GridSecurity Services


Secure Your Infrastructure,
Protect Your Investment.

security

MANAGED SECURITY SERVICES

Read More
assessment

SECURITY
ASSESSMENTS

Read More
Securing your critical infrastructure requires many different skillsets and toolkits. Our experts are well-equipped to help you sleep better at night (and have you home in time for dinner). Just like there is no one-size fits-all when it comes to security, GridSecurity offers a variety of services to help you and your team succeed--from one-off risk assessments, to on-going fully managed services, and (almost) everything in-between. While we offer a variety of security services, we do have an obsessive focus:

Improving Operations Through Managed Security


We know and respect that operations comes first, and security is just another way we support operations. This means focusing on the security controls that improve your critical infrastructure's operational availability, and ensuring that security never gets in the way of operations.

Managed Security Services

Besides having all the right technical resources, managing security operations for your generator or control center requires a set of specialized tools. For better or worse, SCADA system environments are not typically built with security in mind, and as such, there are no security tools or capability to leverage onsite.

By utilizing GridSec, not only can you avoid hiring expensive and hard-to-find full-time technical staff, but you can avoid costly capital investments associated with security infrastructure and software tools. All of the best in-class security tools that GridSec uses to deliver a full suite of managed security services are included as part of the service fee--not only do you get the benefit of GridSec's economy of scale licensing but you do not need to deal with the headache of managing and maintaining numerous software licenses.

Security
Monitoring
Network Operations
Access
Management
Configuration
Management
Vulnerability
Management
Patch
Management


Security Monitoring

You have numerous systems generating thousands, if not millions of logs a day. Just centralizing all those logs is a challenge for most, never mind finding the needle in the haystack to know if a security-related event has occurred. With GridSec's log aggregation architecture, we can streamline logging from just one of your facilities or hundreds of facilities. Most importantly, we spend lots of time and effort on security alerting logic, finding the needles in the haystack so you don’t have to. Once a security event is detected, our team investigates, documents, and escalates issues to formal incident response efforts as necessary.


What We Do:

  • Aggregate and Standardize Security Logs into a Central SIEM
  • Manage Alerting Logic to Detect Potential Security Incidents and Anomalies
  • Implement Host-Based Security Monitoring
  • Implement Network Security Monitoring
  • Network Operations

    Strong network operations capabilities are a prerequisite for any cyber security program, not to mention is the most critical factor in keeping your systems operational and available. By leveraging GridSec's Network Operations Center (NOC) and dedicated team of network engineers, you will gain visibility to your systems and assets, be able to respond and mitigate operational issues swiftly, avoid the need for costly in-house tools, and keep your staff focused on producing and managing electrons.


    What We Do:

  • Configure and Troubleshoot VPNs and Remote Access
  • Technical Troubleshooting of Server and Network Issues
  • Support Equipment Deployments and Decommissioning Efforts



  • Access Management

    You have lots of vendors, technicians, and operators who need to be able to reliably, efficiently, and securely access your facility, whether onsite or remotely from around the world. It's imperative that access is administered using the principle of least privilege, and only those who absolutely need access have the level of access necessary to perform their job. GridSec provides a platform for access requests to be tracked, reviewed, and approved by the asset owner (or GridSec if preferred by the customer) and access to be provisioned, tested, and credentials securely distributed to the personnel requesting access by GridSec's team of Security Analysts.


    What We Do:

  • Respond to Access Requests
  • Provision Access
  • Troubleshoot Access with End-Users
  • Track and Revoke Access
  • Configuration Management

    Managing inventories, both hardware and software, is no small task. Even if you have a good inventory when a facility is built, maintaining that inventory takes time, tools, and effort--but don’t worry, even if you don’t have a good inventory to start, we can help you get there. Additionally, GridSec's technical resources use their knowledge and our centralized security tools to continuously harden system configurations, reducing your attack surface, the likelihood of a breach, and the impact of a breach if one should occur. Last and certainly not least, a major part of GridSec's configuration management program is ensuring that working backups of all critical systems are available in case of hardware failure, or any other event that requires a system to be restored or recovered.




