Descriptions

Network Protection MSP not an MSSP or a SOC. Define.
PCP Workstations

The Proactive Care Plus (PCP) Workstation care plan includes

  • Health monitoring/alerts of Antivirus, Hardware Health, Disk Space, and Operating System Performance
  • Automatic deployment of whitelisted Microsoft Critical and Security Patches
  • Webroot Antivirus license
PCP Servers

The Proactive Care Plus (PCP) Server plan includes

  • Health monitoring/alerts of Active Directory, Antivirus, Citrix, DHCP, Disk Space, DNS, Hardware Health, Hyper-V, Microsoft Exchange Server, Microsoft SQL Server, Operating System Performance, Service Health, and VMware
  • Automatic deployment of whitelisted Microsoft Critical and Security Patches
  • Webroot Antivirus license
PCPE Workstations

The Proactive Care Plus Executive (PCPE) Workstation care plan includes

  • Health monitoring/alerts of Antivirus, Hardware Health, Disk Space, and Operating System Performance
  • Automatic deployment of whitelisted Microsoft Critical and Security Patches
  • Webroot Antivirus license
PCPE Servers

The Proactive Care Plus Executive (PCPE) Server plan includes

  • Health monitoring/alerts of Active Directory, Antivirus, Citrix, DHCP, Disk Space, DNS, Hardware Health, Hyper-V, Microsoft Exchange Server, Microsoft SQL Server, Operating System Performance, Service Health, and VMware
  • Automatic deployment of whitelisted Microsoft Critical and Security Patches
  • Webroot Antivirus license
PCP Hypervisors

