Home improvement retailers like Home Depot and Lowes are interesting places. Inside a typical store, one can find everyone from a guy looking to replace a leaky pipe, a couple shopping for new appliances, or a large contractor picking up hundreds of pieces of sheetrock for a major project. 

Trustwave's Security Colony is the cybersecurity version of a home improvement store. 

Security Colony is essentially a self-help site. For example, an organization can come in, and if, say, it is working on improving its incident response capability, we have a ransomware playbook the organization can take and then make it its own. Or is the organization worried about insider risk? If so, we have simulation exercises they can review and implement.

There are also cases where the Security Colony visitor realizes that the task at hand is beyond its capability to implement. In this case, they can ask for help and we will refer them to the right person at Trustwave. 

1. Resource and Video Library 

At its core, Security Colony is essentially a massive and diverse repository of cybersecurity content collated into easy-to-navigate categories.

The Security Colony Resource Library contains 17 categories covering almost 400 topics. Trustwave has created all the documentation based on actual work we've conducted for organizations which we then make available to our subscribers. There are then two paths a subscriber can take. The first is to use the information for their edification. The second is to alter the content to create their own action plan knowing that Trustwave used the information stored on Security Colony to help another entity with a similar problem.

The Security Colony team updates the resource library with new content on a weekly basis.

Security Colony's Video Library contains a wealth of information for folks looking for an introductory lesson on a particular topic, say phishing or identifying an insecure WiFi connection. Senior Trustwave consultants present the videos.

Other videos featured tutorials on how to get the most out of a Security Colony subscription with instructions on navigating the site and using the various security tools which subscribers can access. 

2. Maturity Assessment

The Security Colony Maturity Assessment is a self-paced tool that will measure if an organization's security can defeat today's cyber threats. The threat assessment analyzes your industry and the nature and size of your business. It uses NIST Cyber Security Framework to assess your ability to identify, protect, detect, respond and recover appropriately to maintain a suitable level of security.

Areas covered include: 

• Threat and Maturity Assessment and recommendations for prioritized focus on areas of weakness.
• Use the documents and score to justify the budgets for your next important security projects.
• Show your internal and external stakeholders how your security program is progressing.

 3. Public and Private Forums

Security Colony maintains two types of forums. A public version for those who hold only a basic subscription service where you can ask Security Colony's cybersecurity consultants for advice and support.

A private forum is also available. It operates in the same manner as the public version but a subscriber can ask questions that may be too sensitive to talk about publicly. The private forum, however, is only available to paying subscribers.

4. Vendor Risk

Supply chain attacks are becoming a common occurrence, so it's imperative that an organization understand the risk imposed by their vendors. Security Colony uses a range of free, open-source, and commercial tools to complete over 20 distinct checks against a company's online footprint, packaging this analysis in an easy-to-use interface detailing the identified risks and providing an overall risk score and grade for the assessed organization.

These include:

• Assessing the organization for historical (or current) malicious activity.
• Assessing security misconfigurations and vulnerabilities related to server configuration.
• Assessing security misconfigurations and vulnerabilities related to e-mail system configuration.

5. Breach Monitor

The Breach Monitor lets you know when and if your domains and related entities have become a topic of conversation on the dark web. The tool allows you to create a set group of searches that will run daily against public and private breach and ransomware sources. If a breach is discovered, Trustwave will issue a notification and point to the public and dark web data sources for occurrences.

The Security Colony Offer

Essentially, those who join Security Colony receive millions of dollars' worth of consulting work for around $5,000 a year, depending upon the chosen subscription level. It's almost easier to spend more on tea and coffee in a year than for a subscription to Security Colony. It's the best value that allows you to keep up to date with what's going on and what you need in security.

The best part is one doesn't have to spend any money. Trustwave offers a great deal of content free. 

The Security Colony pricing chart: