CYBER SECURITY

Services

SOC & Incident Response

In addition to including traditional protective monitoring and investigation capabilities, the SOC and its portfolio of managed services will offer an integrated capability comprising commercial security technologies coupled with research and threat intelligence to provide a powerful capability to clients. IT Lab’s SOC services can provide:

• Deployment and tuning of SIEM tooling
• Rapid detection and response to vulnerabilities
• Integrated threat intelligence to quickly prioritise threats
• Context-specific remediation escalated to engineers within an internal IT team or IT Lab
• Provides the ability to improve security policies, compliance management & incident response

Penetration Testing

Learn of any weaknesses in your information systems before hackers do so with a simulated attack. A penetration test identifies and safely exploits vulnerabilities in systems, applications and people that could negatively impact your business. These vulnerabilities can arise from a number of different sources, including software and hardware flaws, poor system configuration or dangerous end- user practices. Our experienced CESG, CHECK and CREST accredited consultants assess your data security by applying robust methodologies. These include our proprietary toolset, open source and commercial tools.

• Network Pen Test
• Application Pen Test
• Denial of Service Test
• Wireless Pen Test
• Mobile App Pen Test
• Red Team: Simulated Attack and Response

Social Engineering & User Awareness

The human aspect of security is often overlooked. Security breaches attributed to social engineering are growing rapidly. As an easier route to an organisation’s confidential information, cyber criminals have switched their focus from attacking the technology perimeter to compromising the user.

• Email Phishing
• Physical Security
• Phone Phishing
• Online Training and Awareness
• High Impact in-person user training and education

Threat Assessment

IT Lab can support you to assess the Cyber and Digital risks that organisations face. The nature, context and likelihood of risks can be assessed and provide the basis for better decision making and defence.

• Threat Awareness: Continued monitoring and assessment of relevant sources and indicators to improve event reporting and find threats as they emerge.
• Threat Detection: Assessment of logs and events in tandem with known threat and intelligence data to provide prioritised alerting
• Threat Advisories: Scanning of the evolving threat landscape relevant to your organisation will generate a targeted advisory of the most serious threats that your organisation may face
• OSINT: Open Source Intelligence report specific to your organisation to assess what information is available and how hackers view this information. We also assess the risks that the data could expose you to.

GRC Consultancy & Certifications

We can support you to tackle the broad issues of corporate governance, enterprise risk management, and effective compliance, whilst focussing on data integrity, information assurance and cyber security.

Gap Analysis and Policy Development: If you are working towards an accreditation or certification such as ISO 27001, a useful first step is to conduct a security gap analysis (also known as a security posture assessment). Undertaking a review of the current security policies, processes and procedures whilst assessing them against a variety of controls, such as those provided by ISO27001, PCI-DSS and GDPR provides a good baseline for future policy and process development.

Cyber Essentials Certification: Cyber Essentials is a government scheme that helps organisations defend against internet security attacks. Companies can apply for certification to show that they adhere to a set of basic measures to protect against cyber threats.

Managed Assurance

Comprising key elements of cyber risk management, IT Lab will provide a continued service, giving you assurance that the key areas of cyber health are being managed appropriately. This also provides you with reporting and documentation that helps you to understand and manage the ongoing cyber risk to your business. This can include:

• Vulnerability Scanning of Infrastructure and Applications
• Open Source Intelligence Threat Assessment
• Social Engineering Test (Phishing and Physical)
• Cyber Health Check including Boundaries, Patching, Configuration, Access Control & Malware risks
• Cyber Essentials (or Cyber Essentials Plus) Certification
• Employee Training Online and In Person