    What We Do:

  • Harden and Lock Down Configuration Settings
  • Improve Network Architecture and Segmentation
  • Manage System Configuration Backups




  • Vulnerability Management

    No matter how good you are at hardening your systems, new vulnerabilities are discovered each and every day. Keeping an on the changing threat and vulnerability landscape is a full-time job, especially if you do not have the right tools or experts on hand to manage the flurry of vulnerabilities and necessary remediation items. GridSec monitors vulnerabilities for you with our continuous vulnerability tool, evaluates the results, and prioritizes remediation actions, which inform patch management cycles and configuration hardening activities.


    What We Do:

  • Scan (Active and Passive) for Vulnerabilities
  • Review and Track Identified Vulnerabilities
  • Remediate Identified Vulnerabilities
  • Patch Management

    Patching is a challenge for most organizations, especially those who own or operate critical industrial control system infrastructure. Everything involved, from tracking, evaluating, and implementing patches, requires heavy planning and coordination. GridSec takes care of all aspects of patching for your organization, including performing maintenance after-production hours to ensure there is no impact to energy production and coordinating with the control center in real-time to ensure there are no operational issues due to patching. If an issue is ever encountered, we are able to restore the previous system configuration thanks to the system backups we have handy.




    What We Do:

  • Track Patch Releases
  • Evaluate Patch Releases
  • Implement Patches
  • Security Assessment Services

    Not sure where to start? Unsure of your current posture and associated risk? Or maybe you just need some help conducting a one-off vulnerability assessment or penetration test.

    When it comes to cybersecurity, knowledge is power. The more insight you have into your organization’s security program, the better equipped you are to handle any threats that may come your way.

    Let our team of seasoned cyber and utility experts help you bring visibility to your current state, efficiently reach compliance, improve your security posture, and prioritize cyber security activities that matter.

    We know and respect that there are no one-size-fits-all solutions in cyber security. Our team employs a risk-based approach in every engagement, ensuring you are reducing risk to levels that your organization deems acceptable while focusing on the highest return-on-investment security activities.

    Below are the most common types of assessments we conduct; however, we offer customized solutions to meet your specific needs. Contact us to start the discussion!

    ICS Architecture Assessments
    Cybersecurity Risk and Vulnerability Assessments
    ICS Penetration Testing
    Incident Response Preparedness Assessments
    Incident Response Tabletop Exercises
    Security Awareness and Training

    ICS Architecture Assessments

    GridSecurity’s seasoned security architects and engineers will systematically evaluate your software, technologies, assets, and network topology against industry leading best practices and the latest regulatory requirements (including CIP). Our goal is to come up with a comprehensive action plan ICS owners and operators can use to mitigate risks and minimize—if not completely eliminate—losses due to various types of cyber-threats. This assessment will be comprised primarily of documentation reviews, although a limited-scope hands-on vulnerability assessment can be added on as necessary.



    How It's Done:

  • Workshop - A Workshop is Set Up to Review Existing Diagrams, Technologies, and Baselines in Use
  • Report - A Report is Developed Highlighting the Vulnerabilities and Risks Identified int he Workshop Along with Updated Architecture Diagrams and a Roadmap with Prioritized Recommendations.
  • Presentation - A Meeting is Held to Present the Findings and Recommendations With Your Leadership




  • Cybersecurity Risk and Vulnerability Assessments

    Diving deeper than the ICS Architecture Assessments, GridSec's team will conduct a comprehensive risk assessment of your organization’s security program, including key business processes, operational constraints, user awareness, and internal control reviews, just to name a few areas that will be evaluated. Additionally, GridSec will conduct an in-depth vulnerability assessment, and provide practical and actionable remediation guidance. If needed, we can roll up our sleeves and help implement remediation measures too.


