IT Solutions

Service Description: Amplify IT Cybersecurity & Advanced Cybersecurity

The following Service Description covers the Amplify IT Cybersecurity/Advanced Cybersecurity solution and its components. For a full description of our overarching Managed Services covering response time expectations, implementation/onboarding, how we provide support, limitations and client responsibilities please start here.

Overview

Amplify IT Cybersecurity, as its own offer, is a foundational security package designed to protect against the most prevalent cyber threats, ensuring the integrity and confidentiality of your organization’s data.

It contains the following services:

Service Description
Endpoint Detection & Response (EDR) Provides continuous, real-time monitoring of devices to detect and respond to cyber threats as they happen. This proactive approach helps ensure a business stays protected from malware, ransomware, and other device-level attacks, minimizing potential damage and downtime.
Email Threat Monitoring and Protection Offers a robust defense against phishing, malware, and other email-based threats, helping business communications remain secure. Includes advanced detection capabilities to help identify and respond to signs of account compromise, protecting sensitive information and maintaining trust between ITS and clients.
Dark Web Monitoring Searches the dark web for signs that a company’s sensitive data may be at risk. By detecting potential threats early, a business can take swift action to protect data and mitigate the impact of a breach.
M365 Shield Provides threat detection across infrastructure and cloud environments. This service aids in ensuring the Microsoft 365 ecosystem and SaaS applications remain secure, working to protect a business from sophisticated cyber threats and ensuring uninterrupted operations.
Security Awareness Training Designed to equip employees with the knowledge and skills to recognize and prevent cyber threats such as phishing, malware, and vishing. By fostering a culture of security awareness, a business can reduce the risk of human error and strengthen the overall security posture.

When bundled as part of Total IT or any of our industry targeted solutions, Amplify IT Cybersecurity is elevated to Amplify IT Advanced Cybersecurity with the following additional services:

Service Description
Multifactor Authentication (MFA) MFA is an essential layer of security that requires multiple forms of verification before granting access to systems. This robust approach significantly reduces the risk of unauthorized access, protecting a business’s sensitive data and resources.
Web & DNS Protection Implements advanced security measures to safeguard a business against web-based threats, providing granular control over internet access. This helps ensure a safer browsing experience for employees, reducing the risk of cyber-attacks originating from malicious websites.

The following details each of these services.

Endpoint Detection & Response (EDR)

ITS’s EDR Service is engineered to provide advanced cybersecurity defense mechanisms to organizations, detecting and responding to cyber threats at endpoints in real time. This service is crucial in today’s high-threat digital environment, providing layered security through monitoring, detection, response, and predictive threat intelligence.

How It Works

EDR as a service, is designed to secure endpoints — from workstations to servers to endpoints in the cloud — against sophisticated attacks and malware outbreaks.

Always-On Protection A small program is installed on each device that watches for suspicious behavior – like strange new programs running or unusual network connections. It’s like having a security guard constantly patrolling each computer.
Smart Threat Detection The system learns what normal activity looks like on a client’s network. When something unusual happens, it flags it immediately – even catching sophisticated attacks that traditional antivirus programs might miss.
Automatic Threat Response When a threat is detected, the system responds instantly – isolating affected devices from the network, stopping harmful programs, and blocking unauthorized connections. This happens automatically, before damage can spread.
Investigation Tools If something does happen, the system provides a detailed timeline of exactly what occurred, helping an IT team understand how the attack happened and prevent similar incidents in the future.
Self-Improving Security The system gets smarter over time by learning from each incident, making the protection stronger against new types of attacks.

Implementation Process

  1. Discovery: The current security setup is assessed to find any weak spots. This helps to create clear goals for the new threat detection system.
  2. Setup: The security software is adjusted to work with existing technology, including creating rules for what to watch for and connecting it with many security tools (TBD on an individual case basis) the business may already use.
  3. Installation: The security monitoring software is installed on client computers and devices.

