2. 1.800.800.0014 www.connection.com/SecurityPractice 2
With the continuous state of change in the global threat landscape, organizations
face cyber attacks and security breaches that are growing in frequency and
sophistication every day. Connection’s Security Practice offers solutions and
services to counteract increased risk proliferation. Our team of experts has designed
industry-leading assessments, analysis, technology planning, and integration that
focus on a unified and centralized solutions approach, risk management guidance,
and oversight, including managed security services to combat attacks and prepare
for the unknown.
As a trusted partner with more than 35 years of experience, we can help you identify
vulnerabilities in your environment and determine which ones are exploitable and
dangerous. Then we can proactively develop a prioritized action plan to support your
organization’s ability to define, document, and manage acceptable risk requirements.
Based on your organization’s needs, environment, business process, and security
goals, our experts will provide insights to help you implement the right solutions
to address your critical risks and protect your operations. As an extension of your
IT team, we’re committed to keeping your organization operating safely and securely.
Why Choose Connection
for Security Solutions and Services?
3. 1.800.800.0014 www.connection.com/SecurityPractice 3
A comprehensive approach to security requires solutions
and services that ensure the safety and security of your data,
infrastructure, and user experience throughout the complete
threat lifecycle. We can help you manage those threats with the
three pillars of security management: Protect, Detect, and React.
Gone are the days when a single layer of defense was enough to
keep intruders out of your data. Together, these three pillars form
a cohesive, interdependent approach to information security,
ensuring that you don’t just deploy technology to address
security-point issues, but manage your technology to prevent
a security event from becoming a security epidemic.
The 3 Pillars of Security Management
• PROTECT—Our security experts identify, document, and
analyze your security risks—and define the people, processes,
and technologies necessary to bring that risk into the acceptable
range with a suitable protection strategy. We focus on a
unified security stack approach with technology that integrates,
communicates, and correlates critical security information and
events to keep your data safe.
• DETECT—Simply protecting your critical assets and data
is no longer an adequate plan to protect your organization
from today’s evolving threats. You must also implement
the appropriate solutions to detect when security events or
breaches occur. This involves people, process, and technology
all unified under one common process to keep your risk at an
acceptable level.
• REACT—It’s no longer a matter of if a breach will occur, it is
only when. You must create your security program to expect
that breaches will happen, and when they do, you must be
prepared to react quickly and decisively to lock the breach down
and prevent compromise of critical systems or data. Keep a
“security event” from becoming a “security epidemic”.
Connection’s Security Assessment, Unified Security Stack, and
program services empower your organization with effective
strategies and services to manage your risk 24 × 7 × 365.
Managing the Complete Threat Lifecycle
4. 1.800.800.0014 www.connection.com/SecurityPractice 4
1 DISCOVER—Our experts work with
you to conduct a security penetration
test and vulnerability risk analysis to
determine what vulnerabilities exist across
your organization—external, internal,
and wireless—and then determine what
active exploits are available against those
vulnerabilities. In short, how does the
cyber criminal get past your defenses?
2 ASSESS—Next, we help you
assess risk liability by prioritizing
vulnerabilities based on ease of
exploitation and exposure to critical
systems or data. In other words, which
risks need to be addressed immediately?
3 REMEDIATE—With agreed upon
priorities, we build a remediation plan
to address those risks with appropriate
mitigation strategies. This plan is then
circulated for approvals to ensure all
stakeholders are also in agreement. In
addition, we are ready to assist you with
remediation execution as necessary.
4 IMPLEMENT—Our experts work
with your team to implement
solutions that bring risk to an acceptable
range, based on the approved plan, in
lockstep with your organization’s policies
and controls.
5 MANAGE—With a security solution in
place, we facilitate the final—and most
critical—step in your security strategy.
Our industry-leading Managed Security
Services reduce the burden of ongoing
protection, empowering you to manage
your risk, day over day, month over month,
and year over year.
5 Steps to Success
Connection addresses your full security risk lifecycle through a five‑step process:
5. 1.800.800.0014 www.connection.com/SecurityPractice 5
Comprehensive Security Solutions and Services
Today’s security professionals—Director of IT, CIO, Director
of IT Security, and CISO—often struggle with not only the
identification of vulnerabilities, but also comprehension around
how those vulnerabilities translate to threat vectors that can
impact their environment. The true cost of a security breach
goes well beyond financial damages, often with a lasting,
adverse impact to customer and partner relationships and
significant regulatory penalties. Connection offers the guidance,
resources, and tools to help you manage risk, reduce costs, and
build a more stable and secure information security program.
Our security services address the most critical security needs,
stringent compliance requirements, and complex technology
challenges across many industries. Our experts utilize a
unified and centralized solutions approach that features
risk management guidance and oversight to help you combat
attacks and prepare for the unknown. We can guide your
organization through a series of analyses to provide you with
an accurate picture of your risk and a solid foundation to
continuously protect, detect, and react to today’s sophisticated
and constantly evolving security threats.
