We are industry leaders in our respective fields.
We hold industry sector cybersecurity and information
assurance best practice senior certifications including:
WEBSITE APPLICATION SECURITY
We undertake website, web application and web portal security testing to identify security vulnerabilities in web enabled resources and use
the test results to provide detailed remediation actions for each discovered vulnerability.
We use a consistent, repeatable and defined approach to testing web applications that follows the Open Web Application Security Project (OWASP) testing methodology and tests are conducted to international best practice along with GCHQ - NCSC standards.
In addition to web security penetration testing, we also provide security source code review and security support through the web application
development cycle.
NETWORK AND INFRASTRUCTURE SECURITY
We assess and examine network devices to confirm proper software updating and configuration actions are undertaken, ensuring the network infrastructure is secure, resistant and reliable. This includes configuration review, software versions, management configuration weakness and all current public exploits.
For access control network devices such as
firewalls, we audit the firewall infrastructure and review the rule set and operating system versions.
We test the trust model against known
configuration weaknesses inherent with some manufacturers firewalls default settings. We also test using known exploits to assess the responsiveness and effectiveness of the firewall against such attacks.
Network perimeter security testing is a method
of evaluating the security of a computer network
by simulating the attacks normally utilised by
a malicious attacker. The process involves an
active analysis of the network perimeter for any
potential vulnerabilities that may result from poor
or improper system configuration, hardware
or software flaws or operational weaknesses
in process or technical countermeasures.
The security issues found are presented together with an assessment of their impact and recommended remedial actions. The intent of the penetration test is to determine the feasibility of an attack from outside the network and the business impact of a successful exploit.
OUR PEOPLE
Our highly skilled workforce and technical team possess distinguished industry skills and academic qualifications. CyberGuarded is a subscriber to the most reputable industry accreditations, notably the NCSC CHECK scheme.
We actively encourage individuals to expand upon their skillsets by obtaining specialist certifications which contributes towards their growth and development.
MOBILE APPLICATION SECURITY
Malicious actors are constantly finding new ways to compromise business networks. Evolving methods favoured by adversaries are increasingly attacking improperly secured commonly used mobile devices such as, tablets and smart phones.
These mobile devices most often have access to corporate networks via email, VPNs, and other remote access methods.
CyberGuarded assists organisations protect against the latest mobile security threats. We assess and attempt to penetrate mobile networks and devices using the latest threat methods which when combined with our approach to identifying security vulnerabilities ensures that latest security compromising methods
are presented for mitigation.
CLOUD SECURITY
CyberGuarded Cloud security assessments assist organisations identify cloud security and privacy risks. Our security experts review eight critical areas of cloud computing security exposure. We provision our proprietary Security Assessment Scorecard to identify key weaknesses in an organisation’s infrastructure.
We conduct a detailed assessment of the organisation’s top priority threat areas in line with corporate risk and regulatory requirements.
CRITICAL NATIONAL INFRASTRUCTURE
(CNI) SECURITY ASSESSMENTS
Our SCADA/ICS CSSA–Certified SCADA Security Architect consultants are specialists
in Critical National Infrastructure (CNI), Industrial Control Systems (ICS) and SCADA security within the Energy and Utilities sector.
Our services focus on the unique aspects of applying the security priorities of Safety, Availability, Integrity and Confidentiality to industrial automation solutions covering not only Supervisory Control and Data Acquisition (SCADA) and Distributed Control Systems (DCS), but the complete automation solution ranging from field instrumentation, embedded devices, third-party subsystems up to and including integration with enterprise-wide applications.
WIRELESS SECURITY
A Cyber Guarded wireless security assessment
is a comprehensive review of the client wireless
network architecture.
During this assessment our security consultants
perform a wireless discovery internally and
externally to determine the presence of networking
devices providing wireless connectivity and review
management controls and processes implemented
to ensure effective protection and safeguards are in place.
SECURITY CODE REVIEW
In any software development life cycle (SDLC), security code review is paramount. Performing security activities across the development life cycle is proven to be cost-effective when compared to tentative high level design security considerations by developers under pressure to develop functional and user accepted solutions.
Security code reviews intervening at regular intervals allows potentially costly issues to be detected early on in the development life cycle.
CyberGuarded consider security quality as paramount as an integral defence-in-depth approach to application security and in today’s cyber landscape.
