2. Ultrax Consulting
Ultrax Consulting Limited offers sophisticated
security solutions to clients globally, whether
in the form of proactive intelligence gathering,
preventative security measures, consultancy
advice or training. The company’s‘hunter turned
gamekeeper’approach is a clear advantage
in executing a mission statement to deliver
a genuinely high quality service, based on
proven knowledge and experience of the most
sophisticated techniques and technologies.
The company’s services include, but are not
limited to:
» Technical Surveillance Counter
Measures (TSCM)
» Covert Surveillance
» Surveillance Detection
» Cyber Security
» Security Audits
» Bespoke Training
3. Security Audits &
Cyber Services
We offer a range of services aimed at
assessing physical security and procedural
vulnerabilities, including the resilience of
the data and communications systems that
support them. We recognise the benefits
of identifying a weakness before it can be
exploited so that a robust programme of
preventative measures can be implemented
to mitigate the risk of information leakage
and reputational damage.
Our vetted experts honed their skills and
techniques within Government departments
responsible for National Security, and use
proven, unconventional techniques to
conduct comprehensive and methodical
penetration testing aimed at establishing and
remedying vulnerabilities. Their findings and
recommendations are presented in clear and
detailed reports with prioritised action points.
Audits
All audits commence with a full threat
assessment, taking information from the client
and other sources to establish the level of
sophistication and access most likely to be
available to a would-be attacker. This approach,
coupled with an up to date knowledge of
access-control equipment and technologies,
allows us to identify the areas most vulnerable.
As well as helping mitigate risk, we can also
assist in putting in place a robust security
incident management process, designed to
swing into action should a security breach
occur.
Pen-Testing
Intended as a realistic test of security measures
and procedures, physical penetration testing
(commonly referred to as‘Pen-Testing’) is
recommended following a security audit, and
involves targeting areas of weakness in the
existing security arrangements in order to
attempt to gain physical access to a premises or
a specific area. To help maintain realism, the test
is usually conducted without the knowledge of
security staff. We are able to draw upon a pool
of people, who are knowledgeable in the use
of unconventional methods of attack, and we
match their profiles and skills to a particular task.
4.
5. Cyber
The technical security of IT systems and
networks, communications, mobile devices
and data is vital in order to prevent loss or
compromise of sensitive information and
to ensure that business is able to continue
uninterrupted. Cyber penetration testing,
or‘Ethical Hacking’, involves the use of a
comprehensive range of techniques intended
to identify weaknesses before they can
be exploited. By drawing on open source
information and social media to harvest
details of personnel, often assisted by social
engineering or‘phishing’, we are able to conduct
a thorough series of tests aimed at attempting
to extract data or disrupt operations. Cyber
security penetration testing is often conducted
in parallel with physical penetration testing to
attempt to gain access to a network from the
inside, thereby bypassing firewalls and other
typical cyber security defences. In addition to
physical computer networks, the resilience of
‘Cloud’services is also tested.
NIDS
Whilst Cyber Penetration Testing focuses on
identifying vulnerabilities and attempting to
exploit them from outside the network, our
Network Intrusion Detection System (NIDS)
employs network sensors tailored to a client’s
business, infrastructure, threat profile and
budget. The sensors are attached directly to
the network to provide full visibility of network
traffic, and use software to filter it and compare
each packet of data to a set of rules, looking
for signs of malicious behaviour. This approach
provides a view of all inbound and outbound
network traffic, including email and web
browsing, as well as visibility of all Internet
scanning and automated attacks.
Monitoring the network provides only part
of the picture, as all alerts picked up by the
network monitoring will have their origin
somewhere on a host. Using a‘host agent’,
we are able to provide excellent visibility of
all activity on a client’s network endpoints,
allowing detection of the machine and user that
generated the traffic which was flagged up as
being suspicious.
Forensics
In addition to providing Cyber Security services,
we also conduct thorough post-event forensic
examinations of computers, mobile devices
and digital media in order to positively prove
and establish the extent of suspected fraud
and wrongdoing. The complexity of such items
makes it incredibly difficult for the user to
completely erase all evidence of their activities,
no matter how hard they might try to cover
their trail. We use the latest equipment to
covertly produce a bit-by-bit forensic duplicate
of the original item, which is then taken to our
specialist facility for thorough examination. This
approach allows clients to discreetly determine
whether their suspicions are well founded.
As well as examining forensic images of
computer hard drives, we are also able to
recover historical activity from a wide range of
electronic devices, including memory cards and
sticks. Typically, we might be asked to retrieve
emails, browser and Internet activity, call
history, SMSs, documents, intellectual property,
photographs and passwords from computers
and smart-phones. It is also often possible to
retrieve accidentally and deliberately deleted
information and history.
6. Protection
Smartphones, laptop computers and tablets
are now commonplace in society, but few users
are aware of the security implications, including
the risks associated with Wi-Fi hotspots, or the
fact that criminals often use such networks to
covertly harvest information. We help clients
overcome this by providing solutions such as
secure email and voice communications, secure
memory and data storage devices, Whole Disk
Encryption (to protect the contents of a mobile
device’s hard disk) and Virtual Private Network
(VPN) tunnelling software to protect your data
whilst it is travelling over untrusted networks.
Training
By maintaining an up to date knowledge of
the strengths and vulnerabilities of the latest
physical and technical security measures, we
are able to build bespoke training courses and
tailored security briefings designed to inform
and reinforce best practice, especially for those
travelling overseas. Advice might be aimed at
countering specific technical security issues or
highlighting the techniques likely to be used by
hostile parties to intercept communications and
steal data.
7. Consultancy
We provide a consultancy service aimed at
quickly identifying the areas where resources
are best directed. It is often the case that the
greatest immediate benefit can be gained by
making simple procedural changes, rather
than investing heavily in physical and technical
defences.
Legal
We will only undertake activities that are lawful
within the jurisdiction in which we are tasked to
work. Requests to operate outside established
legal parameters will be politely declined.
8. Intelligence | Security | Training
Ultrax Consulting Limited
29 Farm Street, London W1J 5RL
United Kingdom
+44 (0)20 7193 7460 | info@ultraxconsulting.com
www.ultraxconsulting.com