Trimarc Service List:
Windows 10 Security Configuration Review & Recommendations
Event Monitoring Configuration Review & Recommendations
ACTIVE DIRECTORY SECURITY ASSESSMENT
Trimarc's most popular service is the Active Directory Security Assessment which is a review of the organization’s Active Directory security posture. Trimarc reviews Active Directory and identifies as many escalation pathways as possible that an attacker could leverage to take over AD. This Trimarc engagement scans the AD environment and identifies weaknesses that could be leveraged by an attacker to elevate privileges and/or persist in the environment, potentially without detection. We probe into the dark recesses of AD to root out potential issues to help our customers proactively resolve them. After scanning AD for security issues, we provide recommendations that improve the security posture.This engagement falls in between traditional compliance & audit reviews (paper audit) and pentesting and is a fairly comprehensive review of Active Directory security.
Penetration Test (“pentest”) and Red Team engagements identify a few exploit paths used to compromise the environment. Pentests and red teams are great to identify weaknesses in security controls and highlight visibility “blind spots”, but typically don’t provide a full picture of all the potential exploitation paths in an organization's Active Directory environment. This means weak spots in Active Directory security are likely to remain putting the enterprise at risk.
More information on this service can be found in the ADSA page.
MICROSOFT CLOUD SECURITY ASSESSMENT
The Trimarc Microsoft Cloud Security Assessment (MCSA) engagement involves the analysis of the current Microsoft Cloud (Office 365 & Azure AD) configuration with specific focus on Administration, Logging, and Security Controls.
The Trimarc MCSA reviews the Microsoft Cloud tenant and identifies potential issues attackers could exploit. We analyze the configuration of your Office 365, Exchange Online, & Azure Active Directory (Azure AD) environment and provide custom recommendations to better leverage features and controls available with existing Microsoft Cloud subscriptions as well as others that are available.
Trimarc helps organizations better understand their Microsoft Cloud security posture and identify the critical security controls and their configuration.
More information on this service can be found in the MCSA page.
VIRTUAL INFRASTRUCTURE SECURITY ASSESSMENT
The Trimarc Virtual Infrastructure Security Assessment (VISA) engagement involves the analysis of the current VMware vSphere Virtual Infrastructure (vCenter & ESXi) configuration with specific focus on Administration, Configuration, and Security Controls.
The Trimarc VISA reviews your Virtual Infrastructure environment and identifies potential issues attackers could exploit. We analyze the configuration of your vCenter server & ESXi hosts (vSphere) environment to provide standard and custom recommendations for the features and controls available to your existing vSphere license level.
The VISA specifically focuses on the security configuration of VCenter management components and ESXi hosts. Trimarc reviews the existing customer Virtual Infrastructure configuration using a proprietary Trimarc toolset and the Virtual Infrastructure web client.
More information on this service can be found in the VISA page.
Trimarc customers leverage several contract options to gain and retain access to our Subject Matter Experts.
All of our security assessment service engagements are firm-fixed price contracts, and we include all labor and travel expenses in our price quote. In order to receive a price quote, we do require scoping information in order to determine the engagement scope, scale, resources, etc.
Per Project (Fixed-Firm Price: set dollar amount for a service offering)
Retainer Agreement (leverage Trimarc as part of your team)