The client must provide:

  1. Testing: Multiple tests are run to ensure the system works properly in different situations and integrates smoothly with the current business processes.
  2. Training: If applicable, staff are trained in how to recognize security threats and use the new system, which will strengthen the company’s overall security awareness.
  3. Ongoing Protection: The service continuously monitors threats in real-time and regularly updates the system to protect against new security challenges as they emerge.

Frequently Asked Questions

  1. What is EDR? Endpoint Detection and Response (EDR) is a cybersecurity technology that continuously monitors endpoints—such as laptops, servers, and mobile devices—to detect, investigate, and respond to cyber threats like malware, ransomware, and advanced persistent threats (APTs). Unlike traditional antivirus software, EDR provides deeper visibility and proactive response capabilities.
  2. How is EDR different from antivirus software? While antivirus software primarily detects and removes known threats using signature-based methods, EDR goes further by using behavioral analysis, machine learning, and threat intelligence to identify both known and unknown threats. EDR also provides detailed insights into attack paths and enables faster incident response.
  3. How does EDR work? EDR works by collecting real-time data from endpoints, analyzing it for suspicious activities or anomalies, and correlating it with threat intelligence. It provides security teams with a centralized view of endpoint activities and automates response actions, such as isolating infected devices or blocking malicious processes.
  4. Why is EDR important? EDR is crucial because it protects against advanced threats that traditional security tools might miss. It reduces the time to detect and respond to incidents, minimizes damage from breaches, and provides forensic data for post-incident analysis. With cyberattacks becoming more sophisticated, EDR is essential for maintaining a strong security posture.
  5. What should I look for when choosing an EDR solution? When selecting an EDR solution, consider factors such as comprehensive endpoint visibility, advanced threat detection capabilities, ease of deployment and use, integration with existing security tools, scalability, and robust vendor support. Additionally, look for features like automated response, cloud-based management, and minimal impact on system performance.

Return to Advanced Cybersecurity Services

Email Threat Monitoring and Protection

This service is a security measure that monitors and helps protect the email platform and employee mailboxes from a broad spectrum of email-borne threats, including phishing attacks, malware, and spam, while also monitoring systems for signs of account compromise. This dual approach assists in ensuring not only the filtration of malicious emails before they reach users but also vigilance against potential account security breaches.

How It Works

Email Filtering Each email is first filtered against a list of known spammers and phishers, then opened in a fully automated sandbox environment where any email attachments and web links are detonated. The outputs from this isolated sandbox testing then undergoes rigorous analysis for signs of phishing, malware, and spam. Sophisticated algorithms and near-real-time, dynamic threat intelligence are employed to help preemptively block harmful content before it ever reaches its intended target.
Continuous Security Monitoring Continuous monitoring for unusual account behavior by analyzing patterns and behaviors that deviate from established norms such as atypical login activities, unexpected email forwarding settings, or other signals of potential account compromises.
Threat Detection The service leverages filtering and sandboxing analysis to dynamically scan for emerging threats. The system adapts in near-real-time to new tactics used by attackers to help ensure even the most sophisticated phishing schemes are identified and mitigated.
Automated Alerts When a potential threat or suspicious activity is detected, automated alerts are generated to administrators. This prompt notification allows for quick investigation and remediation actions to mitigate potential damage.
Quarantine & Alerts Most potentially dangerous emails are quarantined, with alerts sent to both users and administrators. This process works to deter interaction with harmful content and aids in informed decision-making.
User Reporting Users are encouraged to report suspicious emails, enhancing the overall effectiveness of the threat detection system. This collective defense mechanism improves the service’s accuracy and responsiveness over time.

