
Security Services
Our Team is At Your Service
Our comprehensive offering of information security services helps meet all your security needs.

Comprehensive Risk Assessment
Want Visibility into Your Cyber Risks?
- What We Do
- What You Get
- Risk Removal Portal
- Additional Information
Comprehensive Risk Assessment
Want Visibility into Your Cyber Risks?
We provide a full risk assessment that identifies your cyber security vulnerabilities as well as recommendations to remove these risks along with a Comprehensive Security Roadmap.
What We Assess:
Policies and Procedures
We review and identify gaps in your current policies and procedures.
IT Asset Inventory
We review all tools and systems currently in use within your organization.
Network Vulnerability Assessment
We perform extensive testing on your network to look for any weaknesses.
Framework Recommendation
We align your security program to a global framework.

Comprehensive Risk Assessment
Want Visibility into Your Cyber Risks?
All results are available via our Risk Removal Portal
Comprehensive Report Includes:
Network Vulnerability Assessment Results
Recommendations & Security Roadmap
Detailed Policy Recommendations

Comprehensive Risk Assessment
Want Visibility into Your Cyber Risks?
Your Risk Removal Portal provides:
Remediation Recommendations
Remediation Management Functionality
Overall Security Trends And Improvements
Access To Our Risk Management Platform

Comprehensive Risk Assessment
Want Visibility into Your Cyber Risks?

Penetration Testing
Test your security before the bad guys do!
- What We Do
- What You Get
- Risk Removal Portal
- Additional Information
Penetration Testing
Test your security before the bad guys do!
See our Security Testing Video
Tests We Provide:
Network Penetration Testing (White Box)
We simulate a cyber-attack on your network to prove whether critical systems can be exploited and if sensitive data was accessed.
Attack Simulation Testing (Black Box)
We simulate a stealthier version of cyber-attack on your network to no t only prove what damage could be done, but if your security defenses will detect and alert as expected.

Network Penetration Testing
Test your security before the bad guys do!
Comprehensive Report includes:
Details on how each finding was identified and confirmed
Effective remediation recommendations
A full narrative of the engagement
Severity Rankings
Detailed recommendations of additional detection strategies
Identification of effective controls that prevent attacks

Network Penetration Testing
Test your security before the bad guys do!
Your Risk Removal Portal provides:
All security findings
Remediation recommendations
Remediation management functionality
Overall security trends and improvements

Network Penetration Testing
Test your security before the bad guys do!
Ransomware Readiness Assessment
Don’t Get Locked Out. It Will Cost You.
- What We Do
- What You Get
- Risk Removal Portal
- Additional Information
Ransomware Readiness Assessment
Don’t Get Locked Out. It Will Cost You.
In today’s world, you must assume a ransomware attack is inevitable. What you do today can help secure your organization’s future – and we are here to help.
What We Do:
Ransomware Risk Review
We identify risks that will allow these attacks to infect your company and lock you out of business.
Ransomware Attack Simulation
We test your employees to show if they will fall victim and what data would be encrypted.
Ransomware Responsive Evaluation
We verify that your company can respond and recover from a successful attack so you can maintain business continuity.
Learn More

Ransomware Readiness Assessment
Don’t Get Locked Out. It Will Cost You.
Our Comprehensive Report Includes:
Ransomware Simulation Results
Network Vulnerability Assessment Results
Security Controls & Incident Response Risks
Recommendations & Ransomeware Ready Roadmap

Ransomware Readiness Assessment
Don’t Get Locked Out. It Will Cost You.
Your Risk Removal Portal provides:
Remediation Recommendations
Remediation Management Functionality
Overall Security Trends And Improvements

Ransomware Readiness Assessment
Don’t Get Locked Out. It Will Cost You.
Cloud Security Service
Prove Your Cloud Environment is Secure.
- What We Do
- What You Get
- Risk Removal Portal
- Additional Information
Cloud Security Service
Prove Your Cloud Environment is Secure
We provide the security cloud services your organization needs to know that your environment, systems, and data are secure.
Our Cloud Services Include:
Cloud Security Assessment
We identify threats caused by misconfigurations, unwarranted access, non-standard deployments and other vulnerabilities.
Cloud Control Assessment
We use the latest in tactics, techniques, and procedures (TTPs) to perform both unauthenticated and authenticated security testing of your cloud environment.
Cloud Migration Consulting
We advice your organization on security best practices for your cloud environment.

