Regular software updates and rigorous patch management processes are essential to maintaining security and compliance. Even the most careful proprietary and open source software development introduces bugs. Some of those bugs create security vulnerabilities, and cybercriminals are always looking for opportunities to infiltrate business IT resources and steal sensitive data. 

A report from Arctic Wolf, a security operations vendor, shows the scale of the problem. Exposure of a known vulnerability to external networks caused 82% of the security incidents the company handled in the first quarter of 2022. Of those incidents, 57% could have been avoided by software patching. The remainder were caused by exposing vulnerable services to the public internet. 

A systematic, scheduled, and comprehensive patch management policy is the only way businesses can hope to manage the risk at scale. 

What is Patch Management?

Patch management encompasses a range of processes that ensure potentially vulnerable software is updated as soon as a fix is available. The term “patch” comes from the development world, where a patch is a file containing a set of changes to a piece of software. Patches add and remove features and refactor code. But, most importantly, they fix known vulnerabilities.

We all regularly patch (update) software on our devices with the click of a button. However, patching is much more challenging for complex business IT systems. Most of us don’t mind rebooting our smartphone when it updates, but a business can’t simply shut down its network. It can’t apply patches that haven’t been tested in case they break essential services. And, quite often, it doesn’t know which software needs patching in the first place. 

Software patch management is intended to overcome these problems. It typically involves a number of processes, including:

  • Software discovery: Businesses should develop an inventory of all operating systems and software on their network. They can’t update software if they don’t know about it.
  • Standardization: Patch management is less challenging if businesses standardize on particular operating systems and software products.
  • Vulnerability monitoring: IT and security professionals should track vulnerability reports for software the business uses.
  • Development tracking: They should also keep abreast of patch releases so they can quickly apply patches.
  • Risk assessment: Assessing vulnerability risk helps businesses to prioritize critical vulnerabilities and patches for core systems.
  • Testing: Modifying software has the potential to change its functionality and cause performance regressions. Testing allows businesses to identify issues before they impact production systems.
  • Patching: The patches are applied to production systems, often beginning with a subset to verify there are no unexpected results.
  • Monitoring: Ensure that all IT resources perform as expected after the update.

As you can see, patch management is not straightforward. However, many aspects can be automated by patch management software, as we’ll see later in this article.

Patch Management and Compliance

Compliance and audit failures may occur when businesses:

  1. Fail to patch vulnerabilities promptly.
  2. Implement inadequate patch management processes.

As we’ve seen, exposing software with known vulnerabilities to the public internet is a common cause of network infiltration and data theft. That reality is reflected in information security and privacy regulations and standards. 

  • PCI DSS: PCI Requirement 6.1 states that businesses should establish a process to identify security vulnerabilities. PCI Requirement 6.2 states that businesses should ensure all systems and software are protected from known vulnerabilities.
  • HIPAA: 45 CFR § 164.308(1)(i) states that businesses should implement policies and procedures to prevent, detect, contain, and correct security violations.
  • ISO 27001: Control A.12.6.1 focuses on technical vulnerability management and states that vulnerabilities should be quickly identified, subject to a risk assessment, and remediated through proper measures, which include asset patching.

Other information security frameworks and standards include similar requirements which assert or imply the necessity of a robust and effective patch management process. 

How to Monitor Critical Security Vulnerabilities

Businesses must be aware of software vulnerabilities before they can fix them. To do so, it is necessary to:

  1. Understand which software your business operates.
  2. Monitor sources of vulnerability information for relevant announcements.
  3. Assess the level of risk a vulnerability poses.

There is no canonical source for vulnerability data, and it is often best to monitor vulnerability and update information published by software vendors and open source projects. You should also monitor public vulnerability databases, which include:

These databases allow users to search for vulnerabilities in specific software and software created by specific vendors. 

Patch Management Software

Patch management software automates some of the processes outlined above, allowing businesses to reduce the cost and complexity of keeping their software safe and up-to-date. There are many competing patch management software solutions with varying features. Businesses should take the time to investigate the capabilities of each to find the best solution for their unique circumstances, but we’d like to highlight three prominent solutions. 

AWS Systems Patch Manager

AWS Systems Patch Manager is a capability of AWS Systems Manager, which integrates many system automation tools. It can automate patching on managed AWS nodes, including operating system and application patching. Usefully, Patch Manager integrates with System Manager’s maintenance window functionality, so patching can be scheduled to run at convenient times. 

