Emantra Logo
hand holds icon

Our Services

enterprise cyber risk management

INTEGRATED ecrm SERVICES

Emantra offers a range of high-level integrated ECRM services which cover key aspects of a strong Cyber Resilience Framework.

Integrated means that they comprise a selected set of balanced tools, roles and functions which are designed to work together; and that they can integrate with your existing IT management system and team including job ticket system if you have one.

Emantra currently offer four integrated services described below.  These are pre-templated on the ISM, NIST and ISO 27000 definitions and standards, and are tailorable to your size and nature of business, and its cyber maturity.

If you need some of the elements included in these integrated services but not all of them, Emantra can in most cases deliver them as stand-alone modular services.  See here.

VCISO

CISO as a Service

Virtual Chief Information Security Officer role. Fully functional per ISM, NIST and ISO27000 requirements.

This is an integrated service intended for organisations seeking to manage director risk related to information compromise and cyber incidents.
It is a tailorable service for organisations:
• with an immature cybersecurity program
• who are looking to build a new cybersecurity program
• who want/need to add resource and rigour to an already existing program

The service entails the appointment of a named executive leader and support team who will seek to bind with your other C-suite executives.
Our goals are trust and reliability. Reporting is to the board or management, and encompasses the roles of cyber-guardian, chief resilience officer and risk management evangelist, depending on your needs.

If your organisation is not the size nor has the budget to justify an in-house specialist CISO, this service can help ensure mandatory procedures and protections are in place and that cyber risk has been adequately considered in business planning and operations.

Signs your organisation might need a vCISO

• Previous security leader departed and nobody has taken on their tasks.
• Have already spent months searching for a CISO-level resource in vain.
• Can’t afford or don’t need a dedicated in-house CISO, but still need
visibility into cybersecurity risks and activities.
• Clients and customers ask your sales team about security requirements.

01.

chess

Advise, Manage, Comply and Manage Risk

The CISO advises the organisational leadership with expertise on cyber risk allowing them to make informed strategic decisions. This function includes ensuring compliance with all external and internal requirements and mitigating risk commensurate with the organisation’s risk tolerance.

02.

shield with swords

Protect, Shield, Defend, and Prevent

The CISO team develops and implements strategies to ensure that the organisation proactively defends the enterprise from cyber threats. This includes people (training), process and technology controls. The CISO seeks to prevent the occurrence and recurrence of cybersecurity incidents commensurate with the organisation’s risk tolerance.

03.

arrows in bullseye

Monitor, Detect, and Hunt

The CISO team ensures that the organisation monitors ongoing operations for cyber incidents. They gather intelligence and actively hunt adversaries.

04.

Caduceus

Respond, Recover, and Sustain

The CISO team leads the response and recovery when a cybersecurity incident occurs. They minimise its impact and ensure that the organisation is rapidly coordinated to return services to normal as soon as possible.

MSIG

Managed Secure Internet Gateway

Emantra remains a leader in providing ASD approved Secure Internet Gateway solutions since 2012.

Emantra’s latest iteration, mSIG 3.0, utilises “NextGen” components to provide cloud-ready connectivity and assurance for your organisation’s protected level network requirements. Emantra’s mSIG patterns comply with security controls required for deployment in Australian Federal Government environments:
• Australian Cyber Security Centre’s (ACSC)
Information Security Manual (ISM)
• Attorney General’s Department (AGD)
Protective Security Policy Framework (PSPF)
• ISO 27001
• NIST Cyber Security framework

Emantra’s design and implementation process ensures ISM security controls are met, with operational processes constantly re-evaluating new requirements, identifying, and managing risks. This approach allows Emantra to rapidly build and provide ongoing assessment of the deployment.

Providing 24x7x365 coverage and a standard uptime SLA of 99.5%, through Emantra’s Managed Security Operations Centre (mSOC), staff are cleared to various classifications up to NV2, ensuring coverage of all aspects of the system and ability to interact with customer executives at various data classifications, including escalation points at the executive level.

