Using CREST registered testers, we offer a range of services that fall inside the cybersecurity sphere, our projects include penetration testing of external and internal infrastructure, application security testing, cloud service configuration review, IOT testing, Wi-Fi testing, and full-scale red team attacks. Our projects are tailored to each business that we work with and are dedicated to keeping our client's systems secure.
An authenticated, dynamic security assessment designed to holistically assess an organisation by analysing:
✓ Internal policies
✓ Device security, asset discovery, vulnerability assessment, anti-virus protection and configuration reviews.
✓ User and password audit
✓ External security posture – vulnerability assessments, attack public-facing portals, search the dark web for organisational data and credentials.
A penetration test will help ensure that you will stand strong in the face of a hostile attack. We can often carry out penetration tests remotely resulting in significant cost savings and a higher level of ongoing protection. You can expect specific and detailed reporting on all vulnerabilities, attack vectors and issues that we find in your systems.
Our security assessments use the same methods that hostile hackers use to try to compromise your website or mobile application.
With the ability to cost you a significant amount of money through lost business, damaged reputation or data theft, we will make sure that your application is fully protected against any attacks.
Organisations that rely heavily upon the use of applications - and store and manage data through these applications - will experience many benefits of testing.
✓ Improved understanding and awareness of vulnerabilities unique to your systems.
✓ An ability to demonstrate ongoing commitment to protecting employee and client data.
✓ The demonstration of effective, approved business security strategies.
✓ A minimised risk of data loss, reducing the need for time-consuming and costly recoveries.
✓ Increased confidence in digital data storage and management.
✓ Maintenance of strong web presence and online reputation.
The convenience of Wi-Fi networks can come at a significant cost to your business. Hackers often look at wireless networks as a way to break in and dig around undetected. We specialise in scrutinising wireless networks and can help you keep yours as secure as possible. Our service provides real-world feedback on your network’s security.
Our automated continuous vulnerability scanning service proactively monitors your systems to keep them safe. It is always working in the background to provide you with quick and thorough feedback as soon as we find anything which requires attention. It is an excellent way to make sure that your infrastructure and applications stay as secure as possible.
Phishing email and QR code attacks are becoming more sophisticated, with many threat actors spending a considerable amount of time researching their victim to enable targeted attacks. These often result in users providing sensitive information such as login credentials, or the installation of malware. Our simulated phishing email assessments will determine how security aware your staff are and will determine the security of your current prevention measures.
Amazon Web Services (AWS), Microsoft O365, Microsoft Azure, Microsoft Intune
Many organisations are utilising cloud provider services as an alternative to the traditional on-premises models. Although there are many benefits to using a cloud service provider, and security can be one of these benefits, although a common misconception is that security is automatically handled by the service provider.
When configured correctly, the security posture of a cloud service can be higher than its on-premises counterpart. There are numerous, intricate possible configurations for most services and the correct settings can be difficult to achieve without a seasoned architect with specialist skills in that area.
An administrator may not be aware that a legacy account is set with the highest privileges or that a database firewall has been incorrectly set and is currently being targeted from various countries via an insecure port.
Our cloud service review provides an audit of the existing configurations and compares them with the recommended secure standards. A detailed report of the existing configuration and the recommended secure setting is produced to facilitate remediation.
Our asset monitoring service detects threats resulting from exposure on both the dark and surface webs.
We are able to review the configuration of a wide range of application servers.
Our Firewall Rule Conﬁguration review, seeks vulnerabilities, security conﬁguration issues and unnecessary rules that could result in a network breach.
Test to European Telecommunications Standards Institute (ETSI) standards.
This service provides round the clock security monitoring on all endpoints, designed to recognise and uncover complex attacks that can often bypass traditional anti-virus solutions. In the event of a user clicking on a phishing email and the network becoming compromised, our endpoint detection and prevention solution will limit the spread of the attack and isolate the infected machine. Combine with the continuous vulnerability scanning service for a heightened security posture.
A red team assessment is a more rigorous assessment, it mimics the attack vectors and aims that would be used by a hostile attacker. It often incorporates all of the relevant cybersecurity tests with the additional activity of physical infiltrators who will have set goals relating to the clients potential adversaries often related to physical security, staff awareness and compliance with policy, procedure and processes within the organisation. Objectives can be more exhaustive such as extraction of data or physical documents.
The benefit of a Red Team is a holistic approach which faces the reality of the threat actors faced by each of our clients.
Positive feedback which will improve your physical infrastructure, people, process, and technology
A realistic result showing the damage that a hostile attacker could do to a business, and relevant recommendations to mitigate these risks.
Alongside the Security Institute, and the Cabinet Office. Sloane Risk Group has been instrumental in assisting the development of accrediting Physical Penetration Testing on the CREST platform. This 2-year project has seen Physical Penetration Testing developed as a valuable service, the addition to the platform will provide assurance to businesses that they are purchasing a professional, credible, and competent service. We expect the service to launch in the coming months and will keep our customers updated here.