Azure Automation Update Management

Azure Automation offers a range of automation tools for Microsoft’s Azure cloud platform. The Update Management tool can automatically perform updates for Windows and Linux operating systems on Azure or on-premises. 

Red Hat Satellite

Red Hat Satellite is a comprehensive infrastructure management tool with automatic patch management functionality. Satellite can report which servers need to be updated and automatically apply updates as required. 

Other patch management tools include Solarwinds Patch Manager, LANDesk Patch Manager, ManageEngine Patch Manager Plus, and Ivanti Patch Manager.

3 Critical Vulnerabilities You Should Patch Immediately

Failure to patch is the root cause of many of the most serious security incidents. A vulnerability in widely used software can have a catastrophic impact on thousands of businesses. To conclude this article, we will look at three critical and widespread vulnerabilities, all of which continue to be exploited by cybercriminals, despite the availability of patches that would protect businesses and their customers.

Log4J

Log4J is a logging library for the Java ecosystem. It is integrated into hundreds of thousands of servers and applications and is particularly popular in the enterprise space. In 2021, a critical remote code execution vulnerability was discovered. Log4Shell allows malicious third parties to execute arbitrary code and has been described as “the biggest, most critical vulnerability of the last decade.”

A patch was released to fix the vulnerability immediately after it was discovered, yet many servers and applications remain vulnerable. 

ProxyShell

ProxyShell is an attack that relies on a series of vulnerabilities affecting Microsoft Exchange. An attacker can string the vulnerabilities together to achieve remote code execution via a PowerShell instance available from the web. ProxyShell is relatively straightforward to exploit, requiring only a specially crafted email containing code that the attacker can trick the server into executing. 

Microsoft released patches that mitigate the risk in May and July 2021.

SpringShell

Spring is an enormously popular web framework for Java. Earlier this year, a remote code execution vulnerability was discovered. Although not considered as severe as the Log4J vulnerability because it is more challenging to implement, cybercriminals quickly began to exploit SpringShell to gain access to servers running the Spring framework. 

A patch to mitigate the vulnerability was released immediately, and businesses using the Spring Framework should update to a recent version as soon as possible.

Enterprise Security and Compliance with KirkpatrickPrice

KirkpatrickPrice provides services to help businesses secure their infrastructure and comply with regulatory frameworks and standards, including compliance audits, penetration testing, and remote access security testing.

A web application firewall (WAF) sits between web applications and the internet. It monitors inbound traffic and filters malicious requests before they reach the potentially vulnerable application. This article explores WAFs, how they work, the most popular and effective examples, and why you should consider using a WAF to protect your site or app from cybercriminals.

Does Your Web App Need a WAF?

Sooner or later, every website, app, and API is targeted by malicious bots or their cybercriminal operators. If it’s online, it’ll be attacked. Vulnerabilities will be exploited, data will be stolen, web pages will be defaced, and malware will be injected. A web application firewall (WAF) works alongside other security measures to defeat bad actors and keep sites and apps safe. 

If you don’t use a WAF, you rely on the web app to repel attacks. That may work in the short term, but a WAF provides an additional layer of defense that can be dynamically updated to protect against emerging threats. WAFs are an effective and valuable defense against the most common attacks against web apps and APIs.

How Does a Web Application Firewall Work?

A WAF is a reverse proxy. It intercepts inbound HTTP requests and inspects them for patterns that indicate an attack. If an attack is detected, the request is dropped before it reaches the web app. Legitimate requests are passed through the WAF to the app, which responds as usual. 

You can think of a WAF as a filter. It absorbs all incoming web traffic and removes any that could be harmful, providing the app with a stream of pre-vetted, legitimate requests. 

One of the main advantages of a WAF is that it can be updated quickly in response to new threats. Consider what happens when a challenging zero-day vulnerability is discovered in a web app. It might not be possible to release a patch immediately, and even if it were, there is a delay between patch release and updating, especially for apps with many instances. 

WAF users can, however, quickly add new rules to filter inbound requests that could exploit the unpatched vulnerability. This ability allows businesses to keep web app users and their data safe with greater efficiency and flexibility. 

Does a WAF Replace a Network Layer Firewall?

WAFs complement network firewalls and provide additional protection but do not replace traditional network layer firewalls. A web application firewall works at the application layer, Layer 7 in the OSI model. It intercepts HTTP data but cannot monitor and filter data protocols used at lower levels. 

