The Challenges
The company also faced challenges in keeping track of all the new vulnerabilities that could potentially pop up on devices across its customer base. It needed a cost-effective way to regularly scan every client network, prioritize the critical and high vulnerabilities that needed quick attention, track the issues that were remediated and ascertain what should be handled during routine network maintenance.
In addition to delivering a standard IT risk management program to its clients, the AME Group also needed to ensure its IT staff were actually following established IT policies and procedures and documenting their work. They recognized that in the event of a breach, cyber insurance companies would conduct audits, and there could potentially be lawsuits.
The AME Group decided they needed a layered approach to IT security and risk management that would help them fill the gaps in its world-class security service delivery.
The Solution
Automated IT assessments: For some time, Jay Sundberg, security services manager at The AME Group, standardized the use of Network Detective Pro to perform recurring security assessments on every client network, accessing the assessment results through the RapidFire Tools online platform to identify any new risks and issues that needed to be addressed. Network Detective Pro helped the staff quickly discover numerous unknown threats within each client’s network and advise on how to develop effective security strategies.
With its ability to run multiple automated assessments across many on-prem and cloud networks in near real-time, the solution’s intelligent reporting capabilities enabled the staff to collect and analyze data and show customers how The AME Group’s services helped bolster their security posture.
In reaching out to RapidFire Tools, the company behind Network Detective Pro, Jay learned that his team of technicians could access other IT risk management tools directly from inside the same RapidFire Tools portal to address all their needs. Once added, he was thrilled that these additional tools could access the same clients they had already set up Network Detective Pro for, and that they shared a common look and feel, making them very easy to adopt. Moreover, the company could provide key stakeholders at each client site free logins to the RapidFire Tools portal, which was a game changer for client engagement.
The AME Group then decided to adopt the other components of the RapidFire Tools portal, systematically adding VulScan for vulnerability management, Cyber Hawk for critical IT change detection and Compliance Manager GRC for its IT security assurance and compliance service delivery.
Automated vulnerability management: The AME Group first added VulScan to its RapidFire Tools portal to automate its vulnerability management services. The AME Group could utilize VulScan to automatically run vulnerability scans — both internal and external — for each client that had already been set up in the RapidFire Tools portal.
The discovered vulnerabilities are displayed on a dashboard for each client, sorted by issue type and by device, with each issue scored based on severity. It also includes information about every vulnerability and recommended steps to remediate them. This gives The AME Group the ability to review the discovered vulnerabilities with its clients, prioritize its work assignments and complete its tasks faster. The company also uses VulScan’s risk management functions to quickly flag each issue as either resolved, accepted or ignored, so they can keep track of progress and get trend reports on the overall security posture of its clients.
Detecting critical IT changes: The AME Group then adopted Cyber Hawk, a machine-learning-based critical IT change detection tool, to help clients achieve a high level of visibility into their environment. The company uses Cyber Hawk to raise a client’s awareness of what they must do when the solution detects anomalous changes, like irregular employee behavior, in their network.
The AME Group configures Cyber Hawk using its smart tagging feature to alert clients via emails of any unauthorized IT changes, allowing each customer to determine whether they can manage the change themselves or require The AME Group’s intervention. The alert emails have two preset response “buttons” that clients can click to either “ignore” or “investigate” the alert. If a client chooses to ignore the alert, the action teaches or trains Cyber Hawk to not issue alerts for the same type of change again. Conversely, if they click the investigate option, a task automatically shows up in the RapidFire Tools portal for The AME Group with complete information about the discovered issue, severity and recommended course of action to manage the risk.
Jay additionally points out that Cyber Hawk’s ability to increase a client’s IT awareness also helps them better adhere to their respective standards and policies, enabling them to provide evidence of the same.
Flexible managed compliance service delivery: The AME Group also leverages RapidFire Tools Compliance Manager GRC to offer clients the most convenient compliance management experience. The company is able to run rapid baseline assessments and comprehensive controls assessments to gauge each client’s level of compliance against several standards and frameworks as well as cyber insurance readiness.
From the results of these assessments, The AME Group evaluates a client’s environment against their respective requirements, including custom frameworks. Jay explains that Compliance Manager GRC provides a solid point of reference to assess a client’s compliance in accordance with most of the important standards. It enables his team to map controls assessments for SOC, FFIEC and the FTC Safeguards Rule as well. The compliance management platform helps The AME Group be more flexible in its approach to assisting clients in meeting their regulatory requirements.
The company uses Compliance Manager GRC to also improve customer engagement during the rapid baseline assessment, where its compliance professionals identify a client’s posture before diving deeper using the controls assessment to ensure they have all the evidence required. Proving compliance starts with a combined effort — and the customers are witnessing proof of the work being done.
The AME Group is able to easily educate clients about their compliance management through highly detailed reports generated by Compliance Manager GRC. This empowers them to be prepared and ready with all the necessary information during an audit, even a surprise one, leaving no room for error.
Jay particularly enjoys the vendor management portal feature that allows him to assign existing or custom-built requirements to a client’s vendors and obtain evidence of their compliance. This proves extremely resourceful for cyber insurance claims and audits.
The Results
The RapidFire Tools suite of products helped The AME Group strengthen its relationship with its clients and refined its IT risk and compliance management services portfolio. The MSP was able to tailor IT risk management strategies to support its clients and their unique needs, creating more opportunities for revenue generation as well, ultimately improving customer retention and attraction. The RapidFire Tools portal, in particular, simplifies how Jay and his team package and deliver services in a seamless, fully integrated manner.
The key takeaway from The AME Group’s partnership with RapidFire Tools is the level of automation the company was able to deliver to its customers on a large scale. Each product drastically boosts the efficiency with which it delivers its services and reduces the need to onboard new staff. The flexibility of the suite increased The AME Group’s profitability while also offering clients the opportunity to plan their budgets and afford its world-class services easily.
Jay expressed that RapidFire Tools helped him and his team deliver superior managed IT services, and they look forward to many more years of collaboration.