Centralized collection of system events is a vital element of effective cybersecurity
forensics and analysis. By correlating these events, organizations can uncover an attacker’s activities and trace their movements within the network. This process also supports monitoring, early detection, prevention, and containment efforts. Pyramid outlines the necessary inventories of systems and related data that must be collected to enable thorough cyber forensic investigations. It is essential to understand that different systems generate different types of event logs; therefore, efforts are made to present a unified and coherent view of potential breaches.

Firewalls, data diodes, and other network access control technologies are used to
enforce segmentation between sensitive internal systems and less sensitive internal or external systems. Systems are categorized into security zones based on their sensitivity, and each zone is segmented according to internal risk management policies, third-party requirements, and regulatory compliance obligations.

Remote access security is a critical pillar of a robust cybersecurity program. Threat actors frequently exploit weaknesses in remote access controls to breach an organization’s perimeter, or access systems from within the organizations network boundary. Pyramid designs and implements both technologies and processes to ensure
secure access to protected assets. The rigor of these access controls is aligned with the sensitivity of the assets and any applicable regulatory requirements.

Malware protection technologies are managed to enable proactive detection,
quarantine, and removal of malicious software. A mature solution operates seamlessly across heterogeneous systems and provides centralized visibility through a unified interface, allowing for efficient administration and rapid response to threats.

Data transfer architectures and solutions are designed for networks and systems with elevated security requirements, enabling the secure exchange of files to and from these environments. These measures are particularly relevant for air-gapped systems, where file transfers are minimal but must be conducted with the highest level of security to prevent the introduction or spread of malicious code.

Centralized management solutions are used to monitor and deploy software updates, supporting an organization’s broader system security lifecycle management processes. These tools help ensure that systems remain up to date and aligned with security best practices.

A comprehensive vulnerability management solution enables large-scale detection and analysis of known vulnerabilities across an organization’s technology landscape. These
vulnerabilities can be exploited by malicious actors to gain unauthorized access, conduct reconnaissance, exfiltrate data, or disrupt operations. A vulnerability assessment produces a remediation roadmap based on the vulnerability severity, impact to the organization, and level of effort required to remediate each vulnerability.

A process is designed around an architecture that collects system events and categorizes them to enhance visibility for the timely detection of security-related incidents across networks and systems. This categorization enables different levels of
insight, ranging from high-level risk dashboards for management to detailed, technical views for engineers. These insights support actionable remediation and effective containment of threats.

A collection of tools and processes which are interrogated to provide management-level views of cybersecurity posture across wide-ranging controls and requirements, from operational metrics to executive-level metrics.