Download as PDF, PPTX
Security Audits & Cyber
- 1. Security Audits &Cyber Services
- 2. Ultrax Consulting Ultrax ConsultingLimited offers sophisticated security solutions to clients globally, whether in the form of proactive intelligence gathering, preventative security measures, consultancy advice or training. The company’s‘hunter turned gamekeeper’approach is a clear advantage in executing a mission statement to deliver a genuinely high quality service, based on proven knowledge and experience of the most sophisticated techniques and technologies. The company’s services include, but are not limited to: » Technical Surveillance Counter Measures (TSCM) » Covert Surveillance » Surveillance Detection » Cyber Security » Security Audits » Bespoke Training
- 3. Security Audits & CyberServices We offer a range of services aimed at assessing physical security and procedural vulnerabilities, including the resilience of the data and communications systems that support them. We recognise the benefits of identifying a weakness before it can be exploited so that a robust programme of preventative measures can be implemented to mitigate the risk of information leakage and reputational damage. Our vetted experts honed their skills and techniques within Government departments responsible for National Security, and use proven, unconventional techniques to conduct comprehensive and methodical penetration testing aimed at establishing and remedying vulnerabilities. Their findings and recommendations are presented in clear and detailed reports with prioritised action points. Audits All audits commence with a full threat assessment, taking information from the client and other sources to establish the level of sophistication and access most likely to be available to a would-be attacker. This approach, coupled with an up to date knowledge of access-control equipment and technologies, allows us to identify the areas most vulnerable. As well as helping mitigate risk, we can also assist in putting in place a robust security incident management process, designed to swing into action should a security breach occur. Pen-Testing Intended as a realistic test of security measures and procedures, physical penetration testing (commonly referred to as‘Pen-Testing’) is recommended following a security audit, and involves targeting areas of weakness in the existing security arrangements in order to attempt to gain physical access to a premises or a specific area. To help maintain realism, the test is usually conducted without the knowledge of security staff. We are able to draw upon a pool of people, who are knowledgeable in the use of unconventional methods of attack, and we match their profiles and skills to a particular task.
- 5. Cyber The technical securityof IT systems and networks, communications, mobile devices and data is vital in order to prevent loss or compromise of sensitive information and to ensure that business is able to continue uninterrupted. Cyber penetration testing, or‘Ethical Hacking’, involves the use of a comprehensive range of techniques intended to identify weaknesses before they can be exploited. By drawing on open source information and social media to harvest details of personnel, often assisted by social engineering or‘phishing’, we are able to conduct a thorough series of tests aimed at attempting to extract data or disrupt operations. Cyber security penetration testing is often conducted in parallel with physical penetration testing to attempt to gain access to a network from the inside, thereby bypassing firewalls and other typical cyber security defences. In addition to physical computer networks, the resilience of ‘Cloud’services is also tested. NIDS Whilst Cyber Penetration Testing focuses on identifying vulnerabilities and attempting to exploit them from outside the network, our Network Intrusion Detection System (NIDS) employs network sensors tailored to a client’s business, infrastructure, threat profile and budget. The sensors are attached directly to the network to provide full visibility of network traffic, and use software to filter it and compare each packet of data to a set of rules, looking for signs of malicious behaviour. This approach provides a view of all inbound and outbound network traffic, including email and web browsing, as well as visibility of all Internet scanning and automated attacks. Monitoring the network provides only part of the picture, as all alerts picked up by the network monitoring will have their origin somewhere on a host. Using a‘host agent’, we are able to provide excellent visibility of all activity on a client’s network endpoints, allowing detection of the machine and user that generated the traffic which was flagged up as being suspicious. Forensics In addition to providing Cyber Security services, we also conduct thorough post-event forensic examinations of computers, mobile devices and digital media in order to positively prove and establish the extent of suspected fraud and wrongdoing. The complexity of such items makes it incredibly difficult for the user to completely erase all evidence of their activities, no matter how hard they might try to cover their trail. We use the latest equipment to covertly produce a bit-by-bit forensic duplicate of the original item, which is then taken to our specialist facility for thorough examination. This approach allows clients to discreetly determine whether their suspicions are well founded. As well as examining forensic images of computer hard drives, we are also able to recover historical activity from a wide range of electronic devices, including memory cards and sticks. Typically, we might be asked to retrieve emails, browser and Internet activity, call history, SMSs, documents, intellectual property, photographs and passwords from computers and smart-phones. It is also often possible to retrieve accidentally and deliberately deleted information and history.
- 6. Protection Smartphones, laptop computersand tablets are now commonplace in society, but few users are aware of the security implications, including the risks associated with Wi-Fi hotspots, or the fact that criminals often use such networks to covertly harvest information. We help clients overcome this by providing solutions such as secure email and voice communications, secure memory and data storage devices, Whole Disk Encryption (to protect the contents of a mobile device’s hard disk) and Virtual Private Network (VPN) tunnelling software to protect your data whilst it is travelling over untrusted networks. Training By maintaining an up to date knowledge of the strengths and vulnerabilities of the latest physical and technical security measures, we are able to build bespoke training courses and tailored security briefings designed to inform and reinforce best practice, especially for those travelling overseas. Advice might be aimed at countering specific technical security issues or highlighting the techniques likely to be used by hostile parties to intercept communications and steal data.
- 7. Consultancy We provide aconsultancy service aimed at quickly identifying the areas where resources are best directed. It is often the case that the greatest immediate benefit can be gained by making simple procedural changes, rather than investing heavily in physical and technical defences. Legal We will only undertake activities that are lawful within the jurisdiction in which we are tasked to work. Requests to operate outside established legal parameters will be politely declined.
- 8. Intelligence | Security| Training Ultrax Consulting Limited 29 Farm Street, London W1J 5RL United Kingdom +44 (0)20 7193 7460 | info@ultraxconsulting.com www.ultraxconsulting.com