About Information Technology
Although cloud storage often simplifies data backups, management of those systems can pose their own sets of challenges, including configuring user accounts, managing security settings, establishing litigation holds, exporting and migrating data, and a wide variety of other challenges. Whether in Office 365, G-Suite, or the wide variety of other cloud-based platforms, a skilled outside information technology provider can manage these services or augment your personnel, helping ensure that your systems run smoothly and securely.
Information technology managed services involve retaining an outside vendor as a single point of contact to meet routine information technology needs of an organization. Information technology managed services agreements often provide response time guarantees, and include specified services within predictable flat rates. Partnering with a skilled information technology managed services provider can increase organizational efficiency and profitability, while minimizing security risks.
Cybersecurity managed services are a subset of information technology managed services, in which an outside vendor is retained to develop and manage efforts to improve an organization’s data security posture. This can include reviewing cybersecurity policies and procedures, performing regular vulnerability assessments and penetration testing, conducting cybersecurity training, and overseeing other cybersecurity efforts.
Any organization needs to ensure that critical data can be recovered in the event of a disaster. Disaster recovery and backup services can include reviewing disaster recovery policies and procedures, implementing systems that ensure various company systems regularly are backed up, and consulting regarding disaster recovery best practices.
When flood, fire, theft, or other unforeseen events disrupt an organization, getting information technology systems back online quickly can be the difference between a minor inconvenience and a major business disruption. A skilled IT insurance repair service provider works side-by-side with the insurer and insured to quickly get an organization up and running again, restoring information systems and data back to an operational status.
Help desk support provides employees of an organization with a highly available resource to troubleshoot day-to-day computer and mobile device issues. Contracting with an outside vendor to provide help desk support services allows an organization to focus on its core business, while the outside vendor addresses routine challenges associated with computer glitches, software updates, and other daily needs.
Sometimes an organization does not require managed information technology services, but rather simply needs an outside vendor to fix things that go wrong on an as-needed basis. Break-fix is simply industry jargon for being available to assist Although cloud storage often simplifies data backups, management of those systems can pose their own sets of challenges, including configuring user accounts, managing security settings, establishing litigation holds, exporting and migrating data, and a wide variety of other challenges. An outside information technology provider can manage these services or augment your personnel, helping ensure that your systems run smoothly and securely.
Choosing among the many available software options to meet an organization’s needs can be overwhelming, and an outside software evaluation service provider can help an organization make the right decisions.
Virus and malware detection typically consists of software that routinely scans computers to detect known viruses, spyware, and malware, and that quarantines same. Notwithstanding the use of such software, computers can become infected in zero-day attacks (which take place before software is designed to detect the attacks), due to user error, or otherwise. A skilled outside vendor can ensure that viruses, spyware, and malware are removed from a system, and can work with an incident response team if the issue appears to have compromised company data or systems.
About Data Security
Cybersecurity M&A Due Diligence is the process of reviewing cybersecurity risks within an organization that is the subject of a potential merger or acquisition, for purposes of planning and assessing whether such risks necessitate deal term changes. Cybersecurity M&A due diligence is an often overlooked component of information technology due diligence, and can include interviewing personnel, reviewing policies and procedures, evaluating previous security testing, and performing updated vulnerability and penetration tests. When performed properly, cybersecurity M&A due diligence can minimize risk, reduce costs, and identify potential deal-breakers.
An external vulnerability assessment is an evaluation of Internet-facing systems to evaluate potential vulnerability to outside hackers and prioritize associated remediation. Unlike penetration testing, external vulnerability assessments do not involve attempting to exploit identified vulnerabilities and penetrate into company systems.
An internal vulnerability assessment is an evaluation of systems behind an entity’s firewall, such as networked PCs and laptops, to evaluate potential security vulnerabilities and prioritize associated remediation. Unlike penetration testing, internal vulnerability assessments do not involve attempting to exploit identified vulnerabilities and penetrate into company systems.
