Justin Shanken, CEO
In the wake of the COVID-19 pandemic, many enterprises had to abruptly adopt remote work/ work from home practices and implement new IT capabilities ad hoc, just to keep their businesses operational. Unfortunately, such measures have increased the vulnerability of IT infrastructures, networks, systems, and even devices, towards several cyber threats. After all, cybercrimes are propelled by the virus of greed and notoriety of the black hats who perceive the pandemic-induced workflow disruptions across enterprises as golden opportunities.
On another front, whether it’s PCI DSS, GDPR, HIPAA, or CMMC, organizations are concerned with their ability to meet local, state, and federal government obligations, even as they are compelled to rewire their workflows. With the rapid expansion of work-from-home due to COVID-19, compliance adherence is as crucial as it is hard to achieve.
Unfortunately, most organizations, especially small to medium-sized businesses—as they struggle with finances—have no choice but to trust the limited scope of the generic cybersecurity solutions that their IT providers bring to the table. Generic solutions that won’t be effective unless users adopt them with due regard to and awareness of their organization’s cybersecurity posture, risk, and compliance. ‘Awareness,’ in context, appears to be another unmet, yet unavoidable need, requiring additional investment and focus from leadership.
Turning the tables against these predicaments is Shaken Security Solutions, whose clients enjoy the comfort of expert cybersecurity solutions tailorable to their cyberprotection and compliance needs. The company specializes in delivering comprehensive, cybersecurity awareness solutions to address emerging threats and unique market risk factors.
A personalized approach to cybersecurity assurance and awareness
“At Shanken, we have developed the resources to make cybersecurity simple for our clients without purchasing complex software suites they may not need,” asserts Justin Shanken, Founder-CEO. “We provide industry-leading security awareness training, help customers navigate damage control requiring digital forensics, offer SOC audits, and make cybersecurity risk and compliance a breeze. It doesn’t matter if you are a Fortune 500 company or a small start-up; we have the experts, the partnerships, and the custom solutions to protect your organization and its reputation. For us, one size does not fit all.”
The company’s commitment to “tailorable” solutions shows through in its diverse solution portfolio. Shanken’s offerings range from penetration testing to security awareness training to damage control with digital forensics. Most interest these days, though, is pertaining to Compromise Assessments. “Compromise assessments are the future of cybersecurity,” explains Justin, “With these evaluations, we can determine whether any of a client’s Windows systems are currently, or have ever been, compromised by a cybercriminal.” These assessments serve as the foundation for the organization’s security and compliance: once systems have undergone the assessment and remediation process, they are tagged with a clean “bill of health” by Shanken, allowing them to enter (or return) to normal operations.
Unlike many of its competitors, in addition to targeted projects, Shanken also provides all-encompassing monthly support and services to clients. The goal of these managed services is to allow clients to get back to their core business, not the nuances of cybersecurity. A vital component of this is what they call Monitor, a custom-built solution for holistic vulnerability scanning and compliance monitoring. Monitor was explicitly designed with 21stcentury compliance in mind.
Beyond offering continuous monitoring support, the platform provides proactive vulnerability identification to help organizations maintain and update their systems before a violation occurs. As Justin puts it, “Monitor is engineered to offer easy, understandable cybersecurity and compliance reporting so clients can spend their time enabling the business.”
It doesn’t matter if you are a Fortune 500 company or a small start-up; we have the experts, the partnerships, and the custom solutions to protect your organization and its reputation. For us, one size does not fit all.
To protect against the most vulnerable part of any organization, Shanken offers a highly effective Security Awareness Suite for employees. It encompasses industry leading security awareness programs that protect an organization’s front line against perpetration. The contents of the suite are made to be engaging and approachable, using animations instead of slides to capture user’s attention. “We are building a human firewall, so to speak,” says Justin. “Nine out of ten cyber-attacks start with human error from phishing e-mails – it’s critical to work on the people aspect, as well as the technical piece.” The full training suite encompasses information security, malware analysis, social engineering, password, e-mail, physical security, mobile device security, phishing awareness, and securely working from home. More topics are coming, too, notes Justin, “We have already developed new training explicitly covering topics like working from home and COVID-19 threats.”