Discover how to improve your organization’s defenses with our
valuable security offerings, including:
• Security Assessment and Audit › p. 6
• Governance, Risk, and Compliance › p. 7
• Security Suite Optimization › p. 8
• Managed Security Services › p. 9
6. 1.800.800.0014 www.connection.com/SecurityPractice 6
Our Security Assessment and Audit can help your organization
prioritize where you should focus resources to reduce overall risk.
We will help you better understand today’s real world threats and
how they could affect your organization. Then we can advise you
on how to bring the risk into an acceptable range.
An assessment includes external technical testing, penetration
testing, or ethical hacking, of both the fixed and wireless
networks, and social engineering testing such as phishing and
vishing. The goal is to determine whether or not any of the
services that your organization is operating have any flaws in
them—and more importantly, whether or not those flaws can
be exploited by someone with the right skillset. In addition
our assessments and audits will help you determine if you are
compliant with your internal policies and controls, or industry
standards and regulations such as ISO 27K, NIST 800-53, HIPAA,
HITECH, HITRUST, PCI, FFIEC, GLBA, FISMA, etc.
Why Partner with Connection?
We can help you gain a comprehensive overview of your
environment with penetration testing that highlights:
• Exploitable vulnerabilities in your environment
• Risks that are critical and therefore need to be addressed
with a high priority
• Lower priority risks that can be remediated over time
Our Security Testing Includes:
Penetration and vulnerability testing (to include wireless)
• Internal and external testing and risk analysis
• Switch, router, firewall, server, and data security testing
• Security process and policy review
• Exploitation or attack risk analysis
• Risk enumeration and prioritized remediation plan
• Reporting (to include detailed vulnerability enumeration)
Application security testing and secure code review
• Build a threat model
Identify key security requirements and threats
Create a threat model that documents attacks
that could be carried out
• Build assessment action plan
Convert potential threats into action plan
Test against the conditions of attack described
in the threat model
• Execute assessment
Execute attacks as described in the action plan
Discover vulnerabilities, explore for variations
• Report results, document findings, and
offer remediation recommendations
Security Assessment and Audit
Prepare for the Unknown
7. 1.800.800.0014 www.connection.com/SecurityPractice 7
One of the most important components in a successful risk
management strategy is not the technology itself, but the
structure and documentation that ensures all aspects of the
security program work effectively and according to plan.
Every organization needs to consider the people, processes, and
technology behind a security program. Instead of simply creating
an acceptable use policy or an employee security policy, a truly
successful program will establish a mechanism that ensures all of
the appropriate policies are written, that users understand them,
and that their effectiveness is tracked and managed over time.
Our experts can help you create a well-documented, well-defined
security program that addresses all three critical concerns.
How to Address People, Process, and Technology
• Risk management strategy should look beyond technology
• Ensure the organization, structure, and documentation align
with security goals
• Put a process in place to track and manage policies over time
• Develop a well-documented, well-defined security program
from investigation to implementation
Why Partner with Connection?
Our team of experts is backed by rich procedures and strong
policy background to help you outline and understand important
benchmarks of security. We’ll review your existing policies,
or help you develop new security policies that define how:
• Users gain access to systems and data
• Physical documents are protected in the environment
• Assets are hardened, managed, and controlled from an
IT security perspective
• An Information Security and Risk Governance Program
is built and managed
We will help you develop a well-documented, well-defined security
program that brings risk into an acceptable range. Our experts will
work with you to prioritize and define that range, and reconcile
each of your risk items. Connection also offers industry-leading
security awareness training and education, to help you ensure your
workforce is well trained to understand and execute your policies,
and most importantly, recognize how to “not click that link”.
Our Governance, Risk, and Compliance Services
Measure Compliance with:
• HIPAA security and privacy rules, HITECH, HITRUST, and
Meaningful Use
• Payment Card Industry (PCI) and Payment Application (PA)
Security Standards version 3.0
• Government security standards FISMA and NIST 800-53
• GLBA, SOX, and FFIEC standards
Governance, Risk, and Compliance
Develop an End-to-End IT Security Policy
8. 1.800.800.0014 www.connection.com/SecurityPractice 8
Industry data shows that more than 30% of all software security
solutions are acquired in suites to aid in the unification and
implementation of security policies. Since security can often
be a mix of investments from multiple vendors, our experts
frequently see areas where coverage cannot be extended or
where integration between vendors’ products is less than ideal.
We can help ensure that whether you’re using one or multiple
security providers, your environment is adequately configured
and provides the protection, visibility, and oversight that your
organization, users, and data require.
