SECURITYSOLUTIONS AND SERVICES

A Modern Approach to Threat Protection, Detection, and Reaction

1.800.800.0014 www.connection.com/SecurityPractice 2

With the continuous state of change in the global threat landscape, organizations face cyber attacks and security breaches that are growing in frequency and sophistication every day. Connection’s Security Practice offers solutions and services to counteract increased risk proliferation. Our team of experts has designed industry-leading assessments, analysis, technology planning, and integration that focus on a unified and centralized solutions approach, risk management guidance, and oversight, including managed security services to combat attacks and prepare for the unknown.

As a trusted partner with more than 35 years of experience, we can help you identify vulnerabilities in your environment and determine which ones are exploitable and dangerous. Then we can proactively develop a prioritized action plan to support your organization’s ability to define, document, and manage acceptable risk requirements.

Based on your organization’s needs, environment, business process, and security goals, our experts will provide insights to help you implement the right solutions to address your critical risks and protect your operations. As an extension of your IT team, we’re committed to keeping your organization operating safely and securely.

Why Choose Connection for Security Solutions and Services?

1.800.800.0014 www.connection.com/SecurityPractice 3

A comprehensive approach to security requires solutions and services that ensure the safety and security of your data, infrastructure, and user experience throughout the complete threat lifecycle. We can help you manage those threats with the three pillars of security management: Protect, Detect, and React. Gone are the days when a single layer of defense was enough to keep intruders out of your data. Together, these three pillars form a cohesive, interdependent approach to information security, ensuring that you don’t just deploy technology to address security-point issues, but manage your technology to prevent a security event from becoming a security epidemic.

The 3 Pillars of Security Management• PROTECT—Our security experts identify, document, and

analyze your security risks—and define the people, processes, and technologies necessary to bring that risk into the acceptable range with a suitable protection strategy. We focus on a unified security stack approach with technology that integrates, communicates, and correlates critical security information and events to keep your data safe.

• DETECT—Simply protecting your critical assets and data is no longer an adequate plan to protect your organization from today’s evolving threats. You must also implement the appropriate solutions to detect when security events or breaches occur. This involves people, process, and technology all unified under one common process to keep your risk at an acceptable level.

• REACT—It’s no longer a matter of if a breach will occur, it is only when. You must create your security program to expect that breaches will happen, and when they do, you must be prepared to react quickly and decisively to lock the breach down and prevent compromise of critical systems or data. Keep a “security event” from becoming a “security epidemic”.

Connection’s Security Assessment, Unified Security Stack, and program services empower your organization with effective strategies and services to manage your risk 24 × 7 × 365.

Managing the Complete Threat Lifecycle

1.800.800.0014 www.connection.com/SecurityPractice 4

1 DISCOVER—Our experts work with you to conduct a security penetration

test and vulnerability risk analysis to determine what vulnerabilities exist across your organization—external, internal, and wireless—and then determine what active exploits are available against those vulnerabilities. In short, how does the cyber criminal get past your defenses?

2 ASSESS—Next, we help you assess risk liability by prioritizing

vulnerabilities based on ease of exploitation and exposure to critical systems or data. In other words, which risks need to be addressed immediately?

3 REMEDIATE—With agreed upon priorities, we build a remediation plan

to address those risks with appropriate mitigation strategies. This plan is then circulated for approvals to ensure all stakeholders are also in agreement. In addition, we are ready to assist you with remediation execution as necessary.

4 IMPLEMENT—Our experts work with your team to implement

solutions that bring risk to an acceptable range, based on the approved plan, in lockstep with your organization’s policies and controls.

5 MANAGE—With a security solution in place, we facilitate the final—and most

critical—step in your security strategy. Our industry-leading Managed Security Services reduce the burden of ongoing protection, empowering you to manage your risk, day over day, month over month, and year over year.

5 Steps to Success Connection addresses your full security risk lifecycle through a five‑step process:

1.800.800.0014 www.connection.com/SecurityPractice 5

Comprehensive Security Solutions and ServicesToday’s security professionals—Director of IT, CIO, Director of IT Security, and CISO—often struggle with not only the identification of vulnerabilities, but also comprehension around how those vulnerabilities translate to threat vectors that can impact their environment. The true cost of a security breach goes well beyond financial damages, often with a lasting, adverse impact to customer and partner relationships and significant regulatory penalties. Connection offers the guidance, resources, and tools to help you manage risk, reduce costs, and build a more stable and secure information security program.

Our security services address the most critical security needs, stringent compliance requirements, and complex technology challenges across many industries. Our experts utilize a unified and centralized solutions approach that features risk management guidance and oversight to help you combat

attacks and prepare for the unknown. We can guide your organization through a series of analyses to provide you with an accurate picture of your risk and a solid foundation to continuously protect, detect, and react to today’s sophisticated and constantly evolving security threats.