Frequently Asked Questions

  1. What is Email Threat Monitoring and Protection? It’s a security service that continuously scans incoming and outgoing messages for malicious links, attachments, and spoofed senders—quarantining or blocking anything suspicious before it reaches users.
  2. How does it keep my inbox safe? It works like a security guard for your email, automatically checking all messages for threats and stopping them before they reach your team, without disrupting normal email flow.
  1. What happens if a legitimate email is blocked (false positive)? Users can request release of any quarantined email via a one-click “release” button in their daily digest, and administrators can whitelist trusted senders in seconds.

Return to Advanced Cybersecurity Services

Dark Web Monitoring (DWM)

DWM is like a digital watchdog that keeps an eye on hidden parts of the internet to see if important information – like emails, website names, company leadership’s private information, or computer addresses – is being talked about or traded by online criminals. This helps companies catch problems early, so they can fix them before real damage happens.

How it Works

Every day, the service searches the dark web to find any signs that a client’s data might be in danger. It uses smart computer tools to decide which issues are the most serious so that ITS knows exactly what needs attention first.

Frequently Asked Questions

  1. Does Dark Web Monitoring include remediation? This service does not remove data from the dark web, such as negotiating with hackers or scrubbing marketplaces, as this is often impractical or illegal. An alert is sent, but we don’t erase the discovery from the source.
  2. Is Dark Web Monitoring intended for attack prevention? The service identifies data that has already been compromised and is not the initial theft.
  3. What types of data does the service monitor? The service looks out for various pieces of information like emails, website names, and computer addresses, along with other details that might be mentioned on secretive parts of the internet.
  4. How often are the dark web scans done? The system checks the dark web every day – so every 24 hours – to make sure it catches any recent problems as soon as they appear.
  5. How do I receive alerts about potential threats? Alerts are sent directly to the client through email, text messages, or on an easy-to-use online dashboard, so client can quickly see if there’s an issue that needs attention.
  6. Can the service remove compromised data from the dark web? No, the service is designed to find and alert about the problem; it doesn’t remove the data. It’s then up to the client to take the right steps to fix the situation. ITS can assist by implementing a scoped project to help with remediation.
  7. What should I do when I receive an alert? When a client gets an alert, they should check the information carefully and follow the suggested steps—like changing passwords or updating security settings. Then, work with the IT or security team to make sure everything is safe.

Return to Advanced Cybersecurity Services

M365 Shield

M365 Shield is a security monitoring platform designed to protect SaaS applications by detecting and alerting suspicious activities, data access anomalies, and potential threats in real time. It provides IT teams with critical insights into user behaviors across cloud platforms, enhancing data security and compliance.​

How it Works

  1. M365 Shield is a cloud security platform that monitors activity across SaaS applications, helping businesses detect suspicious behavior, prevent unauthorized access, and reduce the risk of data breaches.
  2. It provides real-time alerts on potential threats, such as unusual login attempts or data access, enabling IT teams to respond quickly to security incidents.
  3. M365 Shield strengthens compliance, working to safeguard sensitive information in cloud environments by offering visibility into user activity and access patterns.

Frequently Asked Questions

  1. What protection does it include? M365 Shield provides complete protection with:
  1. How does it help with compliance? M365 Shield keeps track of all user activities, policy changes, and access patterns in the Microsoft 365 environment. This creates the detailed records and reports needed to show compliance in regulations like HIPAA, PCI-DSS, PIPEDA, GDPR, and others.

Return to Advanced Cybersecurity Services

Security Awareness Training (SAT)

SAT teaches how to recognize and prevent cyber threats. Think of it as creating a “human firewall” for the business – because up to 95% of data breaches involve human error. With cyber threats becoming more sophisticated in 2025, including AI-powered attacks, this training is more important than ever.

