At Provisions Group, we’ve reinforced our cybersecurity defenses by teaming up with Red Canary and HackerOne. These partnerships are essential in maintaining a strong front against ever-evolving cyber threats, ensuring we stay prepared. By working with these industry leaders, we continue to prioritize security and resilience for our clients.
Red Canary, a leader in MDR (managed detection and response), helps businesses identify and address potential security threats quickly. On the other hand, Hacker One provides a platform for ethical hackers to proactively find vulnerabilities.
Both companies play an important role in any successful information security program, and their combined capabilities help organizations stay one step ahead of cybercriminals. As official partners of both Red Canary and Hacker One, we want to share how we leveraged these partner's platforms to ensure our environment and client data stays secure. PG cybersecurity experts Jacob Lenhert and Eric Hendrickson will elaborate on how Red Canary and HackerOne work, their unique approaches to security best practices, and how we used them in tandem to achieve SOC2 compliance.
Red Canary
At Provisions Group, we have found value in using Red Canary as our MDR, and we have two teams of dedicated analysts that have access to our environment: one for typical threat hunting and triage, and one for active remediation.
Our Chief Technology Officer, and acting Chief Information Security Officer, Eric Hendrickson, explains, “As a complex high-end technology and marketing professional services firm, we have a fairly complex collection of devices, users, and networks at Provisions Group. There may be an attempted compromise or suspicious user activity and with a small team, it would be easy for us to miss something – especially if that happened at 2AM. This is where Red Canary comes in: they watch, 24x7 and alert us as needed.”
From there, Red Canary follows an escalation process based on the nature of the activity or threat to ensure that information and environments stay secure.
(These images are captured from our Red Canary environment, offering a visual representation of how they provide raw telemetry. This capability plays a crucial role in early threat detection and demonstrates how they help safeguard our environment through multiple layers of security.)
Jacob explains, “There’s a couple things about Red Canary that really set them apart from other MDRs, one is that we have a live person, and actual human being, touch every single alert or incident that’s generated. They will make notes, provide context and remediation, and give next steps. Also, we have automation set up- when it identifies a threat on a device, it will isolate that device.”
Finally, they are one of Microsoft’s security strategy partners and a key member of MISA, allowing them to have some of the best integration with Microsoft services when it comes to visibility, active remediation capability, and raw telemetry, “We’ve had nothing but good experiences with them”.
Hacker One
Hacker One is a cybersecurity company specializing in attack resistance management. Jacob explains that Hacker One facilitates the engagement with actual unethical hackers, “Their approach is also very unique to how a pen test is done historically – or how a lot of pen testing companies do it.”
When it comes to hacking there are people that do this for the right reasons and the wrong reasons, Hacker One has created a platform to vet hackers so that they can conduct penetration tests (pen tests) for companies. They will take company qualifications and match specific hackers that are a good fit for the specific environment. This was a crucial step in strengthening our security posture and also a key requirement for SOC 2 compliance—completing a penetration test.
(Hacker One provides many different security offerings along with Pentests, see images above and click here to learn more information on how they can help you.)
Security Milestones
Another unique aspect of these platforms is how reputable and trusted they are, regardless of their unique approaches. “I found Red Canary and Hacker One, or was introduced to them, at a National Cybersecurity summit, which is led by the Department of Homeland Security. It was cool being able to interact with trusted speakers and vendors… and when it was coming around for us to reevaluate our SoC provider, I felt very strongly it was our best path forward.”
Both platforms played a key role in meeting our compliance goals and enhancing our overall security strategy. We can visualize this as a layered approach with Red Canary as the inner layer, and Hacker One on the outside, as an end-to-end kind of approach.
We are thrilled to be official partners of Red Canary and HackerOne, and have the ability to provide these cybersecurity services to our clients. Is your company’s security armed and ready? Schedule a call with our team at PG or click here to learn how we can help reinforce your defenses and keep you one step ahead.
Eric Hendrickson
CTO at Provisions Group
Jacob Lehnert
Security Engineer at Provisions Group
###
About Provisions Group
Founded in 2003, Provisions Group offers scalable IT strategy and Mar-Tech consulting and implementation as well as a comprehensive staffing practice that delivers vetted, hard-to-find technology talent. Provisions Group serves businesses of all sizes with specialization in growth-oriented and mid-sized organizations. The company’s consulting practices include Marketing, Healthcare IT, CRM (Customer Relationship Management), Application Development, Data and Analytics, Infrastructure and Cloud, and Security and Compliance.
Headquartered in Franklin, TN, Provisions Group has served over 1,000 clients and placed more than 6,000 candidates over 20 years. For the last three consecutive years, Provisions Group has been recognized by Nashville Business Journal as one of Nashville’s Best Places to Work and a Top-10 firm for technology, recruiting, management consulting, and Healthcare IT. For more info visit: https://provisionsgroup.com/