Discover how to improve your organization’s defenses with our valuable security offerings, including:

• Security Assessment and Audit › p. 6

• Governance, Risk, and Compliance › p. 7

• Security Suite Optimization › p. 8

• Managed Security Services › p. 9

1.800.800.0014 www.connection.com/SecurityPractice 6

Our Security Assessment and Audit can help your organization prioritize where you should focus resources to reduce overall risk. We will help you better understand today’s real world threats and how they could affect your organization. Then we can advise you on how to bring the risk into an acceptable range.

An assessment includes external technical testing, penetration testing, or ethical hacking, of both the fixed and wireless networks, and social engineering testing such as phishing and vishing. The goal is to determine whether or not any of the services that your organization is operating have any flaws in them—and more importantly, whether or not those flaws can be exploited by someone with the right skillset. In addition our assessments and audits will help you determine if you are compliant with your internal policies and controls, or industry standards and regulations such as ISO 27K, NIST 800-53, HIPAA, HITECH, HITRUST, PCI, FFIEC, GLBA, FISMA, etc.

Why Partner with Connection?

We can help you gain a comprehensive overview of your environment with penetration testing that highlights:

• Exploitable vulnerabilities in your environment

• Risks that are critical and therefore need to be addressed with a high priority

• Lower priority risks that can be remediated over time

Our Security Testing Includes:

Penetration and vulnerability testing (to include wireless)

• Internal and external testing and risk analysis

• Switch, router, firewall, server, and data security testing

• Security process and policy review

• Exploitation or attack risk analysis

• Risk enumeration and prioritized remediation plan

• Reporting (to include detailed vulnerability enumeration)

Application security testing and secure code review

• Build a threat model

Identify key security requirements and threats

Create a threat model that documents attacks that could be carried out

• Build assessment action plan

Convert potential threats into action plan

Test against the conditions of attack described in the threat model

• Execute assessment

Execute attacks as described in the action plan

Discover vulnerabilities, explore for variations

• Report results, document findings, and offer remediation recommendations

Security Assessment and AuditPrepare for the Unknown

1.800.800.0014 www.connection.com/SecurityPractice 7

One of the most important components in a successful risk management strategy is not the technology itself, but the structure and documentation that ensures all aspects of the security program work effectively and according to plan.

Every organization needs to consider the people, processes, and technology behind a security program. Instead of simply creating an acceptable use policy or an employee security policy, a truly successful program will establish a mechanism that ensures all of the appropriate policies are written, that users understand them, and that their effectiveness is tracked and managed over time. Our experts can help you create a well-documented, well-defined security program that addresses all three critical concerns.

How to Address People, Process, and Technology• Risk management strategy should look beyond technology

• Ensure the organization, structure, and documentation align with security goals

• Put a process in place to track and manage policies over time

• Develop a well-documented, well-defined security program from investigation to implementation

Why Partner with Connection?

Our team of experts is backed by rich procedures and strong policy background to help you outline and understand important

benchmarks of security. We’ll review your existing policies, or help you develop new security policies that define how:

• Users gain access to systems and data

• Physical documents are protected in the environment

• Assets are hardened, managed, and controlled from an IT security perspective

• An Information Security and Risk Governance Program is built and managed

We will help you develop a well-documented, well-defined security program that brings risk into an acceptable range. Our experts will work with you to prioritize and define that range, and reconcile each of your risk items. Connection also offers industry-leading security awareness training and education, to help you ensure your workforce is well trained to understand and execute your policies, and most importantly, recognize how to “not click that link”.

Our Governance, Risk, and Compliance Services Measure Compliance with:• HIPAA security and privacy rules, HITECH, HITRUST, and

Meaningful Use

• Payment Card Industry (PCI) and Payment Application (PA) Security Standards version 3.0

• Government security standards FISMA and NIST 800-53

• GLBA, SOX, and FFIEC standards

Governance, Risk, and ComplianceDevelop an End‑to‑End IT Security Policy

1.800.800.0014 www.connection.com/SecurityPractice 8

Industry data shows that more than 30% of all software security solutions are acquired in suites to aid in the unification and implementation of security policies. Since security can often be a mix of investments from multiple vendors, our experts frequently see areas where coverage cannot be extended or where integration between vendors’ products is less than ideal. We can help ensure that whether you’re using one or multiple security providers, your environment is adequately configured and provides the protection, visibility, and oversight that your organization, users, and data require.

A Unified Security Stack (Security Suite Optimization) is a strategy rather than a specific type of implementation. Our engagement provides a more complete perspective of risk with visibility across entire environment to:

• Collect traffic from end points, mobile devices, Web, network

• Examine indicators of compromise

• Determine threats

• Gain valuable insight into your current toolset and any potential gaps

Why Partner with Connection?

