Cymbel Corporation is an IT Solutions Provider, 100% focused on Security and Compliance. Cymbel was founded in 2000 and is headquartered in Newton, MA, with branches in Connecticut, New York, and New Jersey. Our 300+ clients are composed of mid to large enterprises and some of the largest, best known organizations in the Northeast.
Cymbel helps organizations (1) mitigate the new security risks created by changes in business needs, technology, threats, and compliance requirements, (2) reduce the costs of security operations and compliance audits, and (3) improve the infosec team’s responsiveness to the business. In many cases we have been able to do all three at the same time!!
Cymbel has no outside investors and is beholden to no third parties who could influence our recommendations or partnerships. Cymbel has been profitable for 49 consecutive quarters. Each of the principals of Cymbel has over 25 years of IT experience and over 14 in information security.
The Cymbel Approach
The Cymbel Approach is based on Forrester’s Zero Trust Model.
Zero Trust means there are no longer “trusted” networks, devices, or users. While Prevention controls are still vital in order to reduce the organization’s attack surface, there is no such thing as 100% Prevention, if there ever was. This Zero Trust approach must be taken in light of a set of fundamental changes that have occurred during the last several years:
- New technologies including cloud computing, social networking, virtualization, and mobility.
- Increased use of remote and mobile workers including contractors
- Increase in network connected business partners
- Changes in the motives and methods of cyber adversaries including criminals, nation-states, and hacktivists.
While Prevention controls are still vital in order to reduce the organization’s attack surface, there is no way to absolutely prevent all devices from being compromised. In addition, we have seen an increase in malicious insider activity. Therefore you must assume that some devices are compromised and some users are malicious. This is Zero Trust.
Zero Trust Guidelines
While all organizations have different priorities, over the years these guidelines have worked well:
- Balance Budget across Prevention, Detection, and Response Controls
- Use a Kill Chain model to select technical controls
Zero Trust Recommendations
Cymbel uses this Zero Trust approach to plus its understanding of (1) who the adversaries are, (2) their objectives, and (3) their attack processes to develop a set recommendations to reduce the risks of confidential data breaches. While all organizations have different risk profiles and priorities, all of our clients have benefited from one or more of these recommendations.
We continually research new technical and administrative controls to keep our recommendations up-to-date. Here is a summary of them.
1. Update Network Security with Next Generation Firewalls
2. Use a “sandbox” control to detect unknown threats in files
3. Establish Protected Enclaves to control access to applications and resources
4. Use a specialized anti-phishing email protection service
5. Use Threat Intelligence to prioritize vulnerability remediation
6. Analyze logs using machine learning algorithms to detect compromised and malicious users
7. Implement an Incident Management system to minimize incident costs
8. Deploy a Cloud Services Manager to discover, analyze, and control Shadow IT
9. Monitor your partners’ security postures using a cloud-based service
10. Deploy an Enterprise Key & Certificate Management (EKCM) system
11. Deploy a backup, cloud-based DDoS Mitigation Service
12. Deploy a non-signature-based endpoint malware detection control
Partner Selection Criteria
We partner with the most innovative and proven security, compliance, and IT service management manufacturers in the world. Our criteria for selecting partners are as follows:
- Solution fit with Cymbel’s Zero Trust Approach described above, i.e. ability to reduce the risks caused by the changes we’ve seen during the last several years in business needs, technology, threats, and compliance requirements
- Ability to reduce the costs of meeting compliance requirements
- Ability to reduce administrative and operational costs
- Fast time-to-value, i.e. minimal professional services needed for deployment
- Proven deployments
- Corporate viability
- Responsiveness to customer feature requests
- Customer support satisfaction
Learn more about our partners…
Through the years, working with hundreds of clients, we have developed a philosophy which guides our thinking:
- It is not the strongest of the species that survive, nor the most intelligent, but the ones most responsive to change.
- The biggest risk an organization faces is the failure of imagination when assessing the behavior of the enemy.
- In theory, there is no difference between theory and practice. In practice, there is.
- The biggest problem with communication is the illusion that it has taken place.
Etymology of the word “Cymbel”
The Oxford Dictionary of Music defines one of the controls on classical organs as a “cymbel.” When engaged, the cymbel generates what is described as “a brilliant mixture of things” from a variety of organ pipes.
When starting Cymbel ten years ago, we were seeking to do the same; to bring together for our clients the best-in-class solutions for information security and compliance. We sought then and deliver today what we believe is that harmonious and brilliant mixture of things: Next Generation Defense-in-Depth.