A web application vulnerability assessment is an evaluation of websites and web applications for potential vulnerabilities that could expose private data or otherwise increase the likelihood of a successful hacking incident. Unlike penetration testing, web application vulnerability assessments do not involve attempting to exploit identified vulnerabilities and demonstrate the ability to access private data.
The information security landscape and associated threats constantly are evolving, and outside vulnerability assessments are performed by information security experts who are focused on keeping pace with such changes. In-house information technology personnel often have a wide variety of duties, including supporting the core business of an organization, and often other organizational priorities interfere with keeping up to date with the latest security vulnerabilities. Even highly talented information technology personnel can use a second set of eyes to reduce the risk of inadvertent mistakes, and to provide feedback regarding recent security patches. From a marketing standpoint, being able to demonstrate to an organization’s clients that active steps have been taken to ensure that best practices for information security are being followed can provide comfort to those clients and serve as a differentiator for an organization. Finally, and most basically, your information often is the most valuable asset your organization possesses, and the relatively low costs of performing an information security assessment relative to the cost of your information being exposed to third parties represents significant value to an organization in the form of risk reduction.
Vulnerability assessments are an affordable means to identify potential security risks in order to prioritize their remediation. The security landscape is constantly evolving, and regular vulnerability assessments allow organizations to identify potential security weaknesses in systems once thought to be reasonably secure.
Penetration testing is the act of assessing the security of your network, websites, or other computer systems by simulating the actions of a potential attacker. Penetration testing is authorized activity that typically is planned and scheduled in order to minimize the risks of adversely affecting organizational systems. Penetration testing can be performed with a combination of automated and manual tools.
Penetration testing is the next step in proactive network security. It can help overcome the challenges mentioned above by assessing the real impact of vulnerabilities on a network and by prioritizing remediation. Vulnerability assessment and penetration testing go hand-in-hand. Vulnerability assessment results can be used as a starting point for a penetration test.
Black box testing assumes no prior knowledge of the infrastructure to be tested. The testers must first determine the location and extent of the systems before commencing their analysis. Black box testing simulates an attack from someone who is unfamiliar with the system.
A successful penetration test provides indisputable evidence of the problem as well as a starting point for prioritising remediation. Penetration testing focuses on high-severity vulnerabilities and there are no false positives.
White box testing provides the testers with complete knowledge of the infrastructure to be tested, often including network diagrams, source code, and IP addressing information. White box testing simulates what might happen during an “inside job” or after a “leak” of sensitive information, where the attacker has access to source code, network layouts, and possibly even some passwords.
A vulnerability assessment simply identifies and reports noted vulnerabilities, prioritizing areas for remediation, whereas a penetration test attempts to exploit the vulnerabilities to determine whether unauthorized access or other malicious activity is possible and what data potentially can be accessed.
Any computer activity has certain risks. Penetration testing focuses on vulnerabilities that allow command execution. Many command-execution vulnerabilities are buffer overflows, which inherently run the risk of crashing computers or services. Proper planning and scheduling can minimize these risks.
An exploit is a program designed to demonstrate the presence of a specific vulnerability usually by executing commands on the target. Penetration testing works by running a series of exploits that are chosen based on the target’s operating system and running services. There are three basic types of exploits: (1) Remote – an initial break-in; exploitable by a remote user through a network service; (2) Local – privilege elevation; exploitable by an attacker who is already on the system; and (3) Client – exploitable when a user is tricked into loading an attacker-supplied file.
An exploit can be prevented or counter-measured through host-based intrusion prevention systems, properly maintaining firewalls, and a variety of other preventative methods. How to best resolve an exploit depends on the nature of the exploit and your computer systems.
ELIJAH prides itself on providing high quality, insightful reports with each of its assessments in order for you to be able to best prioritize your resources for the remedy of any identified vulnerabilities. We are here to answer any questions you may have with regards your project. Our security consultants love to offer advice on how to prioritize vulnerabilities and even provide consultancy and training on how to implement fixes.
