Technology is continuously evolving, from the rise in the Internet of Things (IoT) through the adoption of Software as a Service (SaaS) over traditional in-house applications. And as technologies shift, so does the threat landscape. Galaxy Discovery is a Managed Security Services Provider (MSSP), we act as our client’s trusted go-to partner bringing expertise in the current threat landscape. Our core principals are simple. Galaxy Discovery aims to:

• Be your trusted risk and compliance program advisor.

• Deliver cost-effective technology solutions to reduce your enterprise-wide risk.

• Provide expert consulting services to support your IT team.

• Detect and respond to threats on your behalf. • Bring information security leadership to enterprises of all sizes.

Consulting:

Every small, medium, and large business faces its own set of challenges, from rules and regulations to highly sophisticated data security threats. And regardless of company size, one-on-one counsel from a dedicated cybersecurity subject matter expert is often essential to keep pace. Many businesses find it challenging to pinpoint hidden vulnerabilities, draft the right action plan, or choose the best technologies for your environment to safeguard data assets and comply with new laws – particularly within our fast-paced and ever-adapting threat landscape. Galaxy Discovery’s team of experts offers a no-compromise solution that eliminates new hire commitments, while delivering the executive-level counsel needed to succeed in today’s competitive landscape. We’ll work alongside your management team to best align security policies and practices with business objectives to advance your operational goals. Tap into a vast knowledge base and enjoy on-demand and as-needed support from experienced consultants who are able to step in when you need us most. Galaxy Discovery specializes in executive advisory support, vendor assessment, and policy and technical implementation. And we’re available on a one-time or ongoing basis to ensure you address the myriad of security situations that present themselves throughout the year.

• Galaxy Discovery’s advisory services are designed to meet security project goals in shorter time periods.

• Galaxy Discovery will provide product specific experts to configure systems that reduce cyber threats.

• Galaxy Discovery will alleviate staff to focus on other goals while we focus our attention on risk management.

• Galaxy Discovery can provide on-demand, hourly, or by project security consulting throughout the year.

Penetration Testing:

What’s the least probable access point a cyber criminal might use to gather intelligence that provides the greatest potential impact on your bottom line? From this question, Galaxy Discovery will outline possible targets of attack and entry points via electronic, physical, and human means. This includes information your own employees might publish in the public domain, weaknesses in email passwords or log ins, remote access, and mobile footprints. Galaxy Discovery will then perform reconnaissance over the span of several days to assess potential vulnerabilities from all angles. Next, we put ourselves in your potential attackers’ shoes to determine overall risk and valuation. Based on what we know about current capabilities, strategies, techniques, and technology tools, we document any digital assets you might have at risk. We then prioritize that risk based on the net asset value were a loss event to occur. To put our findings to the test, we simulate ethical hacking attacks that are primarily focused on high value target assets. Those tests are customized to align with your unique environment, vulnerabilities, and technologies. Findings are prioritized and compiled into our recommendations to help you focus resources on areas that could mitigate the greatest potential loss.

5 different types of penetration testing services.

1. External Network Penetration Testing.

Galaxy Discovery will pinpoint potential avenues of network attack where access might be gained through internet-connected servers or network equipment by individuals outside of your organization who lack appropriate rights or credentials. We then conduct a mock attack to test security controls, developing and presenting you with a cybersecurity assessment on findings along with solutions and recommendations you can use to remediate the issue.

2. Internal Network Penetration Testing.

Galaxy Discovery will help companies mitigate risk due to internal threats against their corporate network. While external testing investigates avenues that remote hackers might use to enter networks, internal testing looks at ways employees or insiders might lead to a breach either through neglect, malice, or the accidental download of an application, such as ransomware or malware, which has the potential to bring an entire network down.

3. Application Penetration Testing.

Galaxy Discovery will investigate potential threats and vulnerabilities posed by the many internet-based applications in use throughout your enterprise. Conveniently accessed from any location worldwide and just as easily breached, web applications offer significant points of access into credit card, customer, and financial data. Vulnerability assessment services investigate the security of those solutions and controls in place, providing recommendations and strategies to block access to any data that might be stored within.

4. Wireless Penetration Testing.

Galaxy Discovery will bring advanced expertise in a range of wireless technologies, offering ethical hacking services to investigate and identify potential access points where hackers could enter your internal network. This involves threat assessment and security control audits for traditional Wi-Fi and specialized systems. We then compile findings into a cybersecurity assessment report complete with recommendations you can put into place to mitigate damage.

5. Social Engineering Penetration Testing.

Galaxy Discovery will survey employees to see how well they understand your organization’s information security policies and practices, so you know how easily an unauthorized party might convince staff into sharing confidential information. Social engineering penetration testing might include badge access points and mock phishing attacks or password update requests. We’ll then recommend ways to improve success through training or new processes that help employees better protect sensitive data.

