top of page
Solving Math Equations

SPEAR Assessment with Expert Review and Feedback

Security Posture, Environment, & Architecture Review (SPEAR) Self-Assessment

Image by Mohammad Rahmani

Vantage Cyber Defense brings to you the Security Posture, Environment, & Architecture Review (SPEAR) Assessment, a comprehensive suite of modular cybersecurity assessment tools. Based on the revolutionary concept of the Detection Oriented Security Architecture (DOSA), SPEAR consists of eight modules that cover all aspects of a robust security program.
 
The eight modules are: architecture, monitoring/incident response, vulnerability management, data protection, education/training, user identity/credentials, validation/testing, and policy/compliance. Each module comes with a set of meticulously designed questions to assess the current state of your cybersecurity environment. Our questions are unique in that they not only determine if a topic is covered in your security environment but also delve into how fully deployed it is and how confident you are in your responses.
 
Underpinning the SPEAR Assessment is the DOSA approach, an innovative shift in the way we approach cybersecurity. Instead of relying solely on protective controls, which are susceptible to vulnerabilities, DOSA proposes a system that mixes centralized collection of security information, use of non-production resources or cyber deception, and environment variability. This approach not only enables rapid detection of potential breaches but also denies attackers feedback, decreasing dwell time and response time, thereby reducing data breach costs.
 
Our SPEAR Assessment tool also integrates a dashboard that provides a visual representation of your current security program, outlining your security strengths, weaknesses, and offering a prioritized set of recommended remediation steps. This approach allows for a clear understanding of your security environment and an actionable path to strengthen your defenses. Throughout this process our seasoned cybersecurity professionals work hand-in-hand with your team to understand your specific priorities and limitations, providing personalized findings and recommendations.
 
For more in-depth analysis and assistance, clients can avail themselves of Validation and Testing services. The Validation and Testing add-on involves a series of scans, configuration reviews, policy reviews, and more, to verify the self-assessment findings, identifying any discrepancies between perception and reality.
 
The SPEAR Assessment tool, coupled with our additional services, offers a comprehensive and holistic understanding of your cybersecurity environment, allowing you to identify vulnerabilities, prioritize actions, and enhance your cybersecurity posture. Whether you adopt the DOSA architecture or opt for an alternate approach, our solution empowers you to strengthen your defenses and navigate the complex cybersecurity landscape with confidence.

SPEAR Assessment Modules

Architecture

The SPEAR architecture review focuses on identifying all of the technological and operational components of security security program including detective and protective controls, and security-related network design considerations. The SPEAR architecture review allows you to identify and prioritize any missing components from your security program and to identify how the design or your network helps or hurts overall environment security.

Vulnerability Management

The SPEAR vulnerability management module focuses on the methods used to reduce the number of vulnerabilities within your organization including:

  • Patch management

  • System and device hardening

  • Vulnerability scanning

  • Vulnerability-related risk acceptance

When completed, you will receive a detailed, prioritized set of recommendations for reducing the number and severity of vulnerabilities throughout your environment.

Monitoring, Detection, & Incident Response

The SPEAR Monitoring, Detection, and Incident Response module assesses your capabilities to generate high-fidelity alerts, access relevant security information, respond to detected incidents effectively and efficiently. It focuses on operational capabilities, the ability to generate, analyze, and use security information with the goals of:

 

  • Reducing dwell time

  • Reducing SOC costs

  • Alert notification without a SOC

  • Reducing breach costs

Data Protection

While some attackers may be interested in computing resources, most attackers are looking for data and a strong data protection strategy is key to ensuring that your data stays yours. The SPEAR Data Protection modules looks at a variety of data protection strategies and technologies including:

  • Data classification

  • Data loss prevention

  • Encryption

  • Data lifecycle management

  • Data retention policies

  • Backup and recovery

  • Data asset ownership

  • Data storage and destruction

User Identity and Credentials

Attacks involving user identity and credentials are on the rise. If an attacker can compromise a valid user identity, they will be able to do anything that user is allowed to do. To limit this risk, the SPEAR User Identity and Credentials module assesses every aspect of the user provisioning process including:

  • New user provisioning

  • User rights and permissions assignment

  • Regular user review

  • Authentication and authorization protocols

  • Principal of least privilege usage

  • Credential use and management

  • Identity and access management solutions

Education and Training

The SPEAR Education and Training module focuses on the aspects of a security program designed to address the human element, to ensure that people are part of the security solution and not part of the problems. The Education and Training module addresses numerous topics including:

  • Security awareness training for end users, technical personnel and executives

  • Security skills and certification requirements for hiring new personnel

  • Ongoing training and certification requirements

  • Cross-discipline security training

Policy and Compliance

The SPEAR Policy and Compliance modules helps to determine whether your organizations has the necessary policies, procedures, standards, and guidelines, and whether those governance documents address all necessary topics.

The module also assesses organizational understanding of regulatory requirements and whether, in general, regulatory compliance is being adequately addressed. 

Note: this is not a gap assessment for any specific regulation. If that is needed, contact Vantage Cyber Defense for Validation and Testing services.

Validation and Testing

Then SPEAR Validation and Testing module assesses organizational capacity and capability to determine the effectiveness of their existing security program. It covers topics such as:

  • Port and vulnerability scanning

  • Penetration testing

  • Red team exercises

  • Adversary emulation exercises

  • Security audit functions

  • Purple team exercises

Modular Approach

With our cost-effective modular approach, you have the flexibility to choose the specific modules that align with your unique security needs. No need to invest in unnecessary assessments. Select what matters most to your organization and optimize your resources.

Get a 5% to 35% discount when you purchase 2 to all 8 modules at once.

bottom of page