Our Cyber Secure Environment


A comprehensive approach that ensures a robust cybersecurity posture

Pegasus Technologies Cyber Initiative

At Pegasus Technology, we’ve proactively transitioned all our clients to a more secure cyber footing.
Pegasus Technologies Cyber Secure Environment is designed for 365 Tenancy and local system user and server devices.
It addresses the requirements of the Essential Eight Maturity Levels 1 and 2, as well  many requirements from cyber insurance questionnaires.
This comprehensive approach ensures a robust and measurable cybersecurity posture for both Office 365 environments and local systems.
Our environment will allow you too confidently,
  1. assess for Essential 8 – Maturity Level 1 or Level 2
  2. answer the cyber security questionnaires.

Note: the Essential eight assessment is not included in the Cyber Secure Environment costs.
However, I am a qualified ACSC TafeCyber Essential Eight Assessor.  Qualification #77 and can perform the  accessment if you need the certification.

The Pegasus Technology Approach

It’s all well and good for me to tell you that you need our ‘Cyber Secure Environment’. But how do you know that you are secure.

Yes, we have extensive knowledge and a long history (40+ years) of implementing and supporting secure IT environments.

There are 2 ways I can see for us to measure your security:

1. The Essential Eight Framework

Australian Signals Directorate /Australian Cyber Security Centre created the Essential Eight maturity model (All government Departments are required to meet the Essential Eight maturity level and we are already seeing that come down the supply chain).

The Essential eight lists 8 mitigation strategies that need to be implemented to reach a specific Maturity Level and documents the controls and tests to validate their implementation. Essential Eight Explanation
2. Cyber Insurance questionaries.

Cyber Insurers have skin in the game – If you get breached, they pay – So their questions are relevant.

Cyber insurance questionnaires cover various security products. Having a cyber-secure environment reduces your risk, enabling you to confidently answer yes to the various technology-related questions. As a result, your risk is minimised, their risk is minimised leading to potentially  lower insurance premiums..

Answer ‘no’ to all of them, and you may find yourself without coverage.

Your existing Cyber Security Posture probably consists of:

Local System Backup

No cloud or Disaster recovery options

Anti-Virus

Traditional software that is based on 30 Year old technology

Patch management Relying on the default system patching

Does not provide patch reporting or success reporting

Perimeter Firewall

Is this a next Gen Firewall ?

Office 365 Security Score

Typically, your 365 security score is in the 30-40% range.

From a Cyber Insurance viewpoint, this is a consolidated list of the questions I have seen:

Application Whitelisting
Backup – MultiFactor Access
Database Encryption
DNS Filtering
Incident Response Plan
Office Macros Disabled
Perimeter Firewall
SPF,DKIM,DMARC Enforced
Web Application Firewall
Office 365 Secure Score > 50%
Asset Inventory
Custom threat intelegence
Data Loss Prevention
Employee Awareness Training
Intrusion Detection Systems
Password Manager
Phishing Simulation
Virtual Private Network
Web Content Filtering
Backup – Immutible/Air Gap
Dark Web monitoring
DDos Mitigation
Endpoint Detection and Response (EDR)
MultiFactor Authentication
Patch Mamagement
Security & Event Management
Vunrability Scanner
Typical Current state
Missing Urgent
Partial Implementation
Existing

With the Pegasus ‘Cyber Secure Environment’ you will have:

Application Whitelisting
Backup – MultiFactor Access
Database Encryption
DNS Filtering
Incident Response Plan
Office Macros Disabled
Perimeter Firewall
SPF,DKIM,DMARC Enforced
Web Application Firewall
Office 365 Secure Score > 50%
Asset Inventory
Custom threat intelegence
Data Loss Prevention
Employee Awareness Training
Intrusion Detection Systems
Password Manager
Phishing Simulation
Virtual Private Network
Web Content Filtering
Backup – Immutible/Air Gap
Dark Web monitoring
DDos Mitigation
Endpoint Detection and Response (EDR)
MultiFactor Authentication
Patch Mamagement
Security & Event Management
Vunrability Scanner
CSE Key
Cyber Secure Environment
CSE Advanced
Don’t wait, book an Free Initial Call to discuss your Cyber Security requirements and how our ‘Cyber Secure Environment’ can help.

Pegasus’s Cyber Secure Environment addresses the following security issues:

Advanced Endpoint Detection and Response (EDR)

Endpoint Detection and Response (EDR) is a cybersecurity technology designed to continuously monitor and respond to threats on endpoints, such as computers, mobile devices, and IoT devices.