Cloud Security Service
Prove Your Cloud Environment is Secure
Comprehensive Report includes:
Details On How Each Finding Was Identified And Confirmed
Effective Remediation Recommendations
A Full Narrative Of The Engagement
Severity Rankings
Detailed Recommendations Of Additional Detection Strategies
Identification Of Effective Controls That Prevent Attacks

Cloud Security Service
Prove Your Cloud Environment is Secure
Your Risk Removal Portal provides:
Remediation Recommendations
Remediation Management Functionality
Overall Security Trends And Improvements

Cloud Security Service
Prove Your Cloud Environment is Secure!
Vulnerability Management
Remove Your Network’s Exposed Risks.
- What We Do
- What You Get
- Risk Removal Portal
- Additional Information
Vulnerability Management
Remove Your Network’s Exposed Risks
We identify exploitable vulnerabilities on your network every month, providing real-time results, risk scores and removal recommendations.
Our vulnerability management is as easy as 1-2-3:
We Deploy A Scanning Appliance
You Connect Our Appliance To Your Network
Vulnerabilities Are Scanned And Results Are Uploaded To Customer Portal

Vulnerability Management
Remove Your Network’s Exposed Risks
All results are available via our Risk Removal Portal
Comprehensive Report Includes:
Vulnerability Findings
Remediation Recommendations
Remediation Prioritization

Vulnerability Management
Remove Your Network’s Exposed Risks
Your Risk Removal Portal provides:
All Security Findings
Remediation Recommendations
Remediation Management Functionality
Overall Security Trends And Improvements

Vulnerability Management
Remove Your Network’s Exposed Risks
Application Security Testing
Verify Your Applications are Ready for an Attack!
- What We Do
- What You Get
- Risk Removal Portal
- Additional Information
Application Security Testing
Verify Your Applications are Ready for an Attack!
See our Security Testing Video
Tests We Provide:
Dynamic Security Test
We identify security vulnerabilities that can be exploited to obtain unauthorized access, access to sensitive data or deny the service of the application.
Static (Code Based) Security Test
We pinpoint root causes of security vulnerabilities in source code, receive prioritized results sorted by severity of risk, and provide guidance on how to fix vulnerabilities in line-of-code detail.

Application Security Testing
Verify Your Applications are Ready for an Attack!
Comprehensive Report includes:
Detail of how each finding was identified and confirmed
Effective remediation recommendations
A full narrative of the engagement
Severity Rankings
Detailed recommendations of additional detection strategies
Identification of effective controls that prevent attacks

Application Security Testing
Verify Your Applications are Ready for an Attack!
Your Risk Removal Portal provides:
All security findings
Remediation recommendations
Remediation management functionality
Overall security trends and improvements

Application Security Testing
Verify Your Applications are Ready for an Attack!
Advanced Email Phishing
Prepare Your Human Firewall for Phishing Attacks.
- What We Do
- What You Get
- Risk Removal Portal
- Additional Information
Advanced Email Phishing
Prepare your human firewall for phishing attacks
Your employees are your “human firewall” and are targeted first in cyber-attacks. We will test to see how your employees perform against real business email compromise tactics.
We Test To See If Your Employees Will:
Download dangerous files that execute malware and ransomware.
Link to dangerous sites with malicious executables.
Provide login credentials to systems that house your systems and data.

Advanced Email Phishing
Prepare your human firewall for phishing attacks
You Will Get:
Monthly Testing & Training
Trends
Access to our proprietary Attack Identification solutions

Advanced Email Phishing
Prepare your human firewall for phishing attacks
Your Risk Removal Portal provides:
All security findings
Remediation recommendations
Remediation management functionality
Overall security trends and improvements

Advanced Email Phishing
Prepare your human firewall for phishing attacks
Compliance Consulting
Do You Have an Industry Compliance Requirement to Meet?
- What We Do
- What You Get
- Risk Removal Portal
- Additional Information
Compliance Consulting
Do You Have an Industry Compliance Requirement to Meet?
We will help you meet your industry compliance standards on your timeline and within your budget.
We Have Experience With:
NIST CSF • NIST 800-53 • NIST 800-171 • FedRAMP • FISMA • SOX HIPAA/HITECH • GDPR • SOC1 • ISO27001 • NYDFS • SOC3 • GLBA • PCS/DSS • HITRUST • CCPA • SOC2 • And more…

Compliance Consulting
Do You Have an Industry Compliance Requirement to Meet?
Compliance requirements met on your timeline
Budgetary requirements met
A true compliance management partner
Access to our Compliance Management (GRC) Platform
Identification of effective controls that prevent attacks
See our findings and recommendations
Track your risk removal process
View trends and overall security improvement

Compliance Consulting
Do You Have an Industry Compliance Requirement to Meet?
We provide the security cloud services your organization needs to know that your environment, systems, and data are secure.
Our Cloud Services Include:
Cloud Security Assessment
We identify threats caused by misconfigurations, unwarranted access, non-standard deployments and other vulnerabilities.
Cloud Penetration Assessment
We use the latest in tactics, techniques, and procedures (TTPs) to perform both unauthenticated and authenticated security testing of your cloud environment.
Cloud Migration Consulting
We will help you migrate some of the physical servers or your entire data center to the cloud allowing you to maintain cloud data ownership, control, security, and visibility.

