With all the requirements that make up a regulatory environment, quite often companies (regardless of size) simply can't keep up, or don't have the personnel, or don't have personnel with the experience, or have personnel that are overtasked....or any other number of reasons that don't help a company become compliant.
Arrakis has seen this exact scenario any number of times and the size of the client company really isn't an indicator of if a company can perform all required obligations or not.
As a result of this realization and direct observation with client companies, Arrakis has developed several managed service offerings that can help a company become more compliant yet not spend as much when compared to building that same service inhouse.
Generally, our managed services are based on a minimum device/user count of 25 with pricing, generally, getting more cost effective with the more devices/users you allow Arrakis to support. This allows you to scale upward but get better pricing with the more your company grows.
Patching as a Service (PATaaS) - Just one of the many required obligations for any regulatory environment, patching is the most basic and quite often the most important amongst all of them. While building out a patching program can seem trivial, it is far from it. A company will have experienced patching personnel that understands the ramifications of uncontrolled patching as well as the underlying technology that supports patching. Quite often, also of concern, is 3rd party patching as some patching solutions will only patch operating systems but not 3rd party applications that the user takes advantage of on a day to day basis. Additionally, there is the common misconception that some operating systems are immune to viruses or compromise yet fail to understand that, regardless of OS, a device can still be compromised via the 3rd party application. Arrakis can easily integrate your company into our patching solution and our patching team can help manage your environment. This takes a tremendous burden off the shoulders of your IT team and at a cost far less than what it would take to do it inhouse. Reporting is available as well the potential of integrating into your ticketing system in order to be able to prove that patching was done. PATaaS also includes dedicated hours from the patching team, that will be broken out on the invoices.
Security Operations Center as a Service (SOCaaS) - While not specifically called out in regulatory environments, a mature company will demonstrate aspects of a security operations center (SOC) to show increased visibility and reduced response time. Unfortunately, building out a 24x7x365 SOC can be well over a million dollars a year when considering all the personnel and technology needed. The Arrakis solution allows for a company of any size to legitimately indicate they have a fully staffed SOC. SOCaaS also includes a fixed number of hours per week for management and maintenance, that is broken out on the invoices.
Vulnerability Assessment as a Service (VULNaaS) - All companies should have a complete understanding of their vulnerabilities as well as the ability to track and show improvement. All frameworks require vulnerability assessments be performed by an internal group as well as have, at least annually, a 3rd party vulnerability assessment performed. The Arrakis solution allows for vulnerability scans to take place on the schedule you need and is extremely cost effective. Monthly reporting is routine as well as historical tracking of vulnerabilities to show improvement. Pricing is based on a variety of factors and does include a small number of professional service hours that is broken out on the invoices.
Penetration Testing as a Service (PENTESTaaS) - Taking our vulnerability assessment one step further, if you wish to have active attempts into penetrating your network then Arrakis can help by providing automated pentesting services into your environment or applications. This testing can occur as you need it or on a regular schedule. Read more about Penetration Testing, in general, here to see the additional penetration testing options that Arrakis can offer to you. Pricing is based on a variety of factors and does include a small number of professional service hours that is broken out on the invoices.
Data Loss Protection as a Service (DLPaaS) - Regardless of company or regulatory environment, all companies have secrets that they need to protect in some form or fashion. Unfortunately, with remote workers, there is a higher chance of data leakage regardless if the leakage is intentional or not. The Arrakis solution supports computers that can be in the companies environment or also support remote workers. Pricing is based on a variety of factors and does include a small number of professional service hours that is broken out on the invoices.
Enterprise Password Management - In almost all cases a company will need to have passwords to secure an environment or data. With regulatory requirements indicating longer and more complex passwords, the users can have some difficulty in keeping up with these passwords and can reduce security with the numerous ways of documenting a password (ie...stickie under the keyboard). The Arrakis solution allows for password management so the users only need to know a master password (coupled with multifactor) which opens the database of the other passwords. Additionally, our solution can also perform a variety of policy implementations such as requiring multifactor, country isolations, etc.... Pricing is based on user count.
Enterprise Anti-Virus - Much like patching, all regulatory environments require some form of anti-virus and quite often have wording that requires alerting, monitoring, constant updates, and some form of audit trail. Unfortunately, some companies leave the responsibility of an anti-virus solution up to the individual user and, while this may appear appropriate, it would not meet the needs of any regulation which only increases risk to the company as well as expose the company to possible sanctions. The Arrakis solution allows for sufficient anti-virus to meet any regulatory environment as well as increased risk analysis and reporting. Additionally, this can all be done via a single pane of glass to monitor all company devices as well as provide your inhouse IT personnel access to the system so they can see real-time for additional activities if needed. Pricing is based on device count. Based on the needs of the client, additional professional service hours may be requested.