Network Layer testing includes firewall configuration testing, including statefull analysis tests and common firewall bypass testing, IPS evasion, DNS attacks including zone transfer testing, switching and routing issues and other network related testing.
The cost penetration testing varies depending on the nature and size of your IT infrastructure. Retaining ELIJAH to perform penetration testing is more affordable than you might have thought if you received quotes from the wrong vendors. Please contact ELIJAH for a free consultation to obtain more information on pricing and approaches tailored to your needs.
Absolutely, just let a member of our team know and we’ll factor that in when estimating the time needed to complete your project.
Host Configuration testing includes a full port scan and subsequent testing of all discovered services on a host EXCEPT custom applications and services. Services like ssh, SQL Server, MySQL and other database services, SMTP, FTP etc. are all included. Standard, well known web applications like Microsoft Outlook logon pages, standard administrative interfaces for firewalls, printers and other standard administrative web pages are included and will receive black box testing if discovered. Any applications or services that you have written or customized are not included. Custom web applications require the purchase of a web application test.
Social engineering penetration testing consists of testing whether employees adhere to an organization’s security policies and procedures, typically through the use of subterfuge or other scams, in order to determine the organization’s level of vulnerability to the exploit used. Testing provides an organization with information regarding how easily intruders could convince employees to break security rules or provide access to sensitive data. Physical testing could involve a tester trying to enter a secured building, for example, during a busy time and seeing if someone holds the door open rather than adhering to required access procedures. Phishing testing, another common social engineering method, can be used to test whether employees open email attachments from unknown sources, which could leave the organization vulnerable to various attacks. Telephonic testing could include a tester calling employees pretending to be a member of the organization’s IT team, providing them with new passwords and telling them they need to change their passwords to the new ones.
Incident Response is an organized approach to addressing and managing the aftermath of a security breach or cyberattack (also known as an incident). Incident Response involves people, process, and technology, to detect and respond to the attack. The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.
Some common categories of incidents: are unauthorized access to critical resources, denial of service of a web application, endpoint compromised by malware (via phishing attack), suspected breach (exposure) of sensitive information (medical records, customer contacts), and loss of personal identifiable information (email addresses, usernames/passwords).
An Incident Response plan includes a policy that specifically defines what constitutes an incident, who is responsible for responding to the incident within the company, and what step-by-step process should be followed when an incident occurs.
Ultimately senior executives are responsible for ensuring that a robust Incident Response plan is in place. The Incident Response plan should identify the chain of command for an incident. Many organizations will pre-select an outside incident response expert and include their contact information within the incident response plan in order to eliminate the step of vetting vendors while attempting to respond to an incident.
The most effective Incident Response teams are cross-functional and include representatives from senior-level executives to HR, finance, PR, IT and security teams, as well as outside cyber security experts and law firms, so every chain of command understands how to identify and react to an incident that may affect them. For example, depending on the magnitude of an incident, forensics will be conducted by the security team and corrective actions will be taken by network/system administrators. Business functions such as finance or human resources could have protocols to follow, as confidential financial or employee information is often at risk when there is a cyberattack.
Incident response planning, testing, and execution needs to be championed from the executive level to maintain the focus and resources required for developing and sustaining an effective Incident Response plan. Once a plan is in place, regular readiness drills (like fire drills) should also be conducted on a monthly or quarterly basis so all team members have a chance to practice their response before an incident happens. Outside cybersecurity experts can assist in this process.
About Digital Forensics
Digital forensics is a branch of forensic science that involves the collection, recovery, and investigation of data found on devices and accounts that store electronic data. Common devices that are the subject of digital forensic analysis include personal computers, laptops, tablets, smart phones, servers, email accounts, social media accounts, web-based storage accounts, wearable technology, and Internet connected devices (Internet of Things), among others.