Compliance Consulting
Do You Have an Industry Compliance Requirement to Meet?
Incident Response Readiness
Prove Your Organization Can Respond to a Breach.
- What We Do
- What You Get
- Additional Information
Incident Response Readiness
Prove that your organization can respond to a cyber breach
If you do not have an incident response plan, don’t worry, we can build one for you.
Review your current Incident Response Plan to make sure it matches your technology, stakeholders and overall environment.
Proving the plan will work by simulating events with tabletop exercises.
Updating your plan so you can be confident it will work in real-time

Incident Response Readiness
Prove that your organization can respond to a cyber breach
Comprehensive Report includes:
Executive Summary
Findings and Recommendations
Update & Actionable Plan
See our findings and recommendations
Track your risk removal process
View trends and overall security improvement

Incident Response Readiness
Prove that your organization can respond to a cyber breach
Ransomware Attack Simulation
Want Visibility into Your Cyber Risks?
- What We Do
- What You Get
- Risk Removal Portal
- Additional Information
Ransomware Attack Simulation
Want Visibility into Your Cyber Risks?
OnDefend shows you how to remove your ransomware weaknesses before cyber criminals can exploit them.
Unlike a Penetration Test, a Ransomware Attack Simulation Will:
Prove access can be gained through your employees and external defenses
Demonstrate how your security tools will respond to these types of attacks
Show how ransomware could spread & encrypt data throughout your organization

Ransomware Attack Simulation
Want Visibility into Your Cyber Risks?
We test how your organization’s technical and human defenses would respond to a ransomware attack by simulating and emulating real-world ransomware tactics.
We simulate an advanced ransomware phishing attack to verify if your email security, firewalls, and employees detect and prevent the breach.
Our advanced Business Email Compromise (BEC) tactics impersonate trusted people and companies.
We prove if your endpoint security solutions detect and prevent simulations of real-world ransomware attacks.
We map which devices and data are available for encryption as well as how quickly ransomware can spread.
We provide screenshots of all devices accessed as proof of execution and weaknesses.

Ransomware Attack Simulation
Want Visibility into Your Cyber Risks?
Your Risk Removal Portal provides:
All security findings
Remediation recommendations
Remediation management functionality
Overall security trends and improvements

Ransomware Attack Simulation
Want Visibility into Your Cyber Risks?
Security Project Consulting
Get the security assistance you need.
- What We Do
- What You Get
- Risk Removal Portal
- Additional Information
Security Project Consulting
Get the security assistance you need.
We will help you with your specific security needs on a one-time or ongoing basis.
We Can Help You With:
Security Tool Assessment
New Security Tool Rollout
Policy & Procedure Development/Updates
Systems, Data, & Asset Identification
System Access Control
Computer and Network Management
System Dev Lifecycle
System Configuration Management (hardware and software maintenance)
System Authorization
Privacy and Data Protection
Incident Response
Business and Data Protection

Security Project Consulting
Get the security assistance you need.
Project completion and satisfaction
Budgetary requirements met
A true information security partner

Security Project Consulting
Get the security assistance you need.
Your Risk Removal Portal provides:
All security findings
Remediation recommendations
Remediation management functionality
Overall security trends and improvements

Security Project Consulting
Get the security assistance you need.
Virtual Chief Information Security Officer
Fractional Help to Mature Your Security Program.
- What We Do
- What You Get
- Risk Removal Portal
- Additional Information
Virtual Chief Information Security Officer
Fractional Help to Mature Your Security Program.
We provide fractional information security leadership helping your company manage and mature your security program within your timeline and budget.
What We Assist With:
Identify and Prioritize your security program needs.
Develop a roadmap to accomplish those needs.
Share and Collaborate as one unified team.
Track action items, risks and tasks and measure progress.
Centralize reports that are easily shared with executives, board members, etc.

Virtual Chief Information Security Officer
Fractional Help to Mature Your Security Program.
Security leadership you can count on
True movement up the security curve
A true information security partner

Virtual Chief Information Security Officer
Fractional Help to Mature Your Security Program.
Your Risk Removal Portal provides:
All security findings
Remediation recommendations
Remediation management functionality
Overall security trends and improvements

