Offering a number of assessment services to determine cybersecurity posture

VA 101

VA 101 is a fast, high value service for organizations just starting their cybersecurity journey. It covers critical attack surfaces while providing tailor-made prioritised recommendations for next steps. Read more

Internal VA

Internal Vulnerability Assessment will enumerate systems and detect vulnerabilities from a scope within the network. In addition to insider threats, this is the scope that a threat from a compromised system would be able to operate.

External VA

External Vulnerability Assessment will enumerate systems and detect vulnerabilities from a public scope. This is the most significant attack surface.

Penetration Testing

A penetration test is conducted by simulating real world malicious attacks. The entire systems (network, web, wireless, human aspects) are analysed for potential cyber security weaknesses and exploitation points. After initial enumeration, experts try to compromise systems.

Often mandated by Company Manuals and Compliance Certifications, a penetration test is the most exhaustive method of cyber security assessment. The scope of testing varies depending on the customer’s needs, and popular scopes include internal network, external and website/ web applications.

Penetration Testing (Social)

Social engineering refers to techniques of exploiting the very human nature of employees to compromise an organization. Nearly 90% of attacks involve some kind of involuntary internal user contribution. A social penetration test will simulate a “malicious” campaign (in example phishing), tailor made for your organization and report the results of whether any users have been compromised.

See our Anti-Phishing page for more on our service.

SIEM Assessment

SIEM (Security Information and Event Management) systems, are the most powerful weapons of an effective cyber security policy. However they are most often misconfigured or not used in a correct manner. Our team can assess SIEM coverage and efficacy using MITRE ATT&CK™ framework, and present a roadmap of maximizing the SIEM utilization and protection.