    How It's Done:

  • Information Gathering – Through Questionnaires, Interviews, and Reviewing Network Maps, Inventories, and Existing Documentation, GridSME Will Form an Understanding of the Current Security Environment
  • Gap Analysis – A Comparison is Done to Develop a Plan to Improve the Current State of Security
  • Report – A Report is Developed Highlighting the areas for Improvement Based on the Gap Analysis Along With a Roadmap With Prioritized Recommendations
  • Presentation – A Meeting is Held to Present the Findings and Recommendations With Your Leadership
  • ICS Penetration Testing

    Protect your operations by identifying potential cyber-attack vectors before actual bad actors exploit them. Our GridSec pen test specialists use real-world attack methods—including phishing, bug exploits and traffic spoofing—that are fully tailored to your specific IT/OT environment. Our goal is to demonstrate how a real attacker can get in and disrupt your operations. Based on the results of these controlled tests, our team will come up with an in-depth plan of action you can use to fortify your architecture, processes, and people against both existing and emerging cybersecurity threats.



    How It's Done:

  • Acceptance - The Rules of Engagement (ROE) Are Agreed Upon by Both Parties
  • Planning - The Penetration Test Activities are Coordinated Across All Stakeholders
  • Penetration Test - The Penetration Test is Carried Out Within Agreed Upon Parameters; Artificts are Collected and Clean-up is Performed
  • Report - A Report is Developed Highlighting the Attack Paths and Methods Used in the Penetration Test. A Roadmap With Prioritized Recommendations is Developed
  • Presentation - A Meeting is Held to Present the Findings and Recommendations With Your Leadership



  • Incident Response Preparedness Assessments

    How well-equipped and trained is your organization to deal with unexpected cyber threats and attacks? We team up with you and compare your existing capabilities and tools with our incident response playbooks and come up with an in-depth action plan. The goal is to ensure that if and when an incident occurs, you and your team can quickly react to minimize its impact to your operations.


    How It's Done:

  • Information Gathering - Through Questionnaires, Interviews, and Reviewing Procedures and Tools, We Will Form an Understanding of Your Entity's Current Incident Response Capabilities
  • Gap Analysis - A Comparison Against Industry Best Practices is Done to Develop a Plan to Improve the Ability to Respond to Incidents
  • Report - A Report is Developed Highlighting the Areas for Improvement Based on the Gap Analysis Along with a Roadmap With Prioritized Recommendations
  • Presentation - A Meeting is Held to Present the Findings and Recommendations With Your Leadership
  • Incident Response Tabletop Exercises

    What better way to prepare for cyber-attacks than to stage one in a controlled environment? This is exactly what our experts will help you do. We’ll go over your specific objectives, infrastructure, and network security protocols to develop scenarios for tabletop exercises. The goal is to provide your ICS owners and operators with an opportunity to train and safely test the reliability of your organization’s existing incident response processes, procedures, and communication plans.



    How It's Done:

  • Coordination - The Tabletop Priorities Are Established to Determine Objectives and Develop Scenario(s)
  • Training - Training Will Be Conducted to Ensure That All Participants in the Scenario Understand the Incident Response Processes, Procedures, and Communication Plans
  • Tabletop Exercise - The Scenario Will Be Executed in a Workshop-Style Format
  • Report - A Report Will Be Developed Highlighting Gaps in the Incident Response Processes, Procedures, and Communication Plans Along With an After-Action Plan Describing the Activities Needed to Improve Incident Response
  • Presentation - A Meeting is Held to Present the Findings and Recommendations With Your Leadership




  • Security Awareness and Training

    Employees are often the last line in defense and the weakest point in security. It’s important to invest the resources in training them effectively. Our team of experts will collaborate with your leadership to develop tailored training plans aimed specifically at minimizing your risk of cyber-attacks and breaches. We’ll take your organization’s specific goals and needs and create customized training materials to address each one. You can then choose to implement the training yourself or enlist the help of our professional instructors. The second option provides all trainees with an opportunity to get real-time feedback from seasoned experts and come out of each training session better equipped to handle cybersecurity challenges and threats.


    How It's Done:

  • Information Gathering - Through Questionnaires, Interviews, and Reviewing Procedures and Tools, We Will Form an Understanding of Your Entity's Current Incident Response Capabilities
  • Gap Analysis - A Comparison Against Industry Best Practices is Done to Develop a Plan to Improve the Ability to Respond to Incidents
  • Report - A Report is Developed Highlighting the Areas for Improvement Based on the Gap Analysis Along with a Roadmap With Prioritized Recommendations
  • Presentation - A Meeting is Held to Present the Findings and Recommendations With Your Leadership