The Proactive Care Plus (PCP) Server plan includes

  • Health monitoring/alerts of VMware ESXi host
PCPE Hypervisors

The Proactive Care Plus Executive (PCPE) Server plan includes

  • Health monitoring/alerts of VMware ESXi host
Strong Password Policy Implementation
  • Coordinate & implement minimum password length, complexity requirements and how often passwords must be changed
  • Helps prevent data breaches as a result of weak passwords
  • Review all Accounts in AD to ensure all passwords are changed
  • If using Office 365, Azure AD Sync is an option to help deploy Single-Sign-On (SSO) and ensure strong passwords are used
  • 2FA is strongly recommended
Ninite Pro
  • Helps safeguard computers from being compromised by vulnerabilities of outdated 3rd Party software i.e., Adobe Reader, Java, Chrome, Firefox, etc.
  • Enables easy upgrades to new versions and automatically updates Adobe Reader, Java, Chrome, etc. to latest version
SonicWALL Security Services
  • Inhibits network attacks for devices that are behind the Firewall
  • Network level Intrusion Prevention System (IPS), Anti-Spyware, Gateway Anti-Virus
  • Logs are limited to memory availability on the SonicWall. Device overwrites when memory is full or upon device reboot. Logs are normally overwritten within 48 hours
  • Analyzer or another SIEM is needed for log retention beyond 48 hrs.
  • Daily or continuous log review auditing is not a service USCC provides
OpenDNS
  • Helps detect and block malicious outbound Botnet traffic and assists in detecting compromised computers
  • Protects laptops outside of the office, when they are beyond the protection of the Firewall
  • Log retention is 30 days
  • Optional Content Filtering capabilities can help enforce company policies
Enterprise Wi-Fi & Wi-Fi Isolation
  • Helps secure your network and data by providing the ability to separate employees and cell phones / guests from the production network
  • Creates an isolated guest network that denies access to your critical data
Data Backup & Disaster Recovery
Datto Backup (Local & Offsite Backups)
  • Helps provide a reliable local & cloud backup solution for your data
  • Server Full Block level backups
  • Local and cloud virtualization capabilities (some models excluded)
  • Additional Passphrase Encryption protection strongly recommended
Datto Backup + Passphrase Encryption
  • Helps comply with laws and regulations that require Encryption-at-Rest for data backup such as HIPAA, PCI, GLBA, State Laws, etc.
  • Encryption uses more hard drive space on the Datto backup unit
Office 365 Backup
  • Facilitates backup of Office 365 e-mail and SharePoint sites
Laptop Backup – Carbonite Safe Backup Pro
  • Facilitates backup of critical information on your laptop into a HIPAA Compliant backup solution (Carbonite Safe Backup Pro)
  • Includes 250GB cloud backup – Billed Annually @ $288/year
  • $100/year per additional 100GB
Log Management for Compliance
SonicWALL - Analyzer
  • Helps meet Firewall logging legal and regulatory compliance requirements
  • Collect and store SonicWall logs on a Server
  • Requires dedicated Server, which requires additional backup space
  • Daily or continuous log review auditing is not a service USCC provides
Windows/PCs - Manage Engine AD Audit
  • Helps meet Windows Servers and Computer events and logins logging legal and regulatory compliance requirements
  • Requires dedicated Server
  • Ability to generate limited alerts and reports
  • Daily or continuous log review auditing is not a service USCC provides
End-User Protection
Folder Redirection for Documents & Desktop
  • Help protect critical user data by storing the Documents, Desktop and Favorite folders on the server
  • Requires adequate space on the server
  • Laptops that are taken offsite might need to use Carbonite Safe Backup Pro instead
Advanced Spam Filter Protection – Mimecast S1/M2/M2A
  • Helps protect your organization from malicious links, attachments and impersonation attacks that can lead to reportable data breaches
  • Targeted Threat Protection (TTP) includes Attachment, URL & Impersonation Protection
  • S1 = Spam Filter + TTP (Office365 and Google G Suite)
  • M2 = S1 + Continuity (Exchange Servers)
  • M2A = M2 + 99-year Archiving
  • End user daily spam reports with ability to Release, Permit, Block
Advanced Spam Filter Protection - O365
  • Helps guard your organization from malicious links and attachments
  • Daily end-user spam reports with ability to release flagged e-mails
Security Awareness Training - KnowBe4*
  • End-user training modules to empower your team to be the first line of defense against threats to your network and customer data.
  • Video training, infographics, PDF’s and mock Phishing Campaigns to teach end-users how to spot risky e-mails containing unsafe link / attachments and CEO Fraud.
  • Promotes a security conscious culture and fosters behavioral changes help secure your network environment
Remove Local Admin Privileges
  • Limits the damage that exploits and viruses can cause by ensuring attacks cannot run at the Administrator Level
  • Designates a limited / select number of Admin-UserName accounts per company that can make changes and install software on computers
Mobile Wi-Fi Protection - Norton
  • Establishes a secure VPN connection over insecure or public internet connections
  • Provides up 5 devices per User, including Laptop and Mobile devices
2-Factor Authentication / MFA
Computer / Server 2FA - Duo Security
  • Deters unauthorized access to Computers, Servers, Exchange Webmail, and much more
  • If credentials are somehow compromised, 2FA inhibits the attacker and can provide red flags / warnings that unauthorized access attempts are taking place
Office 365 - Azure MFA
  • Deters unauthorized access to Office 365 by ensuring that 2FA is required for Webmail every 1-60 days
  • Create AppPasswords for Outlook and Mobile devices
Data Protection
Password Manager - Keeper Security
  • Helps users employ a long and unique randomly generated password for each business site
  • Shared items are secured between users
  • Protected with Master Password and 2FA
  • When a user leaves the organization, the passwords can be revoked and transferred to a designated person
  • Zero Knowledge & HIPAA compliant Business password management solution
E-mail Encryption - Share File - 5 Users
  • Send and receive end-to-end encrypted e-mails via Outlook plug-in or web portal
  • Helps meet legal & regulatory requirements
  • Allows users the ability to request sensitive files/information via a link
  • Supports 2FA
  • $125/month if billed monthly
E-mail Encryption - Mimecast
  • Send and receive encrypted e-mails based on policies or keywords like [encrypt] for outbound e-mails
  • Apply policy-based encryption to Data Loss Prevention (DLP)
E-mail Encryption - O365
  • Send and receive encrypted e-mails based on policies or keywords like [encrypt] for inbound/outbound e-mails
Laptop Full Disk Encryption - SimplySecure / Beachhead
  • Prevents unauthorized data disclosure by applying Full Disk Encryption
  • Lost or stolen laptop can be remotely wiped once it establishes internet connection
  • The system can validate / prove the compromised device was fully encrypted
  • Requires Windows 8/10 Pro and existing TPM chip
Device Secure Wipe with DoD 5220.22M
  • Prevents unauthorized data disclosure by securely wiping Hard Drives and media with DoD 5220.22M Standard
  • SSD/Flash Drives are Crypto Erased with BitLocker Full Disk Encryption
  • NAID Certified vendor Physical Destruction or shredding with certificate
  • $40 per device – USCC to issue Wipe Certificate
Azure Information Protection Data Encryption
  • Helps protect sensitive data by applying Encryption-at-Rest
  • Files are only accessible by authorized users regardless of their location
  • Azure RMS uses AES 128/256-bit encryption for Documents, RSA 2048-bits for Key protection and SHA-256 for Certificate signing
Network Infrastructure Billable Projects
Desktop BIOS & Firmware updates
  • Helps protect computers from attacks on hardware and firmware related vulnerabilities, like Meltdown and Spectre
  • It is recommended that BIOS and firmware updates are applied at least once per year
  • This billable project will require about 30-60 minutes per computer
ESXi Version Upgrades
  • Helps protect virtualized servers by ensuring the latest ESXi version patches security vulnerabilities
  • Requires server downtime and the hardware to be compatible with the latest version of ESXi
End of Life Software migrations
  • Helps protect your servers, computers, users and data from attacks that target outdated and vulnerable software
  • Non-supported software puts your organization at risk of being targeted by attackers that look to gain and maintain access to your network
  • Vendors eventually stop supporting and releasing security patches for their software
Desktop Upgrades
  • Helps address the vulnerabilities and risks of having older Desktop Operating Systems no longer receiving security updates
  • Vendors eventually stop supporting and releasing security patches for their software for older Desktop Operating Systems
Server Migration(s)
  • Helps address the vulnerabilities and risks of having older hardware / servers that can cause downtime
  • Specific recommendations for server / e-mail migrations are made after reviewing the network environment