide you with response guidance during and after the event. From there, we will implement our forensic-level capabilities to assist in the remediation of your information security breach. Our team of experts will also provide guidance on how to best protect your organization from breaches in the future. We understand the paramount implications of a security breach and can respond quickly; contact us now if you feel your company needs immediate assistance. ​

IR Plan Development and Review
Rigid Bits will work with you to determine your unique needs and provide expert-level guidance in writing and improving your incident response plan.

IR Plan Testing
We will test the readiness of your staff and incident response plan through table-top exercises and guided real-world scenarios.

Perfect for:

  • Responding effectively to an information security breach or attack
  • Businesses who want to develop, enhance, and test their Incident Response Plan

Provides you with:

  • Expert-level guidance to develop and improve your Incident Response Plan
  • An experienced team of experts to support you in the event of a breach or attack

 Computer Forensics

Computer Forensics

Proactive and reactive forensics solutions for your company

Computer forensics can be used to meet a vast number of goals and requirements for your business. In its most basic form, computer forensics is the investigation of digital media for evidence and artifacts of a particular set of events. As the capability has matured, computer forensics can also help proactively enhance a business’ security posture. Some of the many applications of computer forensics include evidence analysis and retention, litigation support, threat detection and hunting, data theft identification, and more.

Rigid Bits offers several computer forensics solutions:

  • Data theft, loss, or exposure
    • ​Determine if someone has taken or deleted sensitive files
  • Employee review
    • Termination, harassment, misuse, HR investigations, and insider threat identification
  • Network breaches and compromise
    • Attack analysis
  • Proactive Forensic Solutions
    • Preemptive malware and attacker hunting
    • Endpoint health checks
    • Netflow reviews
    • Security controls and software validation
    • Indicator of compromise detection
  • PCI-DSS compliance support
    • ​Clear text credit card storage identification
    • Customer data exposure
  • Malware outbreak review and recovery