Security awareness training deployed? Compliance box ticked? So why have the number of security incidents not improved? Don't just teach your people, learn from them: feedback, intention, sentiment and engagement analysis. Who is not behaving securely and why? How to address it? Data provides the foundation for risk decision making and treatment prioritisation. Leverage existing data sources (antivirus, web filters, email DLP) to measure real security behaviours. Catalyse your existing security assets.
Measure human risk, from individual to company level.
Somewhere along the line, asset management became very “unsexy” compared to all of the other things we do in cybersecurity, yet everything we do relies on knowing which assets are in our environments. We like to call asset management the Toyota Camry of cybersecurity: it’s not as sexy as some of the bleeding edge technologies out there, but understanding the relationship between assets and our security policies is a fundamental and basic need.
Whether developing new applications or reviewing the risks associated with your IT real estate, your organisation needs a way to identify, predict and define threats across the entire attack surface so you can take appropriate security decisions and minimise overall risk.
Even better, you want to draw on the best practise that the industry has to offer.
We provide a threat modelling service that automates a lot of the modelling process and adapts as you change and develop your application set.
Your enterprise’s sensitive information is already outside your network, and outside of your control. Your data could be exposed across the various layers of the internet, from the Surface Web to the Dark Web, or across countless unsecured connected devices. You could spend countless hours finding and analysing what is 'out there', or you could use an automated platform that instantly alerts you to your data leaks and digital threats, providing all the actionable information you'll need for remediation.
Breaches are inevitable but you want to know when a breach occurs, and stop access to sensitive data. We implement and manage cyber deception platforms to detect, investigate, and contain attackers.
You probably already have some deception measures in place (honeypots, honeytokens...), find out about migrating to a modern deception platform that pulls together Threat Intelligence, email deception, network deception, AD deception, and more to build your deception program.
When sending documents around or outside your organisation you need to ensure that personal information is protected. Anonymization is the process of either encrypting or removing personally identifiable information from data sets so that the people whom the data describe, remain anonymous. Isolating and protecting your sensitive data is the foundation for proper governance, data security and control.
Tools for you to use
We have teamed up with innovative startups to bring their platforms and tools to our enterprise and government customers and for some, that's a great way of engaging with us. However, we recognise that not everyone wants to contract with us to build a service for them. Some of you, especially consultants and managed service providers, want to build the tools we use into your own services. That's fine with us. We have reseller/distributor arrangements with all of our technology partners.
You might recognise this problem...
You're a startup and have a great idea and a young, passionate team but you need some experience on the board to help with decisions about technology, marketing, data protection...anything concerned with taking your great idea, turning it into a Minimum Viable Product (without falling foul of data protection regulations) and getting it to market.
Why not 'rent-a-CTO/CMO/DPO'?
We'll find experienced executives to work with you and accelerate your digital business. We're flexible enough to work for equity, though we usually work on a mix of equity and a retainer.
Data Protection HealthCheck
Concerned about the GDPR? Looking for a Data Protection Officer? Want validation that your security controls are robust enough?
Our Data Protection HealthCheck service is aimed at organisations that want to embed security into their business, whether validating existing or developing new applications and processes.
Typical engagements: Produce a Privacy Impact Assessment (DPIA) to support GDPR requirements; Review and harden a healthcare application; Develop and launch a secure method of capturing memories...