In contrast, firewalls such as iptables typically operate at the network and session layers (Layers 3 and 4). They work with low-level protocols such as TCP and UDP, but not higher-level protocols such as HTTP. 

Some modern firewalls cover a broader range. For example, AWS Network Firewall can monitor and control Layer 3–7 network traffic, combining the functionality of a network layer firewall and a WAF. However, users should verify the specific capabilities of each firewall before relying on it to protect their web applications. 

Threats Web Application Firewalls Prevent

Web application firewalls protect against many different types of attacks commonly used against web apps. These include attacks that traditional network firewalls cannot intercept, including:

  • Cross-site scripting (XSS): malicious code injection into web pages.
  • Cross-site forgery: an attack that forces an authenticated user to carry out unwanted actions.
  • SQL injection: the injection of SQL code, which is then executed by the site’s database.
  • Cookie poisoning: session hijacking using forged or intercepted cookies.

Many WAFs also provide some protection against distributed denial of service (DDoS) attacks. Because all traffic goes through the WAF first, it can be rate-limited and malicious floods of traffic can be filtered. However, a WAF is unlikely to protect a web app against a large-scale volumetric attack as effectively as a dedicated DDoS mitigation service

Additionally, some WAFs can be used to implement protections usually carried out at the network layer. Many WAFs allow users to upload lists of IP addresses to block. They can also be used to block traffic sources that are considered likely to cause issues. For example, AWS WAF curates a managed set of rules for blocking traffic from TOR and VPNs, and other WAFs offer similar functionality. 

What Are the Types of Web Application Firewall?

All web application firewalls serve the same fundamental role, but there are alternative hosting and operational models. These can be divided into three broad categories:

  • Network-based WAFs are usually hosted on dedicated hardware in data centers close to the application they protect. Network-based WAFs are often used to protect large, high-traffic applications where low-latency connectivity is a priority. They are the most expensive WAF type and the most complex to manage and maintain.
  • Host-based WAFs are integrated into the software they protect and may be hosted on the same hardware. For example, many WordPress plugins integrate a host-based web application firewall with the CMS. This approach has the benefit of flexibility and ease of use, but it can result in reduced performance if the host lacks the resources to run the WAF and the app at peak load times.
  • Cloud WAFs are managed services hosted on cloud platforms. They are the easiest to use and manage. The cloud provider manages the software and underlying hardware. They are also responsible for deploying rules and policies for filtering threats, including updates for emerging threats. Cloud WAFs provide a reasonable level of customization, performance, and uptime, but they may not be the best option for businesses that need more control over their firewall.

WAFs may also be categorized by whether they operate on a blocklist or allowlist model. A blocklist selectively disallows connections that match an undesirable pattern, whereas an allowlist permits connections that conform to a desirable pattern. 

There are advantages to both approaches. Blocklists allow security professionals to target known malicious connections. In contrast, allowlists can block all connections that do not match a desirable profile. Allowlists are effective and require less maintenance, but they may not be suitable for applications intended to be accessible to as many users as possible.

Popular Web Application Firewalls

There are dozens of WAFs to choose from. Although they offer similar core functionality, they differ in focus and features. To conclude this article, we’ll look at four widely used WAFs.

ModSecurity

ModSecurity, or ModSec, is an open-source WAF initially developed as a module for the Apache web server. It subsequently evolved into a cross-platform WAF for Apache, Nginx, and Microsoft Internet Information Services (IIS). 

ModSecurity secures web apps using a set of rules to determine which connections to accept and which to block. These can be custom-made by the user, but there are many pre-made rule sets. One of the most widely used is the OWASP ModSecurity Core Rule Set, which detects the ten most widespread attacks, including SQL injection, cross-site scripting, and local file inclusion. 

AWS WAF

AWS WAF is a managed cloud WAF provided by Amazon Web Services. It is easy to configure and deploy, and users pay only for the cloud compute resources they consume. Users can create their own firewall rules, but AWS also provides Managed Rules, pre-configured rule sets that cover a specific range of threats. Basic managed rules sets are free, and more specialized sets are made available on the AWS Marketplace, including an OWASP Top Ten set. 

In addition to standard WAF features, AWS WAF also provides bot control functionality, which allows users to monitor bot traffic and block or rate limit traffic from bots that use excessive traffic. 