The terms “computer forensics” and “digital forensics” often are used interchangeably. Because experts in our industry routinely work with many device types other than computers, as well as electronic storage accounts, digital forensics more accurately captures the modern scope of expertise.
Forensic imaging is the process of creating exact, verifiable copies of data stored on hard drives and other electronic storage devices. In the case of computer hard drives, forensic images are bit-for-bit copies of all data stored on such drives. For targeted collections, forensic images are verifiable exact copies of the selected files. For smart phones, forensic images are verifiable copies of the maximal amount of data supported for copying by the associated phone models and operating systems, and as such work performed on phones often is more accurately referred to as forensic collections.
There are too many to list, but here are a few examples:
- Employees with access to sensitive data resigned, and you want to figure out if they took data with them to use at a new company.
- You are considering filing a lawsuit, and want help quickly gathering data to analyze your claims.
- You are a party to a lawsuit (or are an attorney representing a party), and need to collect evidence to comply with discovery obligations and help evaluate your case.
- Issues have arisen in litigation regarding the authenticity of electronically stored information, when files were created or accessed, whether evidence was deleted, or the operation of electronic storage devices/accounts.
- You need to take large volumes of data and figure out a way efficiently to identify key evidence.
Here are a few reasons clients hire outside computer forensic experts instead of using internal personnel:
- Digital forensics requires specialized expertise and software that often are unavailable in-house.
- Performing data collections without appropriate forensic software can alter or omit key data, exposing you to legal risk.
- Internal IT resources have vital roles in maintaining core institutional operations, and diverting such resources risks business disruption.
- The best computer forensics experts are able to communicate highly technical concepts in a manner easily understandable to finders of fact, which is not a core function for IT personnel.
- If something goes wrong, you have much stronger argument that you acted reasonably if you retained a reputable expert, and it will be much harder for the other side to argue the mistake in fact was deliberate.
- Your case is important, and you want the best people working on it.
There is no single certifying body in the computer forensics industry. There are, however, many digital forensic software providers who offer certification programs, as well as vendor-neutral certifications. One of the most prestigious vendor certifications is the EnCase Certified Examiner (EnCE), which requires rigorous training, passing a multiple choice exam, passing a practical exam requiring examination of digital evidence and creation of an associated report, and continuing education requirements to maintain active EnCE certification.
The motto of ELIJAH Data Security LLC is “Open the Door for ELIJAH, Close the Door to Hackers”. To us that means that you can welcome ELIJAH into your organization and we seamlessly integrate with your security environment, joining your team to reduce the risk of outside data breaches and insider data theft.
Anyone can say that, but we back it up:
- Our cybersecurity M&A due diligence and law firm practice groups are run by former litigation partners who understand your needs. In addition to being data security experts, they have been buyers and sellers responsible for evaluating data security in business acquisitions and divestitures, and advised clients regarding cybersecurity best practices in law firm environments.
- ELIJAH has over a decade of experience providing cybersecurity solutions, including incident response and data security consulting. We are cyber experts.
- We have earned numerous industry recognitions, including “Leading Data Security Adviser of the Year” in both Florida and Illinois (2018 AI Leading Advisor Awards).
ELIJAH emphasizes a personal touch in IT consulting, guaranteeing a rapid response and bringing our local experts on site to address critical needs. Additionally, we can provide managed solutions that reduce risks associated with outside hacking and insider data theft, delivering a wholistic approach to information technology that enhances your efficiency, security, and profitability.
Anyone can say that, but we back it up:
- We guarantee all clients a maximum response time of four hours, and can provide even shorter response time guarantees for mission critical systems.
- We have earned numerous industry recognitions, including “Technology Solutions Provider of the Year (Legal) – USA” (2018 M&A Today Global Awards) and “US – Technology Solutions Provider of the Year (Legal)” (2018 ACQ5 Law Awards).
- Our personnel have been trusted to provide educational services focusing on information technology, helping serve our local communities by promoting technology education.
