The CyberValent Ultra.ai program is an all-inclusive cybersecurity, privacy, and compliance program rooted in patented technology and bootstrapped with Samaritan.ai designed with you in mind. 

Compliance as a Service

GRC  Implementation

Enable integrations for automated evidence collection, ensure proper mapping for all controls and evidence, troubleshoot all errors and failing tests, assign ownership, and manage the platform for optimal implementation.

Compliance Readiness

Evaluate Compliance goals, high-level review of existing posture, prioritize critical gaps, and provide achievable timelines for all work-streams associated with the specific Compliance objective.

Custom Policy & Procedure Creation

Tailor Policies & Procedures for the business context and operating environment, risk tolerance, ownership, and best practice recommendations.

Evaluate and Develop Effective Controls

Create, customize, deploy and test Controls within the business context and operating environment; design for risk tolerance, ownership, and best practice recommendations

Security Training Implementation

Assist with evaluating training and awareness options, basic and advanced options, customized training where specifically requested.

System Description & Statement of Applicability Support

Assist with creating and customizing the System Description and/or SoA for respective Compliance requirements.

Compliance & Security Roadmap planning

Execute planning sessions for areas to improve security as identified during the audit and from best practices guidance, including discussions for additional compliance initiatives

External Audit Management

Serve as the primary POC with Auditors (if desired), represent the security and compliance program to all external parties, manage the discussions and direct towards client teams only as needed, client coaching for how to manage the audit experience.

Penetration Test Support

Assist with identifying scope and proper levels of penetration testing, discuss key differences, recommend Vendors, evaluate options for best use of limited resources.

Initial Risk Assessment

Execute basic, Compliance-ready Risk Assessment to establish a foundational Risk Register, assign Risk owners, action plans, and priorities.

Tabletop Exercises

Manage and document two tabletop scenarios: one for Disaster Recovery, one for Incident Response.

Security Questionnaire Support

CyberValent will complete one security questionnaire of up to 150 questions per calendar month, within 5 business days of receiving the questionnaire.

External Trust Page/Center Implementation

Where available, assist with establishing a Trust Page/Center, train on configuration of the page, educate Sales staff on value for accelerating the sales cycles.

Attack Surface Management

Weekly scanning of AWS Cloud for configuration weaknesses, continuous oversight of operational drift, and technical advisory and guidance to address findings in a risk-prioritized manner.

Attack Surface Management+

Weekly scanning of AWS, Azure, or GCP Clouds for configuration weaknesses, continuous oversight of operational drift, technical guidance to address findings in a risk-prioritized manner. Additional items included in the + package: Slack, email, domain, and website security advisory services.

Vendor Risk Management

Develop and formalize SOPs for Vendor Risk Management, especially procurement and evaluations; centrally manage Vendor assessments.

Foundational Vulnerability Management

Create Policies and supporting SOPs for Patch and Vulnerability management, including CI/CD processes, for infrastructure, code, applications, and workstations.

Foundational Incident Management development

Create Policies and supporting SOPs for Incident Management, including one tabletop test and Lessons Learned feedback loop exercise.

Foundational Business Continuity Procedures & Disaster Recovery Development (BCP/DRD)

Create Policies and supporting SOPs for BC/DR, including one tabletop test and Lessons Learned feedback loop exercise.

Foundational Threat Management development

Create Policies, supporting SOPs, and technical stack (including log configuration) to ensure proper foundational elements for Threat visibility, sound forensic trails, and investigations.

CISO as a Service

AWS Security Best Practices

Perform reviews to evaluate and optimize the reliability, security, and efficiency of AWS workloads. Review existing AWS-native security tools and their deployment and/or relevance for a client's environment, including the use of AWS Organizations, Control Tower, Trusted Advisor, Security Hub, and other native tools for a foundational security architecture.

Security Maturity Measurement & Roadmap Development

Perform a comprehensive analysis across all Security Domains to rank existing capabilities, perform peer comparisons, and identify key focus areas with a roadmap built with a risk-prioritized lens.