Emantra’s mSOC provide coverage of all mSIG operations, including monitoring, reporting, patching and backup, with dedicated phone support and remote administration capabilities. Vulnerability management is standard for all managed services. Emantra’s mSIG 3.0 patterns are Cloud-ready, with connectivity options to enable seamless network integration with Amazon/Azure cloud networks, MPLS and SD-WAN networks. Emantra’s offering is compatible with ICON.

Emantra’s mSIG allows for securely hosted application workloads at PROTECTED level including Microsoft Exchange, SQL Server and other business applications within a secure hosted cloud environment with Australian data sovereignty assurance and compliance within the relevant security domain classifications. Emantra’s offerings include Web Application Firewall (WAF) and load balancing, Cloud Access Security Brokering (CASB), email hygiene and enhanced DDoS protections as options.

light tower
Key Features:

• Data Sovereignty-focused solution hosted in selected
Australian owned Tier 3+ and Tier 4 datacentres
• 24x7x365 managed Network and Security
Operations Centre (mSOC)
• Upstream connectivity options exceeding 10gbps
with optional DDoS protections
• Standard uptime SLAs of 99.5%
• Optional peering with Amazon AWS and
Microsoft Azure
• NextGen firewall capabilities, traffic inspection
by default
• Ability to securely host PROTECTED applications
including Microsoft Exchange, SQL Server, and
business application

MSOC

Managed Security Operations Centre

Emantra’s mSOC Service can provide the engine room of your IT security operations as a self-managed outsourced service with strong ties to your board and management.

It is designed to fit in under the guidance of a CISO role, either in-house or outsourced. While the CISO sets the tone, drives the analysis and treatment of risk, the SOC is designed to do the work.

This is not a “one size fits all” service. It will be tailored to your risk environment, appetite and maturity.

Emantra’s mSOC Service can be integrated with its “CISO-as-a Service” model to provide a fully functional Cyber Risk Framework compatible with risk management standards, cybersecurity standards, Australian legislation and world’s best practice.

VCIRT

Virtual cyber incident response team

In the absence of, or to supplement, in-house resources, Emantra can provide a trained and ready team to contain and manage an often chaotic experience

If the worst happens and you suffer a serious cyber incident, say a privacy breach or ransomware attack, Emantra has a drilled and trained team of cyber experts which you can deploy quickly.

This team will be led by a CISSP-accredited expert and will immediately consult with your executive and IT management team. They will put in place a proven series of treatments starting with discovery, triage and containment, and stay with you as long as it takes to remediate. The service will include a conclusive report at executive level on root cause and a recommended action plan. It can also include communications management and ongoing preventative measures. It is coordinated using Emantra’s own SIEM and SOC.

Email hygiene refers to a series of controls which can strengthen the integrity and resilience of your email platform including Microsoft 365. We will analyse your current system for potential weakness and discuss which treatments can provide the most value.

The mSOC Service will typically entail functions such as:

• Ensure adherence to an approved Risk Management Plan and Enterprise
Cyber Risk Management Policy/s
• Ensure adherence to ASD Essential 8
• Application of continuous 24/7 automated tools such as IDS, authentication
(AAA) service, SIEM, EDR, vulnerability monitoring
• 24/7 escalation for “Severity 1” incidents (standard industry definition)
• Guaranteed response matrix (SLA)
• Continuous patching regime
• Continuous back up regime
• Provision of active threat intelligence
• Data encryption services
• Digital forensics enablement
• Quarterly inventory of digital assets and systems
• Annual cyber maturity assessments
• Annual review of cyber risk insurance portfolios
• Monthly reports (tailorable)

Together with an active CISO role, Emantra’s mSOC Service will ensure your board and management have the tools and information to discharge their legal and fiduciary responsibilities to your customers, employees, shareholders, partners and other stakeholders.