  • Applied to Workstations, servers and Mobile Devices
  • AntiVirus
  • EndPoint Detection and Response
  • Device Rollback – (Windows)
Application Control
  • Application Whitelisting * ++

a cybersecurity strategy that restricts the use of software applications to a pre-approved list. This means only vetted and authorized applications can run on a system, reducing the risk of malware and unauthorized software

 

Asset Inventory Reports
  • Managed Device audit and reports on your asset inventory.
Backup – MFA
Backup – Immutable/Airgap
  • Immutable Offsite backup protected by MFA
  • SaaS Backup – Independent Cloud based backup of your 365 tenancy.
  • BCDR Backup –  Local and cloud based backup with DR services built in.
  • Workstation backup or Document Backup
Custom Threat Intelligence
  • The Pegasus Threat Intelligence Portal allows for real-time research of individual IP addresses across multiple threat data sources. Additionally, incoming device data from firewalls, VPN servers, and network security appliances are scanned using indicators of compromise from the Cybersecurity and Infrastructure Security Agency (CISA) IP Investigation.

  • ATIP Shield is Pegasus’s publicly accessible threat intelligence feed, containing IP address indicators of compromise sourced from several industry-leading private sector companies and US government entities. The ATIP Shield feed is updated every 2 hours, and is intended for automated ingest by firewalls, IDS/IPS, and other devices that have ability to import external, IP lists. The feed is available for download and integration. Implementation documentation for select vendors can be found below. The referenced documentation is by no means comprehensive. If a device supports external/dynamic block lists, integrating the ATIP Shield feed should be possible.
DarkWeb Monitoring
  • a cybersecurity practice that involves continuously scanning the dark web for any signs of your organization’s sensitive information. This can include compromised passwords, breached credentials, intellectual property, and other confidential data.
Data Loss Prevention
  • Pegasus Technology implements 365 policies to enable Data Loss Prevention rules within your 365 Tenancy
Email Domain Reputation/Fraud Protection
  • SPF  Protocol Enabled and Monitored

 Identifies who can send as your domain

  • DKIM Enabled and Monitored

 Tags emails as being from your domain

  •  DMARC Enabled Monitored and Enforced

 Monitors the state of your SPF & DKIM compliance and enforces their compliance.

Employee Awareness Training
  • This type of training educates employees about various cybersecurity threats and best practices to protect sensitive information. It typically covers topics like password management, recognizing phishing attempts, and safe internet usage. The goal is to create a security-conscious culture within the organization.
Internet Access Protection
  • DNS filtering ++

blocks malicious or forbidden websites and applications at the DNS level so that they cannot be loaded on user devices.

Managed Password Manager
  • Password Management

Protect, discover, share and rotate passwords, passkeys and confidential data in a zero-knowledge vault with role-based access control, auditing and compliance.

  • Password Generation and Sharing

Generate high-strength, random passwords and enables secure sharing among users and teams. Create shared team folders and restrict whether users can add, remove, modify or share records.

 

MultiFactor Authentication
  • Pegasus Technology  will implement 365 Conditional Access Policies enforcing MultiFactor Authentication.
  • Application usage Identification – Identify unsecured applications used by your staff.

Network Scanning
  • Network scanning is a crucial process in cybersecurity and network management. It involves systematically examining a network to identify active devices, open ports, and services running on those devices
Office 365 SecureScore
  • Pegasus Technology implements the policies and rules that will elevate you secure score from the typical range of 30-40% to 50-80% (Subject to licensing constraints)
Office macros Disabled
  • Attack Surface Reduction

 a cybersecurity strategy aimed at minimizing the potential entry points (or “attack surfaces”) that attackers can exploit to infiltrate a system or network. By reducing these points, organizations can significantly lower their risk of cyberattacks.

  • Device policies *

Implement and validate Macro polices on a per device basis.

Phishing Simulation
  • Phishing simulations are exercises that mimic real-life phishing attacks to test employees’ ability to recognize and respond to malicious emails. These simulations help identify vulnerabilities and training gaps, allowing organizations to improve their security posture.
Patch Management
  • Managed implementation and reporting
Security & Event management
Managed Detection and Response

Provides the SEAM, SOAR, SOC solution of an MDR

  • SIEM (Security Information and Event Management)

System logging from all desktop services, 365 Tenancy, Vulnerability and EDR solutions

  • SOAR (Security, Orchestration, Automation, and Response)

Automated response to issues identified through the seam logging

  • SOC (Security Operation Center)

24×7 Monitoring, response and support of your environment (by a Human).

Vulnerability Scanning
  • is the process of evaluating networks or IT assets for security vulnerabilities—flaws or weaknesses that external or internal threat actors can exploit.

Pegasus Cyber management Services

Pegasus Technology offers two classes of services in the Cyber Security domain. These allow us to implement and manage our Cyber Secure Environment.

  1. 365 tenancy support to maintain the security of the environment and support users within this environment.
  2. Desktop/Server Security Support – Cyber Support for your desktop/server environment.