Watch Introduction to AWS WAF and Shield and Protecting API Gateways with WAF Rules to learn more about AWS WAF. 

Azure Web Application Firewall

Azure Web Application Firewall is a cloud WAF offered by Microsoft’s Azure cloud platform. It provides much the same functionality as AWS WAF, including managed rulesets that protect against the OWASP Top Ten and other common threats. 

Cloudflare WAF

Cloudflare WAF is part of Cloudflare’s range of CDN and security services. It is a cloud WAF integrated with Cloudflare’s global network, providing managed and custom rules, protections based on machine learning, and rapid deployment of rules to protect from emerging zero-day vulnerability threats. 

Web Application Security and Compliance with KirkpatrickPrice

A web application firewall is one component of an effective security and compliance program. KirkpatrickPrice provides a range of services to help businesses secure their infrastructure and comply with regulatory frameworks and standards, including compliance audits, penetration testing, and remote access security testing.

Information security regulations and standards often require businesses to perform regular maintenance tasks to ensure compliance. For example, PCI DSS Requirement 6 says merchants must deploy critical patches within a month of release. Failure to complete these tasks on time risks non-compliance. 

Unfortunately, many security-related tasks are disruptive—updating a server operating system can take the server offline. Therefore, businesses prefer to carry out patching and other potentially disruptive activities during scheduled maintenance windows. These typically occur during low traffic periods or when redundant infrastructure is available.

AWS System Manager Maintenance Windows is a cloud service that helps businesses manage and automate maintenance windows. In this article, we’ll explore what AWS Systems Manager Maintenance Windows is and how you can use it to automate compliance tasks. 

What is AWS Systems Manager Maintenance Windows?

AWS Systems Manager Maintenance Windows is a capability of AWS Systems Manager, a cloud service that allows IT administrators to automate repetitive operations and management tasks.  We discussed Systems Manager in-depth in How to Get Started Using AWS Systems Manager, so in this article, we’ll focus exclusively on its Maintenance Windows capability. 

The Maintenance Windows service can schedule actions to be carried out at a specified time on a subset of your AWS infrastructure. It can automate actions on AWS services that include S3, EC2 nodes, Amazon DynoDB, and other services that can be used with AWS Resource Groups and Tag Editor.

Each maintenance window consists of:

  • A schedule that determines when to carry out tasks.
  • A maximum duration to limit the length of each maintenance window. 
  • Registered targets:  the cloud resources that actions will impact. 
  • Registered tasks: the actions the system will take within the scheduled period.

What Actions Does Maintenance Windows Support?

Maintenance Windows supports various task types that are part of other Systems Manager capabilities. These include:

  • Run Command for executing configuration commands and tasks on managed instances, including EC2 nodes and on-premises servers and VMs.
  • Workflows from AWS Systems Manager’s Automation capability. 
  • Serverless AWS Lambda functions.
  • AWS Step Function tasks. 

Together, these task types can schedule and automate a wide range of compliance activities, including application updating, OS patching, executing shell scripts, launching serverless functions that carry out further compliance tasks, altering node configurations, and much more. 

Setting Up an AWS Maintenance Window

AWS Maintenance Windows is a powerful automation tool with many different options. We can’t cover all of its features here, but to give you an idea of what’s involved in creating a maintenance window, let’s walk through a simple maintenance window set up that updates the SSM Agent installed on an EC2 instance.  

Assuming We assume you have already configured Systems Manager to work with your EC2 instance, as described in the Systems Manager documentation, the set up process would be as follows:

  1. Navigate to AWS Systems Manager and select Maintenance Windows from the sidebar menu.
  2. Click “Create Maintenance Window.” Provide a name and set up a schedule.  Maintenance Window provides an intuitive graphical schedule builder, but you can also use rate expressions and the crontab format
  3. Once the maintenance window is scheduled, select it from the list. You’ll be presented with a tabbed interface where you can register tasks and designate targets. 
  4. On the Tasks tab, select Register tasks and choose Register Run Command task from the dropdown menu. 
  5. Select AWS-UpdateSSMAgent from the Command Document section and choose your instance in the Targets section. 
  6. Click Register Run Command at the bottom of the page.