Managed Detection and Response:

Galaxy Discovery can back your organization with an intelligent and dedicated security team that works nonstop to protect your environment. Gain access to leading technical solutions that we can put into place or let us work seamlessly with any next-generation anti-virus and firewall threat tool you prefer. Then let Galaxy Discovery manage MDR including full-time threat hunting along with alert monitoring, prioritization, investigation, analysis, and response – 24 hours a day, 7 days a week, 365 days a year. We apply artificial intelligence models to server, endpoint, and network data, correlating and investigating indicators to determine scope and probable impact. We then report back to you with a root cause analysis and targeted remediation recommendations. Unlike Managed Security Service Providers (MSSPs) – which focus solely on perimeterbased technology and rule-based detection of known threats along with firewalls, day-to-day network security, log management and monitoring – an MDR provider can pinpoint lateral movement, proactively detect advanced threats, monitor your network around the clock, conduct behavioral analysis, and advise on ways to strengthen your security strategy over time.

Prioritization

Galaxy Discovery will manage the barrage of alerts that come in and individually analyze each, adding context to distinguish the benign from malicious.

Threat Hunting and Detection

Galaxy Discovery will pair technology and our insight into an attacker’s mindset to monitor and detect the network threats automated systems often miss.

Analysis and Investigation

Galaxy Discovery will investigate and add context to attacks to help you better understand them so you can use this to bolster your security strategy.

Response

Galaxy Discovery will alert you to critical threats, providing a root cause analysis along with actionable advice on the best course of action for recovery.

Remediation

Galaxy Discovery will work nonstop to restore systems by removing intruders, malware, and persistence mechanisms.

Network Security Monitoring:

Avoid the risk of unexpected downtime, slow network response, and network intrusion with our unique layered approach to security. Galaxy Discovery will monitor your network using real-time threat-intelligence feeds from the government and private sector, insights already in use by some of the most secure environments including the United States Department of Homeland Security. And we delve beyond 24×7 threat detection and security log monitoring to include security operations center (SOC) services and threat blocking by certified security analysts. While some services stop once they alert you, our security analysts investigate and prioritize threats to determine if action is even warranted. If it is, Galaxy Discovery will then take action on your behalf, blocking in-progress incidents to minimize response time and damage potential while keeping you focused on core business functions. Gain a higher level of network system monitoring to secure client and patient records, financials, classified and internal data, personally identifiable information, and other electronic assets – ensuring compliance with leading regulations including PCI, SOX, GLBA, HIPAA, FACTA, NIST 800-53, and FERPA.

vCISO:

While it’s not always cost effective to hire a full-time Chief Information Security Officer (CISO) to lead risk management and information assurance programs, our advisors can deliver much of the same services at a fraction of the investment you would pay for a fulltime executive hire. Reduce your risk profile with hands-on vCISO support from a dedicated advisor who already understands the small business environment. We’re entrepreneurial, wear multiple hats like you do, and can protect your organization with the right strategic and operational vision. Team up with a proactive, self-driven virtual CISO – delivering the adaptability you need to meet the demands of external influences such as customer requests, audit requirements, and rising threats.

SOC 2 Compliance:

Our SOC 2 practice consists of three main areas. The three main areas consist of gap assessments, short-term audit assistance, and a complete SOC 2 management program. There are some organizations that may need to have a simple quick gap assessment to see if there are any controls lacking. There are others that prefer Galaxy Discovery handle all steps of the SOC 2 process on their behalf. No matter if you need us throughout the entire year, or just a short period of time, Galaxy Discovery is your representative for all SOC 2 audits.

Our SOC 2 Services

SOC 2 GAP Assessment The SOC 2 GAP Assessment process is designed to detect any holes that could lead to a finding during the AICPA SOC 2 audit. The assessment is designed to document any control concerns, and get you on a fast path to resolution prior to the start of the audit period. Whether you are undergoing a SOC 2 Type I audit or a SOC 2 Type II audit, Galaxy Discovery can assist you with prioritizing controls.SOC 2 Audit Assistance The SOC 2 audit collection process can take a considerable amount of time for your team. Galaxy Discovery has a program designed to help with the evidence collection process. This is typically a few week engagement that is spread throughout the audit period. We represent you during the onsite review and the offsite document requests during the period. We complete many audits throughout the year, so we know exactly what the auditors need to meet their requirements. This ensures a smooth process from start to finish. SOC 2 Complete Management and Outsourcing This program allows our team to work with you continuously during the audit period to meet all the control objectives. This includes everything from documenting current procedures that are in place as well creating new procedures. Galaxy Discovery’s SOC 2 consultants will work with you throughout the period to ensure that any controls that are missing are quickly resolved. We have security experts that will assist with all control requirements. A few examples are firewall reviews, physical security reviews, policy development, user access reviews, HR procedures, business continuity plan development, security log monitoring assistance etc.. This is like having an additional member on your security team that is focused on meeting the SOC 2 objectives. Our complete program assigns a consultant to your organization on-demand and part-time to assist throughout the period. We are with you every step of the way throughout the year.