Benefits

  1. Meet Insurance and Compliance Requirements
    • Helps fulfill regulations like GDPR and HIPAA
    • Can lower insurance premiums
    • Maintains compliance needed for business partnerships
  2. Reduce Your Risk
    • Trained employees are 30% less likely to fall for phishing attacks
    • Can reduce security risks by up to 70%
    • Even basic programs provide a seven-fold return on investment
    • Risk can drop from 60% to 10% within the first year of training

How It Works

Phishing Testing
  • Client’s employees receive simulated phishing emails
  • Tests how well they can spot fake emails
  • Provides immediate feedback when mistakes happen
  • Uses realistic scenarios based on current threats
Employee Training
  • Short, interactive online courses
  • Quizzes and real-world scenarios
  • Covers essential topics like:
  • Spotting phishing attacks
  • Creating strong passwords
  • Safe internet browsing
  • Recognizing social engineering tricks

Implementation Process

  1. Scoping: Identify who needs training and what topics to cover
  2. Configuration: Set up the training platform to fit the business
  3. Activation: Run an initial test session before full rollout
  4. Documentation: Create clear records of training program

Support Process

  1. Help desk support for employees who have questions
  2. Enrollment for new hires
  3. Removal of departing employees from the system
  4. Regular reports showing team’s progress

Frequently Asked Questions

  1. What exactly does your Security Awareness Training include? The program combines short, engaging online lessons (covering topics like phishing, password security, and safe browsing) with realistic simulated phishing tests, interactive quizzes, and periodic reinforcement “micro-lessons” to keep security top of mind.
  2. How long does each training session take, and how is it delivered? Each core module is 10–15 minutes long and delivered through a cloud-based platform, so employees can complete sessions on any device—desktop, tablet, or smartphone—at their own pace.
  3. How often should employees complete training and simulations? ITS recommends annual phishing simulations with quarterly refresher modules. This cadence balances learning reinforcement with minimal disruption to daily work.
  4. What does a phishing simulation look like and is it safe? Simulations mimic real phishing emails (without malware) to test employee readiness. They’re entirely safe—no malicious code runs—and serve only to show who clicked so targeted follow-up coaching can be provided.
  5. How do you measure success and report on results? The platform provides an easy-to-read dashboard showing completion rates, quiz scores, simulation click-rates, and improvement trends over time. You can easily see exactly how a team’s security awareness is growing.

Return to Advanced Cybersecurity Services

Multi-Factor Authentication (MFA)

MFA is a critical security layer that requires users to verify their identity through multiple methods (something they know, have, or are), creating a robust defense that prevents attackers from gaining access even if passwords are compromised.

By requiring a second verification method, MFA creates a powerful additional layer of protection that significantly reduces the risk of unauthorized access.

Standard Configuration Recommendation

Our MFA standard configuration recommends the following integrations be implemented. The implementation services to deploy the standard configuration is a separate, chargeable services engagement.

Integration Description
Remote Access Application Integrates with compatible remote access applications, such as client VPN solutions and Microsoft Remote Desktop Gateway.
Microsoft 365 Leveraging the native MFA functionality within Microsoft 365, requiring users to use a smartphone mobile app for the second factor. This utilizes Microsoft’s built-in security features.

Additional Integration Capabilities

MFA can be deployed beyond Microsoft 365, VPN and Microsoft Remote Desktop Gateway to further strengthen the client’s security posture. Additional integrations can be implemented for Workstations, Applications, and Windows Server. These additional integrations may require a RADIUS implementation and/or Microsoft licensing to include support for Conditional Access. These implementation services need to be customized for individual client environments and their unique applications and are separately charged.

Integration Description
Windows Workstation ITS offers the option to extend MFA protection to workstation logins, allowing for customization to meet specific organizational security needs.
Applications Beyond the standard configuration, MFA service offers the potential for integration with a wide array of applications.
Windows Server Integrates with the interactive Windows Server login to reduce the risk of unauthorized access.
Microsoft 365 Licensing:
MFA implementation for applications and servers may require Conditional Access features found in certain Microsoft licensing subscriptions. Conditional Access is available with Microsoft Entra ID P1 and P2; Microsoft 365 Business Premium; Microsoft 365 E3, E5, F3; and EMS E3 and E5. These licenses are not included in the MFA service and are at an additional cost.

