End to end cyber security services to protect your data, technology and reputation
Penetration Testing
A penetration test is an authorised test of a computer network or system that looks for security weaknesses. We can conduct penetration tests on your internal IT environment, perimeter network, Wi-Fi, Remote access, end user devices and cloud hosted services.
We aim to identify publicly known vulnerabilities and common configuration faults in your IT system using the same tools and techniques as an attacker. The outcome from a penetration test is a report identifying the vulnerabilities, associated risks to your organisation and recommendations for remediation.
Penetration tests are conducted using NCSC recognised methods and the subsequent report and recommendations are produced to a recognised standard.
For a detailed explanation of Penetration Testing, see Penetration Testing – NCSC.GOV.UK
We can also help you to define the scope of the penetration test to ensure you include all the necessary elements to reduce your cyber risk.
Cyber Essentials
Cyber Essentials is a government backed scheme that helps protect organisations of any size against common internet based cyber threats. The base level is a self assessment against five key areas covering firewalls, secure configuration, access control, malware protection and patch management. Cyber Essential Plus includes a technical verification of these controls by one of our qualified assessors.
The key benefit of Cyber Essentials is that it reduces your exposure to cyber threats however it also reassures customers that you are working to secure your IT against cyber attacks.
We can help you to define your certification scope and plan your certification journey, providing specialist support where you need it. We can also help you to maintain compliance through our Cyber Essentials managed service.
Red Team
Our Red Team exercise is a goal-based assessment where we attack just like a real-world adversary using real world techniques to gain access to an agreed target within your IT environment.
The benefit of conducting such an assessment is that it tests your defenders (people) as well as your defences (technology). It also tests your ability to detect and defend against a realistic and relevant attack as we take into account your risk environment and build attack scenarios that are most likely to occur in your business sector.
Our Red Team exercise can also test the effectiveness of your alerting, logging, and monitoring systems, whether they are in-house or outsourced to a Managed Security Service Provider (MSSP).
We align our Red Team operations to not only industry standards such as MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) and NIST Cybersecurity framework but also to the cutting edge real world tactics used by our adversaries. This ensures you get a professional consistent service which is as close to a real world attack as possible using all the latest TTPs and threat emulation.
Phishing & Vishing Exercises
Phishing is a commonly used technique by cyber criminals and can involve emails, text messaging, phone calls or social media. An attacker will attempt to trick users into doing ‘the wrong thing’, such as clicking a web link that will download malware or direct them to a malicious website. Phishing can also be used to trick users to disclose personal information or passwords which the attacker will use to masquerade as the user to gain access to valuable data on your system.
A key element in defending against phishing attacks is educating users to spot such attempts and report them. Our Phishing assessments are designed to test your user behaviour through simulated phishing attacks. We develop attack scenarios that are contextualised to your environment and report on agreed criteria such as which users were fooled by the attack and what information we managed to collect.
Following the assessment, we can deliver training to help your users to recognise phishing attempts. We can also support you to build a comprehensive security strategy to protect against phishing attacks including technical measures and incident management processes.
Office 365 Cloud Assessments
Our Cloud Security Assessment is designed to assess your cloud hosted services for security weakness including misconfigurations, that can be exploited by an attacker to gain access to your service. We can assess the configuration of your Microsoft O365, Azure or AWS cloud environments and provide recommendations to help reduce your cyber risks.
With the move to remote working, the reliance on cloud services has increased dramatically, bringing with it increased cyber exposure. Many of the cloud security issues we come across are due to the misconfiguration of cloud services, so it is vital that cloud assessments are included in your due diligence before you upload your data. Cloud providers tend to operate a ‘shared responsibility model’ so it is important to understand what you as the client are responsible for and what the cloud provider is responsible for.
If you are planning to host services in the cloud, we can help embed security onto the design by working with your IT Team or your supplier to assure the service. Our cloud security experts can advise on how to configure, deploy and use cloud services securely by embedding best practices such as the NCSC Cloud Security Principles. We can conduct risk assessments to help identify and manage your cloud risks and meet your obligations under GDPR as well as your business security needs.
Consulting
We offer a range of cyber security consultancy services to support IT transformation projects, security improvement initiatives and standards compliance.
We can develop Information Security Management Systems for ISO 27001 compliance and provide ongoing compliance support. Our GDPR experts can assess your current processes and procedures, provide user awareness training and support your compliance journey.
Our consultants have many years of experience working with some of the most sensitive data and systems in the UK. Each engagement is tailored to the specific needs of our client to ensure we add real value.
IT Health Checks PSN/ESN
PSN and ESN compliance requires assurance that your organisation’s external systems are protected from unauthorised access or change, and they do not provide an unauthorised entry point into systems that consume PSN/ESN services. Your internal systems should be tested to provide further assurance that no significant weaknesses exist on the network infrastructure or individual systems that could allow one internal device to intentionally or unintentionally impact the security of another.
Our PSN and ESN IT Health Checks (ITHC) are designed to provide this assurance and are conducted in accordance with current HMG guidelines. We can help to scope your ITHC and provide guidance and recommendations on remediation following the assessment. The report and remediation action plan we provide is compliant with HMG guidelines and can be used as part of your compliance submission.
We can help you to meet the requirements of the Minimum Cyber Security Standard that government expects departments to adhere to and exceed wherever possible.
