We help organisations build cyber resilience and develop strategies to defend against cyber-attacks. Explore our suite of services below and give us a call to get started today.
24/7 Managed Detection & Response
Our Managed Detection and Response (MDR) service pairs cutting edge technologies with security personnel that have decades of experience in breach response investigations and malware analysis engagements. Our extensive experience and understanding of threat actors tactics, techniques and procedures leads to faster identification and remediation of threats in your network. We cover all cloud, on-prem, and hybrid environments, and can also provide on-going compliance and configuration reviews against best practice guidelines.
BMS & SCADA Systems Testing
Our team of experts has extensive experience with Supervisory Control and Data Acquisition (SCADA) and Building Management System (BMS) penetration testing and vulnerability assessment, having performed these tests for some of the most secure and critical national and international organisations in the world. BMS and SCADA testing requires unique skills and must be performed by experts with real knowledge of these systems to prevent accidental damage to plant or other dangerous situations. We have been able to compromise a large number of BMS and SCADA networks and systems from an unauthenticated Internet perspective as well as obtaining access and control of these systems by first gaining physical access to the network using social engineering.
We offer in-depth Information Communication Technology (ICT) forensic analysis for military, government and, commercial organisations providing them with a detailed post-mortem analysis of the events that led to the data loss or breach. Our team will provide a detailed breakdown of the vulnerabilities and weaknesses that led to the compromise along with detailed technical and procedural remediation recommendations. Our detailed analysis and reporting can aid in prosecution and we are able to provide expert witnesses if sought – our team has an excellent industry reputation and is trusted by private, government and military clients.
Consultancy & Secure Systems Design
Our team has extensive knowledge of systems and infrastructure architecture, with decades of real world experience within both the private and public sector. With systems being used by government and commercial customers, we provide consultancy and design of systems, such as effective network segregation, secure web applications and walled gardens. We are fully independent from manufacturers and suppliers allowing us to recommend products that exactly match the customers requirements - significantly improving their security posture whilst reducing costs and unnecessary complexities.
Radio Frequency Interception & Attack
We provide expert penetration testing and vulnerability assessment of radio frequency technologies. We have developed our own unique RF testing capability and our own proprietary device to provide continuous protection for our clients. We identify threats such as bugs, remote listening devices and RF systems vulnerable to attack such as DECT and Bluetooth headset interception. Our vulnerability assessment, penetration testing service and continuous monitoring device provide visibility and rectification of vulnerabilities in Wi-Fi, Bluetooth, Zigbee, PMR/DMR/P25/TETRA, RFID, NFC, GPS, Building management systems, cellular and satellite technologies.
Security Awareness & Technical Security Training
Our service team has extensive experience in the creation and delivery of engaging, interesting, and relevant training materials designed to highlight the biggest risks posed to your organisation, and the types of the threats to be aware of, counterbalanced by the good operational security habits required to defend against them. The sessions can be tailored to your specific requirements and delivered to your employees remotely. For example, adding a Security Awareness Debrief session at the end of a Social Engineering, or Phishing and Ransomware Simulation allows team to share details of the engagement (please note that specific details around what is/isn’t shared would be agreed prior to session delivery) with employees. These sessions can be a great way of refreshing your employees security knowledge in an informal setting and will also assist in identifying areas where more training is required.
Critical Asset & Personnel Protection
Critical assets and personnel such as directors and mission critical systems require bespoke and evolving measures to assure their security. We specialise in the protection of these assets and offer a guarantee of security for customers requiring these services. Our protection services include physical and electronic measures including full radio-frequency surveys to identify possible attack vectors in devices that are not connected to the internet.
Offensive Simulations & Physical Security Assessments
We offer Social Engineering and Physical Security Assessments tailored to your specific requirements. We follow two methodologies depending upon the level of reconnaissance and OSINT that is required. With a passive engagement, no reconnaissance or OSINT is performed prior to the first day of the assessment. This approach to SE mirrors the casual, opportunistic attacker who just happens to be in the right place at the right time, and will identify any weaknesses of a physical, human or operational nature. With an Active engagement, we will perform reconnaissance and OSINT prior to the commencement of the engagement itself. This can be remote only, onsite (global pandemic permitting), or a combination of remote and onsite. This approach simulates a pre-meditated cyber attack, and would be recommended for clients with a more mature information security program that have already remediated the ‘low hanging fruit’ fixes that an opportunistic, ‘Active’ SE assessment would bring to light. We also believe that the ‘scenario’ based approach to testing can be a valuable exercise in identifying more specific weaknesses. For example, is it possible to gain access to someone in the finance department's work email account? Can we obtain information that should not be publicly available from a call centre agent?
Comprehensive Penetration Testing
IT Network Infrastructure and Web Application/Mobile Application Penetration Testing – All application and mobile testing follows a strict methodology based around the OWASP Web Security and Mobile Security Testing Guides. Our Network Penetration Testing methodology is based around the OSSTMM framework; ensuring that all testing is performed in a methodical, structured, and repeatable manner. We cover all cloud infrastructure, including but not limited to Amazon Web Service, Azure, Google Cloud, and can also provide compliance and configuration reviews against best practice guidelines such as CIS Benchmarks. Additionally we also offer breakout style assessments against kiosks and prominent containerisation products such as Kubernetes, Docker, Ansible etc. We also focus upon utilising manual penetration testing tools and techniques, and will often identify vulnerabilities and misconfigurations that a vulnerability scan is unable to find. Red Team – Organisations with a more mature information security policy may wish to consider a more comprehensive, simulated attack unconstrained by scope. Red Team engagements provide an excellent way of measuring if your organisations current security controls would be able to withstand a sophisticated cyber attack, and identify areas where additional technical, procedural, or operation controls are required. IT Health Checks – We provide you with the assurance that your perimeter network is secure and safe from unauthorised threat actors. Our highly experienced consultants have delivered hundreds of IT Health Checks, (under both CREST and CHECK Schemes where applicable) across both the public and private sectors.
Phishing & Ransomware Simulations
We provide simulated phishing and ransomware campaigns that can run as self contained projects, or as part of a larger project, e.g. a red team engagement. The report provided for these assessments contain detailed metrics, for example, who opened the email, who deleted it, who clicked the link within the email etc. This data can be especially useful in identifying users who may require further, targeted security awareness training.