Many of these tools are likely to become mainstays within these organizations for years, far outlasting the crisis that spurred their adoption. Because they deployed so many solutions in such a short period of time, most organizations will want to undertake some sort of security assessment to be sure they haven’t opened themselves up to new vulnerabilities. But this moment also presents an opportunity for organizations to provide a permanent boost to their cybersecurity practices through ongoing engagements.
IT leaders I speak with are often surprised to learn just how much CDW is able to offer in this area. When I mention workshops and services to longstanding clients, they’ll sometimes ask, “Who are you working with on this?” They assume that we’re partnering with a cybersecurity vendor. But the truth is that our own security professionals have decades of expertise that can dramatically improve a company’s cybersecurity posture.
Here are three examples of CDW’s high-value cybersecurity offerings.
Many organizations are unable to hire a full-time chief information security officer. In fact, many companies’ organizational charts don’t even include a branch for security. Those that do want to hire their own CISO are finding security professionals in high demand. To help fill this gap, CDW offers a Virtual CISO service, giving companies consistent access to a seasoned security professional who can assist with a wide range of security initiatives.
A virtual CISO can help companies formulate a baseline security posture, craft a cybersecurity roadmap based on best practices and then implement solutions that ultimately deliver the company’s desired security posture.
Also known as a “red team-blue team” exercise, a compromise assessment is one of the best ways for an organization to learn how its cybersecurity systems and practices would hold up against an aggressive attack launched by sophisticated, motivated cybercriminals.
A compromise assessment goes far beyond scanning firewall ports or using robotic scripts to try to spread mock malware. In this engagement, our experts will simulate the techniques that a determined adversary would potentially attempt to exploit against an organization’s most valuable and sensitive assets, including financial systems, intellectual property and highly regulated data.
This stress test, or game day exercise, is designed to walk an organization through a dry run of a real attack, in a controlled manner to help improve processes and gain experience to prepare for a real-life scenario.
Proactive planning is essential, but incident response is urgent. When an organization experiences an active threat, business and IT leaders need to know that they have access to the tools and expertise required to defend against an attack and secure their data and systems.
CDW offers both no-cost retainers and paid retainers (at different levels of service), giving organizations the peace of mind that comes with knowing they’ll have the help they need when an attack hits. We’re even able to step in on an emergency basis for organizations without existing retainers (although it is, of course, always better to plan ahead).
For example: A company will call us after IT staffers are unable to get a malware outbreak under control. We’ll come in, conduct root cause analysis and discover how the attack was launched — perhaps through an email phishing scam. Then, we’ll take steps to segment the network and prevent lateral spread, while also moving to wipe out the malicious program.
After the immediate threat is eliminated, the company may continue this relationship through an engagement — such as a network segmentation workshop or a strategy and roadmapping session — to proactively prevent future problems.