Integral Security Xssurance Ltd (ISX) is not just another provider of ‘attack & pen’ tests. We are not just a reseller of security software tools. We provide an all-encompassing set of solutions to help combat cyber crime, from first responders and CSIRT (Computer Security Incident Response Team), digital forensic investigations and practical training courses, through to gap analysis, logical and physical security assessments, on-going consultative support and advice & recommendations.
We provide an entire suite of ‘tools’, many of which are knowledge based, arming you with the ammunition you need to better protect your environment and create a resilient wall of defense, not just for now but also for the future – a continuous service of cyber updates, on-going training and recommendations.
The ISX Advisory Board has created a suite of solutions that address the issues concerning cyber risk management.
ISX Solution Summary
Data Triage – foot-printing & data leakage reporting
Modular Cyber Training Course – knowledge transfer & practical training
Cyber Toolkit – a collection of services and tools to deliver an immediate secure & resilient network
Vulnerability Testing – analyse areas of exposure and threats – report and recommend
E-Disclosure Workshop – an all encompassing course specifically created to aid with the new european parliamentary e-disclosure policy
Liability & Loss Mitigation Insurance – advise on what to cover, how best to secure and how to reduce premiums
ISX Project Delivery
Proving the security gaps - ‘Cuckoo Big Data Triage’
The service is used to uncover hidden exposures and vulnerabilities that lead to threats. We use specialist techniques and tools that are completely non-intrusive. The service is performed remotely and has no time impact on your staff or IT team.
ISX’s CBDT is a unique offering of passive in‐depth analytics, utilising advanced Google techniques.
Specialist applications and systems are used to locate, interrogate, acquire and conduct analysis. The objective of foot-printing both single and multiple targets is to identify actual or inferred security anomalies, which may expose the environments or domain to exploitation.
The CBDT is constructed of 5 phases; Investigative Phase, Acquisition Phase, Analysis Phase, Discovery Phase and Reporting Stage
Typically, this activity can be undertaken in less than half a day for most enterprise organsations within the UK.
Cyber Training – knowledge transfer
The course has been designed and written by Professor John Walker over a six year period. It is fully modular and covers all aspects of what an organisation will need to know.
The modular cyber course consists of 3 key elements; theoretical outlines, practical demonstrations and delegate participation using the most current toolsets and specialist applications available. The knowledge gained from the course enables organisations to combat the different challenges they will face moving forward. It is no longer just about “IT and Compliance”. It is a main board issue that affects the whole organisation and all leadership teams.
Our training services (ISO 27001, PAS 555 aligned), documentation and processes can not only assist the organisation and their practitioners to understand the threats, but where we can also enable them to deliver highly robust one-stop capabilities to deploy effective controls in the form of the CSIRT, and first responder forensics capabilities.
The ‘Cyber Toolkit’ – setting us apart from the rest
ISX has developed and created a cost effective ‘toolkit’ consisting of a suite of services and tools.
The toolkit delivers a range of services including cyber security training, vulnerability assessments, specialist security software, various policy and process based documentation and optional continuous support through our board of advisors.
We include a suite of independent forensic tools to enable the client operational capabilities.
Our training fully supports organisations and businesses with their operational resilience programs.
We supply our clients with bespoke tools and applications.
We provide policies, procedures and run-books to support CSIRT and first responder operations.
We are partnered with global and international digital forensics specialist applications providers.
Where required we will provide on-going support.
We advise on the mitigations offered by cyber Insurance.
Vulnerability Testing – assess, analyse & recommend
Today’s attacks are multi-level and multi-channel by default. According to the most current UK government research, 87% of small firms in the UK experienced a cyber security breach last year, and 93% of large firms were also targeted. Some incidents caused more than £1 million in damages.
A cyber security risk assessment is necessary to identify the gaps in your organisations critical risk areas and determine actions to close those gaps. It will also ensure that you invest time and money in the right areas and do not waste resources where there is no need for it. In 100% of cases, ISX have uncovered hidden or unknown exposures that could lead to risks or threats.
We only employ qualified and experienced consultants, who will work on site with you and your team to examine each of the risk areas in sufficient detail to identify strengths and weaknesses of your current security posture. All this information will be consolidated into a tailored, immediately usable action plan that will help you close the gap between what you are actually doing and recognised good practice. It will enable you to ensure that your cyber risk management at least matches minimum UK government guidelines.
E-Disclosure and ‘back-to-basics’ Cyber Workshop & Loss Mitigation Insurance
The EU e-disclosure directive has been constructed in light of the dramatic increase in cyber crime; statistics show that cyber crime has increased by more than 40 % in the past 2 years and the UK Government estimate that £27 billion was lost in 2012 as a direct result of cyber crime.
The new 2014/2015 directive will introduce a greater level of compliance and for the first time UK firms will have to inform the new parliamentary committee of any suffered IT Security or Data Breaches. The fines for non-compliance will be up to 5% of Global Turnover per breachand it is estimated that the cost of remediation could be up to 10 times of the actual financial loss incurred.
The workshop offers a 1 day overview for your leadership team (HR, Finance, Operations, IT, Security and Customer Services) and introduces the new landscape for cyber crime, illustrated by recent claims evidence from the Lloyds of London market-place. We can also demonstrate the real-world case of the large deployment that had direct connection to .com, .cn domains, but did not realise it.
Each attendee receives a strategic report on the roles and e-disclosure responsibilities for their function.
As a result of the new e-disclosure ruling, to not have a cyber insurance policy in place from 2014 and onwards will simply not be a viable fiscal option.
The options on the cover are:
- Sequential Loss
- Financial damages to the organisation
- Technical help and support to ensure IT systems are back online quickly
- Public Relations to cover reputational risk caused to the organisation
ISX works in partnership with a Lloyds of London underwriter and offers full support and guidance available to help process and underwrite policies.
Protect your Business and Reputation
These are real 21st Century risks, don’t ignore them. Managing risk, which includes a combination of good security and suitable insurance, is the only solution to protect your business and your reputation.
Advise – Ongoing updates and advice on current threats
We provide clients with the capabilities of running a monthly periodic vulnerability scan on their critical assets, with a comparison of previous reports to highlight any significant changes that could insecure security issues.
We look to work with you to resolve and immediate issues and remove any known exposures.
A simple & effective approach; Conduct a Triage for data leakage and foot-printing, with three levels of penetration testing – Discovery (Ports and Services etc.), SANS & Top 10 Vulnerabilities.
Visit Us at: www.integralxssurance.com