Go Beyond With PEAK
highlighted services & solutions, only from PEAK
A consultative offering to guide, assist and ensure delivery of a comprehensive cybersecurity program (Strategy, KPIs, Policies, Procedures, Solutions).
This service measures your cyber readiness against a wide range of threat vectors and provides a detailed report with specific recommendations for remediation.
WHITE HAT SIMULATION
A fully customized service where our White Hat cyber team simulates an attack on your systems, infrastructure and applications.
PEAK CyberTeam is a customized service that provides an experienced team of cybersecurity professionals to fill gaps in your security program. PEAK CyberTeam includes a full range of security experts including: vCISO, Security Analysts, Security Architects, Security Engineers and Compliance Professionals. PEAK CyberTeam guides, assists and manages your cybersecurity program. This encompasses architecture, policy development, governance, risk management, compliance, monitoring, vulnerability/patch management, incident response, awareness training, forensics, ongoing maintenance and more.
CyberStrategy is a fully customized PEAK service where our team of security consultants and experts guide, assist and ensure delivery of a comprehensive cybersecurity program. Your cybersecurity program may include: Strategic Planning, KPI Design, Policy Creation, Solution Architecture & Design, Vulnerability Management, Patch Management, Risk Management, Incident Response, Awareness Training, Threat Intelligence, Operations, Remediation and more.
DESCRIPTION PEAK CyberPosture provides a comprehensive set of assessment services that measures your cybersecurity readiness against a wide range of controls and best practices. A detailed report is generated identifying your existing cybersecurity posture and comparing your cybersecurity program to industry standards. PEAK CyberPosture identifies and validates cybersecurity controls needed to improve your organization’s current posture, as well as build a roadmap for the future.
CyberProbe is a fully customized PEAK service where our White Hat cyber team simulates an attack on your systems, infrastructure and applications. This comprehensive service is designed to identify and document unmitigated weaknesses while also testing OS platforms and applications with the goal of defining potential impact and providing mitigation recommendations. Additionally, with CyberProbe, we provide comprehensive attacker simulation, wireless / firewall evaluation services, password cracking and policy examinations.
PEAK CyberForensics is a comprehensive service that utilizes best-in-class tools, best practices and years of experience to assist your organization in your time of need. PEAK CyberForensics will assist your organization in all phases of the forensic process to include collections, investigation, analysis, reporting and expert testimony.
PEAK CyberAttack is a comprehensive service designed to simulate attacks and assess deficiencies in your infrastructure and applications. PEAK CyberAttack will assess, test, identify and document weaknesses, test OS platforms and applications, and define potential impacts while providing remediation recommendations. This includes testing and assessments for risk, compliance, applications, physical security, email threats, wireless, vulnerabilities, data security, penetration testing and incident response exercises.
Keeping up with a changing security landscape
PEAK’s Director of Security, Matt Manes, discusses the current security challenges his customers face on a daily basis. PEAK can help you understand the cyber realm and incorporate the resources you need to protect your people, data and systems while ensuring pro-active compliance and continuous risk management.
PEAK Resources is focused on partnering with your business to assess your current cybersecurity posture and provide you with solutions that mature your organization’s cybersecurity program moving forward. Our team offers the following Security Assessment services to aide you in this process.
Security Posture Assessment
PEAK Resources provides a general and vertical set of assessment services that measures a customer’s security readiness against various types of security threats. A comprehensive report is generated that identifies where the customer is over-under in their security capabilities and compares their security readiness to their peers’ in their vertical. This service helps identify or validate security solutions needed to improve the customer’s security posture as well as help build a security solution roadmap for a customer.
PEAK Resources will simulate a cyberattack on your infrastructure and applications to include the following testing:
- Identify weaknesses in infrastructure
- Testing of OS/platform and applications; define potential impact and provide recommendations
- Simulate attacker – kill chain aligned
- Evaluate firewall / perimeter “leakiness”
- Perform password cracking and evaluate password policies/strength
- Wireless Infrastructure
PEAK Resources works with your organization to test your cybersecurity defense and response capabilities, discovering and reporting on any deficiencies discovered.
PEAK Resources provides automated and manual assessment of web applications from the point of view of the attacker to discover vulnerabilities that can lead to compromise.
PEAK Resources tests the vulnerabilities in your Physical Access Control Systems (PACS) for data centers, corporate offices, smart building, and other critical facilities. All PACS components will be examined for vulnerabilities that could lead to unauthorized access, providing analysis and recommendations for remediation of any vulnerabilities that are discovered.
The PEAK Resources team works with your organization to assess the capability and maturity of your cybersecurity program. Over 180 common security control points are reviewed/assessed. The goal is to align your cybersecurity program with existing business projects and processes.
With email still the most prevalent vector for attack, our team will assess your current O365 email security controls to test how effective they are at stopping email threats from entering your organization.
