AUDIT / DEFEND / COMPLY

CALL TODAY

IT Guarded
Cyber Guarded is a division of IT Guarded.

CYBER SECURITY SERVICES
TO INDUSTRY


We are industry leaders in our respective fields. We hold industry sector cybersecurity and information assurance best practice senior certifications including:

industry accreditations


WEBSITE APPLICATION SECURITY

We undertake website, web application and web portal security testing to identify security vulnerabilities in web enabled resources and use the test results to provide detailed remediation actions for each discovered vulnerability.

We use a consistent, repeatable and defined approach to testing web applications that follows the Open Web Application Security Project (OWASP) testing methodology and tests are conducted to international best practice along with GCHQ - NCSC standards.

In addition to web security penetration testing, we also provide security source code review and security support through the web application development cycle.

NETWORK AND INFRASTRUCTURE SECURITY

We assess and examine network devices to confirm proper software updating and configuration actions are undertaken, ensuring the network infrastructure is secure, resistant and reliable. This includes configuration review, software versions, management configuration weakness and all current public exploits.

For access control network devices such as firewalls, we audit the firewall infrastructure and review the rule set and operating system versions.

We test the trust model against known configuration weaknesses inherent with some manufacturers firewalls default settings. We also test using known exploits to assess the responsiveness and effectiveness of the firewall against such attacks.

NETWORK PERIMETER VULNERABILITY ASSESSMENT (PENETRATION TEST)

Network perimeter security testing is a method of evaluating the security of a computer network by simulating the attacks normally utilised by a malicious attacker. The process involves an active analysis of the network perimeter for any potential vulnerabilities that may result from poor or improper system configuration, hardware or software flaws or operational weaknesses in process or technical countermeasures.

The security issues found are presented together with an assessment of their impact and recommended remedial actions. The intent of the penetration test is to determine the feasibility of an attack from outside the network and the business impact of a successful exploit.

MOBILE APPLICATION SECURITY

Malicious actors are constantly finding new ways to compromise business networks. Evolving methods favoured by adversaries are increasingly attacking improperly secured commonly used mobile devices such as, tablets and smart phones.

These mobile devices most often have access to corporate networks via email, VPNs, and other remote access methods.

CyberGuarded assists organisations protect against the latest mobile security threats. We assess and attempt to penetrate mobile networks and devices using the latest threat methods which when combined with our approach to identifying security vulnerabilities ensures that latest security compromising methods are presented for mitigation.

CLOUD
SECURITY

CyberGuarded Cloud security assessments assist organisations identify cloud security and privacy risks. Our security experts review eight critical areas of cloud computing security exposure. We provision our proprietary Security Assessment Scorecard to identify key weaknesses in an organisation’s infrastructure.

We conduct a detailed assessment of the organisation’s top priority threat areas in line with corporate risk and regulatory requirements.

CRITICAL NATIONAL INFRASTRUCTURE (CNI) SECURITY ASSESSMENTS

Our SCADA/ICS CSSA–Certified SCADA Security Architect consultants are specialists in Critical National Infrastructure (CNI), Industrial Control Systems (ICS) and SCADA security within the Energy and Utilities sector.

Our services focus on the unique aspects of applying the security priorities of Safety, Availability, Integrity and Confidentiality to industrial automation solutions covering not only Supervisory Control and Data Acquisition (SCADA) and Distributed Control Systems (DCS), but the complete automation solution ranging from field instrumentation, embedded devices, third-party subsystems up to and including integration with enterprise-wide applications.

WIRELESS
SECURITY

A Cyber Guarded wireless security assessment is a comprehensive review of the client wireless network architecture.

During this assessment our security consultants perform a wireless discovery internally and externally to determine the presence of networking devices providing wireless connectivity and review management controls and processes implemented to ensure effective protection and safeguards are in place.

SECURITY CODE REVIEW

In any software development life cycle (SDLC), security code review is paramount. Performing security activities across the development life cycle is proven to be cost-effective when compared to tentative high level design security considerations by developers under pressure to develop functional and user accepted solutions. Security code reviews intervening at regular intervals allows potentially costly issues to be detected early on in the development life cycle.

CyberGuarded consider security quality as paramount as an integral defence-in-depth approach to application security and in today’s cyber landscape.

MALWARE ANALYSIS AND REVERSE ENGINEERING

We carry out both static and dynamic malware analysis in order to determine the behavior of the malware propagation and payload and to understand any potential impact to a system. We simulate the impact of tampering or triggering such malware in a scenario which best corresponds to the target environment and provide feedback on removal or mitigation techniques.

SOCIAL
ENGINEERING (CYBER)

In a social engineering test, we identify an organisation’s user base and, if required, third party suppliers using various methods including the collection of public information freely available from the Internet. Using this publicly available data, we attempt to garner sensitive information about a target within the organisation, including methods such as direct in-person contact, telephone calls and emails, to interact with the organisations user base.

Alternatively, we generate spear phishing campaigns to target a specific user/email address or range of users/addresses either researched from the Internet or provided by the organisation. In this type of targeted attack, a payload is delivered via email or the Internet which has the potential to compromise the host or network when executed. An organisation’s agreement on the exact scope and scale of a social engineering exercise is required and only benign, proof-of-concept payloads are used.

UK GAMBLING COMMISSION IT SECURITY TESTING AND AUDIT SERVICES

For holders of all remote gambling operator licences including specified remote lottery licences, CyberGuarded’s security testing professionals and ISO27001 lead auditors work with organisations to implement, develop and be ‘audit ready’ to meet the UK Gambling Commission’s IT Security Testing & Audit standards and requirements namely:
  • Testing strategy for compliance with remote gambling and software technical standards
  • Security audit requirements
security audit

CYBER INCIDENT RESPONSE & DIGITAL FORENSICS

Our Incident Response and Digital Forensics services use computer investigation and analysis techniques to determine the methodology of how a security incident, such as computer crime, misuse of IT assets or theft of sensitive data, occurred and to provide any necessary evidence for legal or internal administrative use.

Our incident responders and forensic investigators use industry standard, repeatable techniques for securing and evaluating an electronic incident, conducting preliminary interviews, documenting the incident scene, collecting and preserving electronic evidence, packaging and transporting electronic evidence and provide a detailed report on all incident response and forensic activities.

CYBER ESSENTIALS / CYBER ESSENTIALS PLUS

Our experienced consultants lead organisations through the initial introductory phases of ISO 27001, including demonstrating the advantages of compliance to business stakeholders as well as IT stakeholders. We assist internal teams in the implementation of the standard.

In addition to ISO27001 implementation consultancy, we offer a range of ISO 27001 auditing services, including:

ISO27001 Gap Audit - Identify the things that your organisation needs to do to obtain certification to information security standard ISO 27001.

ISO27001 Internal Audits - Perform regular independent internal audits of your ISMS as required as part of adhering to the ISO27001 information security standard.

ISO27001 ALIGNMENT, GAP ANALYSIS AND IMPLEMENTATION

Network perimeter security testing is a method of evaluating the security of a computer network by simulating the attacks normally utilised by a malicious attacker. The process involves an active analysis of the network perimeter for any potential vulnerabilities that may result from poor or improper system configuration, hardware or software flaws or operational weaknesses in process or technical countermeasures.

The security issues found are presented together with an assessment of their impact and recommended remedial actions. The intent of the penetration test is to determine the feasibility of an attack from outside the network and the business impact of a successful exploit.