In the previous, pandemic-free year, 88 percent of all organizations have witnessed a phishing attempt/ intrusion via bogus e-mails, fake URLs, cloned websites, posts, or tweets. The losses accounted for more than 1.7 billion dollars. Phishing’s stealth stems from its social engineering element that can make way through many cybersecurity rail guards, such as spam filters and firewalls, to ultimately reach unsuspecting targets. As such, building resilience to phishing and other cybersecurity threats entails acquiring adequate levels of awareness from the users’ side. Capitalizing on this mandate, Shanken conducts simulated phishing attacks across their clients’ networks, targeting users with individualized rules of engagement. The clients get to determine the tolerance levels depending upon the user’s cybersecurity knowledge. “All of our simulated phishing attacks are based on rapid analysis of what tactics cybercriminals are currently using. We customize them to industry and organizations to make it as realistic as possible,” adds Justin.
“Cybersecurity will always be a ‘moving target,’ but we pride ourselves on the ability to stay in front of the next generation of threats for our clients. Across our portfolio, all of our solutions are designed to quickly and efficiently address cyber vulnerabilities as they arise, allowing your organization to get back to work on what really matters,” says Justin.
Built by military-grade expertise, driven by customer-centricity
Shanken draws its cybersecurity expertise and edge from its team of former NSA operators and DoD Special Agents. In the field, they witnessed first-hand the need for agile and effective cybersecurity, the lack of which can be disastrous for today’s enterprise. Justin has spent over 20 years within the U.S. intelligence community, and a decade specifically focused on counterintelligence protecting the private industry from intelligence, cyber, and insider threats. Johnny Justice, the firm’s COO, is a retired veteran who spent ten years establishing the U.S. Army Cyber Command. “It is safe to say that we are intimately familiar with the complexity and costs of these threats that organizations face daily,” mentions Justin.
To exemplify this, Justin shares a client success story: In 2019, Shanken was approached by a global supplier of people data and background information. The firm was concerned about vulnerabilities in its network and wanted to validate whether its current preventative action plan was working. Their solution is used by many of the top credit reporting agencies and processes millions of public record checks each year—a breach at any number of possible access points could be detrimental to the firm’s operations. “Like many organizations, a security breach would be potentially catastrophic, and cybersecurity is always a top priority. While we make security a concerted focus, it is always valuable to have a second set of experienced eyes checking your blind spots,” says Phil Vickers, the firm’s Chief Technology Officer (all names have changed to protect the firm’s security and anonymity).
“ Cybersecurity will always be a ‘moving target’, but we pride ourselves on the ability to stay in front of the next generation of threats for our clients. All of our solutions are designed to quickly and efficiently address cyber vulnerabilities as they arise, allowing your organization to get back to work on what really matters”
It certainly wasn’t the first time that network security had been at the top of Phil’s mind. He routinely brought in outside firms to conduct penetration testing in the past. But all of their solutions were automated and did little to help him understand whether the preventative measures his team had put in place were working. Phil was increasingly interested in a more human touch, which matched how adversaries behaved in the real-world.
Impressed by Shanken’s intimate familiarity with cyber attackers, Phil decided to give another team a chance at his network. This time, however, it was going to be different. He didn’t want just to run another scan of the network. He wanted to comprehensively test his technology, his processes, and his people. “The main goal was to find unidentified vulnerabilities, but we also wanted confirmation that our preventative measures were effective,” says Phil.
Over two months, Shanken’s cybersecurity experts conducted an extensive penetration testing campaign across the firm’s network. This campaign tested human weaknesses using simulated phishing attacks and specifically targeted preventative processes put in place by the firm’s security team. The company was able to identify areas of improvement for the firm’s network and its operations. “Shanken taking the extra time to understand our business’ structure and workflows allowed them to find things that were overlooked in templated security assessments,” Phil notes.
For Shanken, the work didn’t stop at identifying threats. Their team put together a detailed write-up of the affected systems, expected impact, and recommended corrective actions for each of the vulnerabilities detected. According to Phil, this was a significant differentiator, “The reports provided were comprehensive and easy to understand. We’ve received reports in the past that contained cryptic codes and fundamental, unhelpful descriptions and remediation recommendations. They were much clearer in both the risk explanation and the recommendations for remediation.”
Paving a strategic and promising roadmap for the future
Scripting many such success stories, Shanken continues to innovate and drive investments towards developing cutting edge cybersecurity solutions. The company is currently developing ASSURE, a new SaaS-based, ondemand, defensive scanning tool designed to help cyber professionals identify vulnerabilities and anomalies on their network in real-time. The platform uses a unique approach to gathering network information to pinpoint malicious actors and activities (even advanced persistent threats) before wreaking havoc on the organization’s network.
Shanken is targeting the initial release of ASSURE by the end of this year to a select group of customers and a broader release to all customers by the end of 2021. “ASSURE adds a critical component to our portfolio. Not only can we provide comprehensive pre- or post-attack cyber solutions, but we’ll also be able to help protect our customers even as an attack is happening,” concludes Justin.