MALWARE ANALYSIS
AND REVERSE ENGINEERING
We carry out both static and dynamic malware
analysis in order to determine the behavior of
the malware propagation and payload and to
understand any potential impact to a system.
We simulate the impact of tampering or triggering
such malware in a scenario which best corresponds
to the target environment and provide feedback on removal or mitigation techniques.
SOCIAL ENGINEERING (CYBER)
In a social engineering test, we identify
an organisation’s user base and, if required, third party suppliers using various methods including the collection of public information freely available from the Internet. Using this publicly available data, we attempt to garner sensitive information about a target within the organisation, including methods such as direct in-person contact, telephone calls and emails, to interact with
the organisations user base.
Alternatively, we generate spear phishing campaigns to target a specific user/email address or range of users/addresses either researched from the Internet or provided by the organisation. In this type of targeted attack, a payload is delivered via email or the Internet which has the potential to compromise the host or network when executed. An organisation’s agreement on the exact scope and scale of a social engineering exercise is required and only benign, proof-of-concept payloads are used.
UK GAMBLING COMMISSION IT SECURITY TESTING AND AUDIT SERVICES
For holders of all remote gambling operator
licences including specified remote lottery
licences, CyberGuarded’s security testing
professionals and ISO27001 lead auditors work
with organisations to implement, develop and
be ‘audit ready’ to meet the UK Gambling
Commission’s IT Security Testing & Audit standards and requirements namely:
Testing strategy for compliance with remote
gambling and software technical standards
Security audit requirements
CYBER INCIDENT RESPONSE
& DIGITAL FORENSICS
Our Incident Response and Digital Forensics services use computer investigation and analysis techniques to determine the methodology of how a security incident, such as computer crime, misuse of IT assets or theft of sensitive data, occurred and to provide any necessary evidence for legal or internal administrative use.
Our incident responders and forensic investigators use industry standard, repeatable techniques for securing and evaluating an electronic incident, conducting preliminary interviews, documenting the incident scene, collecting and preserving electronic evidence, packaging and transporting electronic evidence and provide a detailed report on all incident response and forensic activities.
CYBER ESSENTIALS
/ CYBER ESSENTIALS PLUS
Accreditation body for Cyber Essentials Plus & IASME
Cyber Essentials is a government backed, industry supported scheme to help organisations of all sizes protect themselves against the most common cyberattacks. The Cyber Essentials scheme focuses on a set of five key security controls which, when implemented correctly, will mitigate against the most common cyber threats, particularly those requiring low levels of attacker skill and which are widely available online.
Achieving Cyber Essentials certification provides organisations with a baseline of security controls upon which to build a robust defence in the modern day threat landscape.
As a Cyber Essentials Certification Body, we are trained and licenced to assess and certify against all levels of the Government’s Cyber Essentials scheme and provide the necessary guidance and assistance to organisations aiming to achieve certification.
IT Guarded are an Accreditation body for Cyber Essentials Plus & IASME Governance as per the link below.
ISO27001 ALIGNMENT, GAP ANALYSIS AND IMPLEMENTATION
Our experienced consultants lead organisations through the initial introductory phases of ISO 27001, including demonstrating the advantages
of compliance to business stakeholders as well
as IT stakeholders. We assist internal teams
in the implementation of the standard.
In addition to ISO27001 implementation consultancy, we offer a range of ISO 27001 auditing services, including:
ISO27001 Gap Audit - Identify the things that your organisation needs to do to obtain certification to information security standard ISO 27001.
ISO27001 Internal Audits - Perform regular independent internal audits of your ISMS as required as part of adhering to the ISO27001 information security standard.
CYBER SECURITY SERVICES TO GOVERNMENT (NCSC CERTIFIED)
In addition to Cyber Guarded delivering cybersecurity services to industry,
our Public Sector Services division, IT Guarded, delivers NCSC/CPNI specific
services to Central Government Departments, their associated agencies and
other public sector bodies.
As a NCSC Certified Company, we provide the following core services to UK Government Departments, their agencies and other public sector bodies to include but not limited to:
NCSC CHECK IT Health Checks
NCSC Certified Professional Cyber Services
Risk Management Accreditation Document Set (RMADS) Production
Critical National Infrastructure (CNI) Security Assessments
NHS Cyber Security Testing and Information Assurance Services