Our experts work as an extension of your team to help determine what is happening in your environment. We will help you unify or build a strategy that offers a clearer perspective of those events

and guidance on how to manage risk. Our goal is to help you create a unified solution that:

• Provides valuable insight into your current toolset and potential gaps

• Optimizes integration of separate investments

• Ensures your coverage extends across all of your assets, applications, and services

Our Security Suite Optimization Services:• Provide real-time visibility and automated situational awareness

• Improve staff focus/expertise

• Reduce operational security costs—volume/package pricing; improve stack ROI

• Leverage flexible “suite” licensing models; lower security stack TCO

• Reduce FTE demand to manage stack

• Provide an integrated solutions approach

• Consolidate security management

• Reduce number of dashboards

• Improve compliance and policy enforcement

• Enhance coordination for disaster recovery

Security Suite OptimizationSeamless Coverage for All of Your Assets, Applications, and Services

1.800.800.0014 www.connection.com/SecurityPractice 9

Today’s sophisticated threats, strict regulatory environment, and complex business requirements demand an assertive security posture. But not every organization has the IT skillset or staffing resources to develop a cutting-edge security program in-house or maintain it over time. Does your security strategy provide the protection, visibility, and oversight to manage security events 24 × 7 × 365? We can help.

Why Partner with Connection?

Our experts can build a fully managed security solution to monitor events, manage devices and software patches, and satisfy internal or external compliance requirements. Using a proven process and industry-leading tools, our Managed Security Services are designed to help you:

• Simplify addressing the entire threat lifecycle

• Ensure you have appropriate policies and controls in place

• Monitor and manage over time

Why Choose Managed Security Services?

In contrast to quarterly threat scans and annual audits—which are merely reactive ways to provide your organization a snapshot-in-time perspective on how well you are managing risk—a fully

managed security solution gives you a proactive, around-the-clock perspective of where you stand with your risk management and compliancy requirements. For organizations required to comply with HIPAA, PCI, GLBA, or FISMA, this provides the complete picture of your organization’s ability to stay in compliance over time.

Our Managed Security Services Provide Constant Vigilance and Protection:• 24 × 7 security monitoring

• Advanced endpoint threat detection

• Log management

• Managed advanced malware protection

• Managed SIEM

• Managed server protection

• Security device management

• SIM on-demand

• Vulnerability management

• Vulnerability prioritization

• Web application scanning

Managed Security ServicesTrusted Protection Today and Tomorrow

1.800.800.0014 www.connection.com/SecurityPractice 10

Connection utilizes a holistic approach to security, based on a full and end risk managed strategy. Our team of experts is backed by rich procedures and strong policy background to help you outline and understand important benchmarks of security. We will review your existing policies or help you develop new security policies that define how:

• Users gain access to systems and data

• Physical documents are protected in the environment

• Assets are hardened, managed, and controlled from an IT security perspective

• An Information Security and Risk Governance Program is built and managed

Our On‑staff Experts Are:• Highly trained certified expert penetration testers

• Ready to help you document risk and policies, implement a solid security program, and manage it over time

• Trained in application security testing and security code review—a critical capability for any organization utilizing applications to protect sensitive information

• Able to integrate one or multiple security partner solutions under a “Unified Security Stack” approach, using principles of uniform policy implementation, complete coverage, and seamless security protection

The Expertise to Solve Your Security Challenges

1.800.800.0014 www.connection.com/SecurityPractice 11

Extensive Partnerships

We leverage technologies from leading vendors in security to design best-in-class solutions to meet your specific requirements. Our partners include:

• Barracuda

• BeyondTrust

• Bluecoat

• Check Point

• Cisco

• Dell Software

• Dell SonicWALL

• ESET

• Fortinet

• Hewlett Packard Enterprise

• Imprivata

• Intel Security (McAfee)

• Kaspersky

• LogRhythm

• RSA

• Solarwinds

• Sophos

• Symantec

• Tenable

• Trend Micro

• Varonis

• WatchGuard

• Webroot

• Websense

Your Trusted Security Partner

Protect your organization from today’s evolving security threats with guidance from our experts. We are committed to keeping our Security Practice on the cutting edge, because we understand the threat landscape changes on a daily basis. Our experts rely on the most sophisticated, innovative tools and strategies, ensuring we’re able to meet your changing needs day after day. Contact an Account Manager to learn more about our complete offering of security solutions and services.

Our Security Services• Assessment and Security Audit

• Governance, Risk, and Compliance

• Managed Security Services

• Security Suite Optimization

CONVERGED DATA CENTER CLOUD NETWORKING SOFTWARE LIFECYCLESECURITY MOBILITY

About Connection

As a leading National Technology Solutions Provider, we’ve been trusted for more than 35 years to connect people with technology that enhances growth, elevates productivity, and empowers innovation. Connection, a Fortune 1000 company, is a go-to provider for more than 300,000 products and services from 1,600 manufacturers. Our experts lead with solution selling for small- to medium-sized businesses, enterprises, and the public sector across all verticals, from healthcare and retail to higher education and everything in between.

©2016··PC Connection, Inc.  All rights reserved. Connection®, PC Connection®, and we solve IT™ are trademarks of PC Connection, Inc. All copyrights and trademarks remain the property of their respective owners. C338096-0416

Complete technology solutions and services for every need.

Business Solutions Enterprise Solutions Public Sector Solutions

1.800.800.0014 1.800.369.1047 1.800.800.0019