Premium Risk Assessment

Perform a detailed quantitative risk analysis by considering likelihood, impact, exposure; develop risk-prioritized mitigation strategies, create or enhance the Risk Register. The risk assessment will be based on a business-first approach, and aims to identify risks across different areas of the organization, providing a holistic view of risk exposure and business expectations.

Premium Vulnerability Management

Premium Incident Management Program Development: Evaluate and leverage automation for initial triage, evaluate existing toolset and capabilities, develop internal automated IR capabilities or define requirements for 3rd parties to assist and/or manage Incident Response, including Forensics investigations.e.

Incident & Data Breach Response Support

Perform comprehensive analysis of the People, Processes, and Technology associated with endpoint security, Log Management, and correlation tools to support Threat investigations and Incident Response requirements. Evaluate and discuss options for baseline enforcement and remediation with Cloud-native or other automated response tools, including potential MSSP options. On-demand, perform initial triage to determine containment strategy, and define if expert Forensics and IR support is required.

Premium Threat Management Program Development

Evaluate Log configurations at source, ensure proper details and sufficent coverage. Review and/or assist with designing log storage, lifecycle management, immutability. Review and/or refine endpoint security for workstations and Cloud assets (including containers), configuration management for hardened baselines, and build/refine processes for proper Threat Management. Create roadmap for deploying event correlation for automated triage and log investigations to move beyond manual investigations.

Annual Business Impact Analysis (BIA)

Identify and document key business and technological dependencies, define and evaluate appropriate recovery times, and ensure business recovery processes support business SLAs.

Vendor Evaluations

Requirements definitions, tech reviews, downselects: Expert advisory services to identify key priorities, define critical requirements, evaluate Vendor offerings, downselect and ensure Vendors are accountable from the sales to delivery lifecycle, especially ensuring appropriate scope and no hidden products or costs.

Architectural Design Review and Recommendations, including DevSecOps Advisory Services (IaC, Kubernetes, CI/CD, secure code & operations) and Configuration Management

Evaluate Development practices, CI/CD workflows, and security architecture against best practices; provide insights, immediate recommendations, and a strategic roadmap based on the business operating context and risk priorities, and develop CI/CD Security Plans as appropriate.

Sales Support for Prospective Clients

Support clients during sales cycles to properly represent the security posture and culture to the prospect in order to win the business with the security story (up to 3 hours/monthly).

Internal Audit Team

Perform formal Internal Audits against the ISO framework, provide detailed documentation, recommendations for improvements, and interactive discussions about findings and action plans.

Mergers and Acquisitions Support

Perform general and/or technical assessments of potential acquisitions to evaluate overall risk, provide feedback to Leadership with ballpark cost estimates for risk mitigation to leverage in negotiations for final acquisition cost.

Data Privacy as a Service

Serve as Data Privacy Officer

This role operates independently and entails a wide variety of responsibilities including Advisory, Privacy Program Development and/or Management, Privacy Training, Communication with internal and external parties, and various other duties.

GDPR/ISO 27701 Readiness Assessment

This assessment helps identify gaps in compliance, areas of risk, and opportunities for improvement in data protection practices.

Privacy Impact Assessment (PIA)

Assess existing Privacy practices, data collected, and creating a document with detailed findings of the DPIA, including identified risks to data subjects’ privacy and recommended measures to mitigate these risks.

Transfer Impact Assessment (TIA)

Evaluate types of data, existing controls, contractual clauses, and other relevant GDPR requirements to ensure or develop proper procedures for Data Transfers.

Privacy Roadmap

Based on the Readiness Assessment, CyberValent will create a prioritized action plan with specific guidance to achieve GDPR readiness and compliance.

Data Inventory and Record of Processing Activities (RoPA)

CyberValent's GDPR Record of Processing Activity (RoPA) Assessment and Recommendations service is designed to assist organizations in achieving and maintaining compliance with the General Data Protection Regulation (GDPR), specifically concerning Article 30's requirements.