As you can see, setting up scheduled automations to take care of repetitive compliance tasks is straightforward. We’ve only scratched the surface of what you can do with Maintenance Windows, so be sure to check out the Guidebook for more information

State Manager vs. Maintenance Windows

AWS Systems Manager also has a capability called State Manager. There is some cross-over in the functionality of State Manager and Maintenance Windows. Both can be used to automate some tasks. However, State Manager may be a better choice for compliance tasks where the goal is to maintain managed node configurations in a consistent state and for compliance reporting. Before choosing a compliance automation service, read Choosing between State Manager and Maintenance Windows

Learn About AWS Compliance with KirkpatrickPrice

To learn more about AWS compliance, visit our cloud security and compliance resources, which provide expert guidance for cloud audits, regulatory compliance, and information security, or connect with an expert today.. 

Everyday system management tasks can be time consuming and get in the way of the efficiency of your business operations.   These tasks include  OS and software patching, script execution, and service maintenance windows.  Failure to complete these tasks can lead to non-compliance with information security regulations and standards. 

AWS Systems Manager is a cloud service that allows businesses to automate many everyday system management tasks.  Automating these tasks is a great way to ensure your organization is remaining secure and compliant without sacrificing extra time.   

Using AWS Systems Manager, businesses can:

  • Automate time-consuming compliance activities.
  • Improve control over and visibility of IT assets.
  • Reduce the cost of compliance.
  • Ensure that compliance tasks are completed on schedule.
  • Run tasks automatically in response to CloudWatch events and other triggers.

AWS Systems Manager can automate tasks on EC2, AWS’s native cloud server hosting platform, and servers hosted on other cloud platforms and on-premises data centers to save your organization time and help you achieve your compliance goals.  Let’s discuss what the AWS System Manager is, how it can help your organization,  and how you can start using it today.  

What Is the AWS Systems Manager?

AWS Systems Manager provides capabilities that can be configured to carry out actions on remote servers. Capabilities are divided into several categories, including:

  • Application management
  • Change management
  • Node management
  • Operations management

Each of these categories contains several capabilities. To focus on just one category,  node management capabilities include compliance, which can scan nodes for inconsistent configuration; patch manager, which automates security patching and updating;  and the “run command” capability, which allows users to automate the execution of scripts on managed nodes. 

How Does AWS Systems Manager Work?

AWS Systems Manager is primarily an agent-based service. It depends on a software agent—the AWS Systems Manager Agent (AWS SSM)—which runs on managed nodes, including EC2 systems manager nodes, Internet of Things devices,  and on-premises physical servers and virtual machines. 

The user configures  AWS Systems Manager capabilities via the web interface or AWS CLI. The service then interacts with the AWS SSM Agent installed on each node, which carries out the intended action, whether that is applying OS patches, verifying configurations, or any other capability. 

Once an action has been performed, AWS Systems Manager can send operations data to other configured AWS services for logging, monitoring, and alerting, including CloudWatch, S3, EventBridge, and Cloud Trail. 

As you can see, AWS Systems Manager can be a valuable compliance tool, allowing AWS users to schedule, automate, and enforce essential compliance tasks that might otherwise be missed. It gives businesses confidence that compliance actions are carried out in line with security and compliance policies, as well as helping them to identify potential compliance gaps and challenges.

Setting Up AWS Systems Manager for Your Cloud Environment

The set-up process for AWS Systems Manager differs depending on the capabilities you would like to use and the resources you would like to manage.  However, let’s take a high-level look at setting up AWS Systems Manager for EC2 instances.

  1. Create IAM users and groups for use with Systems Manager. Users and groups with the AmazonSSMFullAccess policy have complete access to Systems Manager capabilities, but you should configure users, groups, and roles to meet the specific needs of your organization. We strongly advise against using the AWS root user or users in the administrator’s group. 
  2. Create an IAM instance profile to permit AWS Systems Manager to perform actions on your EC2 instances. 
  3. Attach the IAM instance profile to the EC2 instances you would like to manage.
  4. Verify that AWS SSM is installed on your EC2 instance. If you are using Amazon Machine Images (AMIs), SSM Agent is likely installed by default. You may have to manually install AWS SSM for other instances or servers. 
  5. Create a VPC endpoint for AWS Systems Manager to use. This is an essential security step, as we explain in Using VPC Endpoints to Access Systems Manager

Be Sure Your AWS Environment is Secure

Automation is a great tool for increasing efficiency in your organization, but it is also wise to check these automation configurations regularly to ensure they are working like you intended. Let KirkpatrickPrice run a free scan of your AWS environment today so you can be sure it is secure and effective. 