Virtual Chief Information Security Officer
Fractional Help to Mature Your Security Program.
BlindSPOT – Purple Team Services
Project Based & Managed Services Support
- BlindSPOT
BlindSPOT - Purple Team Services
Project Based & Managed Services Support.
BlindSPOT professional services, better known as purple teaming, help network defense teams improve security tool knowledge, tuning, and techniques to continuously strengthen their organization’s network defense posture.
These services include:
Detection Workshops
Intended to double as a tool assessment and training opportunity, a Detection Workshop is a facilitated session where new simulations are executed via the BlindSPOT tool and your team is asked to hunt down all related activity they can find, optionally running any IR playbooks to contain and respond to whatever event is being simulated.
Detection Engineering Classes
Designed as a way to ensure good foundational knowledge of various topics we will encounter as part of the BlindSPOT program, these classes as a combination to Detection Engineering, foundational knowledge, and just-in-time training on important aspects of IR techniques and strategies.
Security Controls Assessment
Similar to a detection workshop but intended exclusively to test the effectiveness of security tools. Often includes specific, technique deep dive testing.
Open Office Hours
Our consultants are available for working with security team members on reviewing proposed security tool configuration changes, reviewing threat intel feeds and items, answering any questions about the BlindSPOT platform usage, and designing new custom simulations.

Our Promise to You
What You Can Count On From Us
We Protect Your Brand
Our first priority is to protect your brand. Your name is everything in this industry and whenever we represent your company, we make sure that we elevate your brand in every activity we are involved in.
Best-in-Class Talent
OnDefend only hires team members with a minimum of seven years of applied experience, which produces non-invasive, low-touch, and high-quality engagements.
National/ International Teams
Our team services partner clients across the U.S. and around the world. Additionally, we can provide all reporting and correspondence in the language your clients' needs.
Methodology Matching
Do you already have testing or consulting methodology? No problem, our team will match how you provide your services step-for-step.
Premium Results
The deliverable is all that matters. OnDefend clients receive testing and consulting reporting that not only provides the direction they need to remediate, but also various options to do so based on their specific environment. Additionally, OnDefend provides the tools the partner needs to successfully manage remediation if such tools do not already exist.
Results How You Need Them
You just provide us a sample report and our reports will be identical. Also, if you have an existing reporting portal or tool, that is where we will report our findings.
We Help You Upsell
For many channel partners, services are the way to sell their solutions or additional services. We continually discuss our testing and consulting results with our partners to identify upsell opportunities and can incorporate them into result reports or post-service collateral.
Complete Flexibility
Because OnDefend has developed the technology to successfully provide services remotely, all logistical issues and invasive concerns of the client can be alleviated.
Competitive Pricing
OnDefend has built itself to provide itself to perform security services efficiently and effectively. These include same-day proposal generation, remote service capabilities, automated internal processes, and real-time results portal access, all of which have streamlined OnDefend to save clients' money and increase channel partner margin.
Substantial Partner Margins
Because our pricing to our partners is so competitive, the margins that our partners can mark-up our services up ranging from 30%-70% depending on the market they are serving.
Client Communication & Satisfaction
Communication is critical and responsiveness to client concerns is paramount. OnDefend’s seasoned security team knows how to interact not only with C-level stakeholders but also with security teams on the ground. Because we have been security attackers and defenders, OnDefend team members have a very strong understanding of the Big Picture for the organization and what the outcome of our service needs to be to provide real value.
Quick Proposal Turnaround
Unfortunately, many security projects take a great deal of time to quote. This time-lapse is often the difference between winning and losing a project. OnDefend has built algorithms for quick project quoting and can provide project proposals well within 24 hours so their channel partners can win projects.
We Enable Partners to Sell
Many of our partners have us assist and sometimes completely run client scoping and sales calls. Our team is extremely effective in communicating the service value so your client will engage.
Complete Partner Visibility
We provide all of our partners with our partner analytics portal which gives them complete visibility into where we are in the sales/scoping process, project status, and results delivery.
Remote Capability
We were remote before it became cool. We can serve your clients across the U.S.US and around the world with no logistical or scheduling restrictions.
Certifications
We hold the certification and government clearances that you need to utilize us on your behalf.

Partner Value
We Make Sure You Don’t Lose Business
Our seasoned team is on standby to make sure you can meet market demand in an exploding cybersecurity industry.
Get StartedAdd New Services
Our on- demand team can help fill bandwidth gaps under your brand to enable you to meet market demand. We match your methodologies and reporting, which makes our service seamless to your organization and customer’s experience.
Outsource Service Divisions
Have certain service offerings become less profitable or difficult to sustain? We can act as your internal team. Our clients see the same ROI from our private label outsourcing as they would from an internal employee, with none of the risks.
Extend Bench Strength
Want to add cybersecurity services to your offering? We can make it seamless. We help partners tilt up new service offerings with our turnkey process by providing private label marketing materials, which allows your company to start selling immediately.
Ready to join the security revolution?
Become a Partner
Reach out to us today and learn more about the value we provide our partners
SMART. STRONG. RELIABLE.
Super-Charge Your Business.
Contact us today to expand your security offering, meet market demand and secure our world.
Contact Us