ELIJAH typically performs digital forensic services through ELIJAH LTD, an Illinois corporation; cybersecurity services through ELIJAH Data Security LLC, a Florida limited liability company; and information technology services through ELIJAH Information Technology LLC, a Florida limited liability company. ELIJAH also has formed corporations to support private investigator licensing in certain states, such as ELIJAH Technologies Ltd. in Michigan, which is a licensed professional investigator agency, License No. 3701-205600.
Better Evidence, Clearly. That means ELIJAH is second-to-none at collecting and investigating digital evidence, and devoted to presenting it in the clearest possible manner.
Anyone can say that, but we back it up:
- LIJAH is run by former litigation partners who understand your needs. Each digital forensic expert on our team receives training in the legal process, written communication, oral communication, and responsiveness.
- ELIJAH has an over 15 year track record of successfully providing digital forensic solutions to clients. Our personnel have testified as experts in digital forensics in federal and state courts, and our focus on digital forensics helps us stay ahead of constant technological evolution.
- We have earned numerous industry recognitions, including: “Best For Computer Forensics & Expert Testimony Services – USA” (2018 Corporate USA Today Annual Awards); “Digital Forensics Provider of the Year” (2018 Finance Monthly Law Awards), “US – Computer Forensics Investigations Provider of the Year” (2018 ACQ5 Law Awards); and “Computer Forensics Investigations Provider of the Year – USA” (2018 M&A Today Global Awards).
Yes! ELIJAH routinely supports clients throughout the United States and even internationally. Often we can perform this work remotely, eliminating the need to travel in performing our services. Currently, ELIJAH has staffed physical offices in Florida, Illinois, and Michigan. Our Florida office is based in Weston, in close proximity to Miami, Fort Lauderdale, West Palm Beach, and Naples, with limited travel required to serve other areas such as Jacksonville, Orlando, Tampa, and Tallahassee. Our Illinois offices are in Chicago, Champaign, and Naperville, with almost every major city in the United States no more than a four hour flight away. Our Michigan offices are in Grand Rapids and the Detroit suburb Southfield, and we also routinely serve Ann Arbor, Lansing, Kalamazoo, and Traverse City.
ELIJAH has been in business since 2003. We have built a loyal following of law firm, corporate, government, and other valued clients by providing highly responsive service and understanding our clients’ needs.
ELIJAH formerly provided electronic discovery hosting services, including as a kCura Relativity best in service provider and an iConect XERA Silver level service provider, but in January 2017 ELIJAH spun off our eDiscovery hosting division to Acorn Legal Solutions LLC. ELIJAH can assist our clients in evaluating appropriate hosting platforms and providers if they do not already have internal solutions or preferred vendors, but we no longer perform eDiscovery hosting services in-house.
ELIJAH works with plaintiffs and defendants with approximately the same level of frequency. We also often act as a third-party neutral expert or a jointly-retained expert, helping to facilitate data collection and investigation in contentious matters involving highly sensitive information. ELIJAH also routinely performs internal investigations and provides expert digital forensic services in other matters in which no litigation is pending.
ELIJAH’s CEO is Andrew Reisman. Andrew has over 20,000 hours of digital forensics experience, and has testified throughout the country as a digital forensics expert. He maintains numerous certifications in computer forensics, electronic discovery, and data security, and routinely is invited to speak at industry events and in CLE presentations. Andrew was recognized as 2016’s Legal Technology Gamechanger of the Year by the ACQ Global Awards. Prior to founding ELIJAH in 2003, Andrew was a partner at one of the country’s largest law firms, practicing in litigation and technology law.
ELIJAH’s President is Rick Weber. Rick has nearly two decades of experience in the legal technology space, in particular developing software designed to extract and present data in a forensically sound manner. Rick is a frequent speaker issues involving insider data theft and data security. Before joining ELIJAH, Rick was an attorney with one of the world’s largest law firms and served as a prosecutor at the United States Securities and Exchange Commission.