 You can learn more about configuring and using AWS Systems Manager and SSM Agent from Amazon’s AWS Systems Manager documentation. For more information about using Systems Manager and other AWS services to improve your company’s security and compliance, visit our comprehensive cloud security resources.

Last year, tens of billions of records were breached and tens of thousands of businesses suffered ransomware attacks. Every company operating in this dangerous environment should have a cybersecurity plan for keeping company and customer data safe—especially data within the scope of information security regulations and standards.  

A cybersecurity plan outlines the policies and procedures a business considers essential to maintaining security and regulatory compliance. It is a written document that results from a comprehensive survey of the company’s risks and the actions it intends to take to mitigate them. 

For example, a business that relies on third-party software tools and libraries may be at risk from code vulnerabilities if they allow software to become outdated. One component of a cybersecurity and security compliance plan would outline how the business intends to mitigate that risk with patch management or update procedures. 

 In this article, we’ll detail the 5 most important questions you should ask when developing a cybersecurity and compliance plan so you can make sure your business is prepared to face today’s threats confidently.  

1. Which Data and Infrastructure Assets Does the Plan Cover?

A cybersecurity plan can only be effective if it accounts for all the business’s security risks. But a business can’t understand those risks unless it knows which data it stores, how sensitive it is, how it is stored and processed, and potential breach scenarios. 

Information gathering is often one of the most challenging steps of preparing for a cybersecurity plan. Many businesses do not have complete insight into data storage and processing, especially if it has previously been managed on an unplanned ad-hoc basis. IT professionals often find it helpful to follow a templated discovery procedure like the Data Protection Impact Assessment created by GDPR.

2. Do We Need a Professional Security Risk Assessment?

One of the first questions you should ask before creating a cybersecurity plan is: Do we have adequate internal security and compliance expertise? If the answer is no, you may want to consider hiring an expert third party to carry out a comprehensive information security  risk assessment

A professional risk assessor examines your IT environment and practices to identify potential risks. A risk assessment is typically conducted under the guidance of a recognized framework like the NIST Special Publication 800-30. It results in a report with the information you need to create an effective cybersecurity plan.  To receive guidance on the effectiveness of your business’ risk assessment, upload your risk assessment here  to receive a free analysis of your risk assessment by a KirkpatrickPrice risk expert. 

3. What Are the Relevant Information Security Laws, Regulations, and Standards?

Many businesses that handle sensitive data are required to comply with regulatory frameworks and may choose to comply with information security standards. These regulations and standards should shape their cybersecurity plans. 

Regulatory frameworks may include:

  • PCI DSS for businesses handling credit card data
  • HIPAA for businesses handling sensitive healthcare data
  • GDPR for businesses that operate in the EU
  • FERPA for educational information and records
  • FISMA for businesses interacting with government information and assets

Information security  standards may include:

  • SOC 1 and SOC 2
  • ISO 27001
  • Cloud security standards

Businesses should also consider a compliance audit to ensure they comply with relevant frameworks and standards. 

4. Who Is Responsible for Implementation, Monitoring and Incident Response?

Assigning security responsibilities is a crucial aspect of developing a cybersecurity plan. Security policies must be implemented as procedures and processes that are the responsibility of managers and employees. If no one is responsible, then a cybersecurity plan is a worthless piece of paper. 

For a plan to be implemented, it must have executive support from the company’s leadership. In larger companies, that often takes the form of a Chief Security Officer (CSO) or Chief Information Security Officer (CISO). They ensure that plans and policies are turned into procedures and controls overseen by competent managers and employees throughout the business. 

5. Do Employees Have the Knowledge They Need to Comply?

A cybersecurity plan is a great starting point, but information security is more than policies and procedures. People play a critical role—over 85% of security incidents involve a human element. To successfully implement a security plan, you must ensure employees have the information and the security awareness training they need to do the right thing. 

Check out our recent article on building a positive security culture for your business to learn more about how you can set your employees up for cybersecurity success. 

KirkpatrickPrice Helps Businesses to Create and Audit Their Cybersecurity Plan

KirkpatrickPrice’s team of cybersecurity and risk experts can help your business to achieve its security and compliance goals. We offer a comprehensive range of security services that include:

Contact an information security specialist today to learn more about how we can help you.