Implementation Process

The typical implementation process, scoped and billable by Professional Services, has the following steps:

1 Assess & Strategize Assessment of existing IT infrastructure to identify integration points for the MFA system for Remote Access Application and Microsoft 365 for a tailored deployment strategy and setting of milestones.
2 Finalize Scope Finalize scope and provide a SOW which will include Professional Services and a quote for Microsoft licensing upgrade or add-on if Conditional Access is required.
3 Configure & Integrate Configuration of the MFA service, integration with Remote Access Application, Microsoft 365 and additional scoped services, optimization of settings for security and convenience, and execution of a thorough testing phase.
4 Enrollment Enablement Professional Services can either enable MFA for users or can assist with self-enrollment enablement. ITS can generate a customized email campaign with instructions on how to self-enroll in MFA that helps guide users through the setup of authentication methods.
5 Provide Training Provide end-users with easy-to-access guides and IT staff with support training.
6 Activate System Activation of MFA across the organization, with support ready to address any issues and monitor the system post-activation.
7 Steady State Offering continuous support following system activation, providing regular updates, and ensuring MFA is operational and secure.

Feature List

Comprehensive Integration Capability* MFA integration across most cloud services, email platforms, remote access systems, VPNs, on-premises applications, and workstation & server logons.
Flexible Authentication Options Offers push notifications, hardware tokens, SMS codes, and automated voice calls for user-friendly verification.
Alternative Authentication Scenarios Provides options like temporary access codes, backup authentication methods, passwordless access, time-based one-time passwords, and support assistance for lost access scenarios.
Single Sign-On (SSO) Enhances user experience by allowing one-time authentication for multiple services.
Delegated Admin Control Enables role-based administrative access, allowing specific permissions for managing MFA settings and user accounts.
Granular Access Policies Customizable policies for detailed access control based on user and device attributes.

* Some items here may require scoping and professional services to integrate

Frequently Asked Questions:

  1. What if I lose my phone or it breaks? Our team can help by temporarily disabling MFA or assisting with registering a new device.
  2. Can I use the same authentication app for multiple accounts?Yes. MFA smartphone apps can manage multiple accounts in one place.
  3. Will MFA work if I don’t have internet or cell service?  Yes, the authentication apps can generate codes even when offline. End users will have to call support to acquire the necessary code in those situations.
  4. Will the implementation of MFA impact productivity? MFA adds an extra step, but it’s designed to be quick and user-friendly. Methods like push notifications take just seconds.
  5. What happens in an emergency if I can’t access my verification method?  For genuine emergencies, we have procedures to provide temporary access after verifying your identity. End users will have to call support to remediate the issue.

Return to Advanced Cybersecurity Services

Web & DNS Protection

Web & DNS Protection defends against web-based threats while controlling internet access. This includes blocking access to malicious websites, filtering unwanted content, and protecting against web-based exploits.

Features

  1. Ability to enforce company Acceptable Use Policy (AUP). Control of the DNS service across company devices allows for company policies to be easily enforced and followed.
  2. Protection from harmful and malicious websites. Threat actors use a variety of methods to get users to visit websites, click on links, and download attachments. DNS protection can limit the ability and effectiveness of these methods.
  3. Visibility and awareness. Periodic review of DNS activity can be used to identify potentially compromised accounts, endpoints out of alignment, and users who may need training.

How it Works

  1. Content Filtering: Web traffic is filtered based on policies to block access to known malicious sites and inappropriate content.
  2. DNS Security: DNS requests are analyzed to prevent connections to harmful or
    suspicious domains.
  3. Real-time Blocking: Any attempt to access a blocked site or domain is automatically denied.
  4. Custom Policies: Organizations can customize filtering policies to meet their specific needs and compliance requirements.

Implementation Process

Scoping

Configuration

Monitor implementation

Completion

Return to Top