Computer Network Defence Ltd (CND) was founded in 2004 as a family business by Managing Director Andy Cuff and his wife Amanda, who has a background in banking and finance. Andy, with a background in military computing, communications, and electronics, went on to progress into information security, covering TEMPEST, TSCM and the emerging field of cyber security. Our passion for Information Security has developed into our business and within our team, we have centuries of experience to call upon.
Cloud Security
It used to be a case of out of sight and out of mind, however, these days Cloud offerings and containers are becoming a soft target for attackers. Whether you are using AWS, Azure, or any number of other cloud offerings, it is imperative that they are secured correctly and monitored. Our consultants will review your cloud services to understand how they are being used and what could be done to configure them more securely.
Compliance
We will assess your organisation to see if you satisfy the controls within the selected security framework, such as NIST, ISO27001, Cyber Essentials, PCI DSS, etc. The output will be a gap analysis, outlining where you don't comply with the certification. We can then work with you to implement any changes that are required and if the certification permits it, audit you again and certify you.
Data Security
Unauthorised exfiltration of data is a huge concern for most system owners, The information might be personal, confidential, or intellectual property. The parties responsible could be legitimate users within the organisation acting maliciously or accidentally, or the data loss could be the result of a breach. We offer a range of services around data loss prevention from the configuration of operating systems and applications, through to the deployment of products which are specifically designed to prevent data loss either at the network level, endpoint, or server.
Penetration Testing
A Penetration Test is a thorough test of the security of your network, conducted using the same tools and techniques as those used by various attackers who might wish to access your network. Our consultants will work with you to identify the scope of the test and discuss the various options available to you. We will also look at your timescales and match your needs to one of our testers, or if they are more appropriate, a tester from one of our partners.
Security Operations & Incident Response
As soon as we get the call we will gather some of our experts to triage the situation to understand, as best as we can, what has happened with the information you have available. This first stage is done remotely, ideally you will have your technical team, risk owners and decision makers on the call. The outcome will dictate how best to respond. Do we contain and recover, or gather evidence, or was it a false alarm. Every situation is different, though a rule of thumb for a serious incident, is that part of our team will come to your site to assist, whilst our engineers work with you to install our products remotely and start to monitor activity on your network. Meanwhile our threat intelligence team will use the information that has already been discovered to understand more about the
SIEM
CND have been working with SIEMs since they were first invented almost 20 years ago. A SIEM takes events and logs from multiple sources and correlates these events to create a security context around what is happening within a network. We are experienced at working with almost every SIEM, such as ArcSight, Mcafee (Nitro), LogRhythm, Netwitness, AlienVault, QRadar, and many more. SIEMs are one of our core functions. We also provide managed services around SIEMs whether they are on your premises or managed and monitored by us in the Cloud. Our own SIEM Managed Service is so much more than a SIEM as we incorporate a number of other security features.
Threat Intelligence
Cyber Threat Intelligence is based upon the correlation of technical intelligence with open source intelligence to build a cyber security context around existing or potential threats. Our researchers constantly trawl open source intelligence for arising threats, we also subscribe to several commercial Cyber Threat Intelligence feeds.
Vulnerability Management
Our consultants are engaged to undertake the following on an adhoc basis, or regularly as part of a managed service. In addition to vulnerability assessment tools, we have a research team who look for new vulnerabilities and report on them via our Cyber Radar Console Just because a vulnerability has been detected it doesn't mean that a client is vulnerable to it, our consultants will work with the client to identify their vulnerabilities and help to triage patching if required. To do this, we review the technical details of the vulnerability to see the necessary criteria for exploitation is present. If the vulnerability does meet the criteria for exploitation, we look at various methods to mitigate the problem: Actual Patching. The vendor of the vulnerable product may have issued a patch