PEAK Resources will test the security of your wireless infrastructure following well-know best practices and security testing methodologies including the following:
- Onsite/External Wireless Scanning
- Rogue Wireless Detection
- Attempt to compromise existing wireless security controls
- Analysis and Identification of Attack Vectors
- Vulnerability Testing and Verification
- Wireless Controller/AP Configuration Review
- Wireless Policy Review
PEAK Resources utilizes best-in-class vulnerability scanning tools/techniques to identify vulnerabilities that exist on your systems/devices/applications. Detailed vulnerability reports are provided and explained to aide your organization in remediating critical vulnerabilities that are discovered.
Data Security Assessment
PEAK Resources will work with your organization to assess the security of your data. Our team will discover where your data is located/stored, the effectiveness of protections that are in place, any regulations critical to the business, and vulnerabilities that exist creating risk of exposure/breach. The findings will be documented and recommendations provided for data governance and protection.
PEAK Resources will assess the current state of your organization’s cyber-risk. This assessment includes a review of technologies, policies, standards, procedures, processes, and any relevant compliances. The probability and impact of discovered risks is documented, to include recommendations for mitigating those risks.
PEAK Resources will work with your organization to assess your preparedness to successfully meet the requirements for most compliances to include, but not limited to the following:
- PCI DSS
- NERC (CIP) / FERC
- SOC 2/3
Strategy & Planning Services
PEAK Resources will partner with your business to assist in the strategy, planning, and development of your cybersecurity program. Cybersecurity strategic and planning services include the following:
- Policies, Standards, and Procedures creation/review
- Security Architecture and Design
- Security Roadmap creation/review
- Vulnerability Management, Patch Management, Risk Management Program creation/review
- Incident Response Planning
- Security Awareness and Training
- Custom Threat Intelligence
- Security Operations Development and Training
Incident Response Services
- Incident Response Preparedness
- Threat Hunting
- Analyst Investigations
- Tabletop Exercises
Phase I of the forensic process involves collecting all the digital evidence necessary to examination. Our team will collect digital evidence with the utmost care. This must be done in a specific way to ensure that the data/evidence collected is admissible in a court of law; the foundation that your entire case rests upon. If it stores data, we can collect it.
PEAK’s expert forensic team will create the necessary reports and provide expert testimony in court to help the judge, jury, and attorneys fully understand the digital evidence.
Phase II and III of the forensic process focuses on examining and analyzing the digital evidence collected. Our forensic analysis/investigation services leave no bit uncovered. Highly technical analysts work to tenaciously analyze the evidence collected and document the findings. If it stores data, we can analyze it.
Implementation & Managed Services
Security Orchestration and Analytics
Vulnerability management is the “cyclical practice of identifying, classifying, prioritizing, remediating, and mitigating” software vulnerabilities. Vulnerability management is integral to endpoint and network security.
Governance, Risk and Compliance
Governance, risk and compliance (GRC) refers to a strategy for managing an organization’s overall governance, enterprise risk management and compliance with regulations. Think of GRC as a structured approach to aligning technology with business objectives, while effectively managing risk and meeting compliance requirements.
Cloud security is the protection of data, applications, and infrastructures involved in cloud computing. Many aspects of security for cloud environments (whether it’s a public, private or hybrid cloud) are the same as for any on-premise IT architecture.
Endpoint security or endpoint protection is an approach to the protection of network endpoints that are remotely bridged to client devices. The connection of laptops, tablets, mobile phones and other wireless devices to corporate networks creates attack paths for security threats.
Application security is the process of developing, adding, and testing security features within applications to prevent security vulnerabilities against threats such as unauthorized access and modification. Many practices are employed such as dynamic and static scanning, web application firewalls, DDoS mitigation and more.
Identity Governance and Access Management
Identity governance is at the center of most organization’s security and IT operations strategies. It allows businesses to provide automated access to an ever-growing number of technology assets, while at the same time managing potential security and compliance risks. Identity governance enables and secures digital identities for all users, applications and data.
DESCRIPTION Network security is any activity designed to protect the usability and integrity of your network and data. It includes both hardware and software technologies. Effective network security manages access to the network. It targets a variety of threats and stops them from entering or spreading on your network.
Data security is a set of standards and technologies that protect data from intentional or accidental destruction, modification or disclosure in both structured and unstructured formats. Data security can be applied using a range of techniques and technologies, including administrative controls, physical security, logical controls, organizational standards, and other safeguarding techniques that limit access to unauthorized or malicious users and processes.
Mobile security is a broad definition that covers protecting mobile devices from malware threats, reducing risks, securing mobile devices and their data in the case of theft, unauthorized access or accidental loss of the mobile device.
And So Much More…
This section highlights just a few of the technologies we work with. We would love to talk with you about your business requirements and help you understand the right technologies for your environment. Additionally, we are constantly keeping our finger on the pulse of new and upcoming technologies. We strive to design and implement the perfect solutions for each one of our customers.
Begin the journey, today!
2750 West 5th Avenue
Denver, CO 80204