A Unified Security Stack (Security Suite Optimization) is a strategy
rather than a specific type of implementation. Our engagement
provides a more complete perspective of risk with visibility across
entire environment to:
• Collect traffic from end points, mobile devices, Web, network
• Examine indicators of compromise
• Determine threats
• Gain valuable insight into your current toolset
and any potential gaps
Why Partner with Connection?
Our experts work as an extension of your team to help determine
what is happening in your environment. We will help you unify or
build a strategy that offers a clearer perspective of those events
and guidance on how to manage risk. Our goal is to help you
create a unified solution that:
• Provides valuable insight into your current toolset
and potential gaps
• Optimizes integration of separate investments
• Ensures your coverage extends across all of your assets,
applications, and services
Our Security Suite Optimization Services:
• Provide real-time visibility and automated situational awareness
• Improve staff focus/expertise
• Reduce operational security costs—volume/package pricing;
improve stack ROI
• Leverage flexible “suite” licensing models;
lower security stack TCO
• Reduce FTE demand to manage stack
• Provide an integrated solutions approach
• Consolidate security management
• Reduce number of dashboards
• Improve compliance and policy enforcement
• Enhance coordination for disaster recovery
Security Suite Optimization
Seamless Coverage for All of Your Assets, Applications, and Services
9. 1.800.800.0014 www.connection.com/SecurityPractice 9
Today’s sophisticated threats, strict regulatory environment, and
complex business requirements demand an assertive security
posture. But not every organization has the IT skillset or staffing
resources to develop a cutting-edge security program in-house
or maintain it over time. Does your security strategy provide the
protection, visibility, and oversight to manage security events
24 × 7 × 365? We can help.
Why Partner with Connection?
Our experts can build a fully managed security solution to
monitor events, manage devices and software patches, and
satisfy internal or external compliance requirements. Using a
proven process and industry-leading tools, our Managed Security
Services are designed to help you:
• Simplify addressing the entire threat lifecycle
• Ensure you have appropriate policies and controls in place
• Monitor and manage over time
Why Choose Managed Security Services?
In contrast to quarterly threat scans and annual audits—which are
merely reactive ways to provide your organization a snapshot-
in‑time perspective on how well you are managing risk—a fully
managed security solution gives you a proactive, around-the-
clock perspective of where you stand with your risk management
and compliancy requirements. For organizations required
to comply with HIPAA, PCI, GLBA, or FISMA, this provides
the complete picture of your organization’s ability to stay
in compliance over time.
Our Managed Security Services Provide
Constant Vigilance and Protection:
• 24 × 7 security monitoring
• Advanced endpoint threat detection
• Log management
• Managed advanced malware protection
• Managed SIEM
• Managed server protection
• Security device management
• SIM on-demand
• Vulnerability management
• Vulnerability prioritization
• Web application scanning
Managed Security Services
Trusted Protection Today and Tomorrow
10. 1.800.800.0014 www.connection.com/SecurityPractice 10
Connection utilizes a holistic approach to security, based on a full
and end risk managed strategy. Our team of experts is backed by
rich procedures and strong policy background to help you outline
and understand important benchmarks of security. We will review
your existing policies or help you develop new security policies
that define how:
• Users gain access to systems and data
• Physical documents are protected in the environment
• Assets are hardened, managed, and controlled from
an IT security perspective
• An Information Security and Risk Governance Program
is built and managed
Our On-staff Experts Are:
• Highly trained certified expert penetration testers
• Ready to help you document risk and policies, implement
a solid security program, and manage it over time
• Trained in application security testing and security code
review—a critical capability for any organization utilizing
applications to protect sensitive information
• Able to integrate one or multiple security partner solutions
under a “Unified Security Stack” approach, using principles
of uniform policy implementation, complete coverage,
and seamless security protection
The Expertise to Solve Your Security Challenges
11. 1.800.800.0014 www.connection.com/SecurityPractice 11
Extensive Partnerships
We leverage technologies from leading vendors in security to
design best-in-class solutions to meet your specific requirements.
Our partners include:
• Barracuda
• BeyondTrust
• Bluecoat
• Check Point
• Cisco
• Dell Software
• Dell SonicWALL
• ESET
• Fortinet
• Hewlett Packard Enterprise
• Imprivata
• Intel Security (McAfee)
• Kaspersky
• LogRhythm
• RSA
• Solarwinds
• Sophos
• Symantec
• Tenable
• Trend Micro
• Varonis
• WatchGuard
• Webroot
• Websense
Your Trusted Security Partner
Protect your organization from today’s evolving security threats
with guidance from our experts. We are committed to keeping
our Security Practice on the cutting edge, because we understand
the threat landscape changes on a daily basis. Our experts rely on
the most sophisticated, innovative tools and strategies, ensuring
we’re able to meet your changing needs day after day. Contact an
Account Manager to learn more about our complete offering of
security solutions and services.
Our Security Services
• Assessment and Security Audit
• Governance, Risk, and Compliance
• Managed Security Services
• Security Suite Optimization
