Our Service Lines

Virtual CISO

Because businesses come in different types, sizes, models, goals and competencies, sometimes it may make better sense to seek an independent external capability to manage your cybersecurity function.  We can help you:

  • Rapidly deploy and establish an Information/Cyber Security Management capability if you don’t have one already.
  • Enhance existing skills and knowledge by bringing in a broader experience to the existing structure.
  • Reduce or optimise the cost of managing your Cyber/Information Security function.

The time commitment of the service can be optimally apportioned to meet your specific business needs. Often we find that businesses seek this approach when:

  1. They are going through a transitional phase of business change where a requirement has been identified to establish a CISO type function because none exist or the skills are simply not available amongst the existing team.
  2. Where a business is not sizeable enough or lacks adequate skills and experience to setup a full in-house capability for a CISO function. A business in this context typically finds it more operationally and economically effective to hire an independent external CISO capability to fill the gap.

Cybersecurity Pulse Check

Technical Penetration Testing:

Penetration testing is a vital proactive step an organisation can take to uncover weaknesses and holes in its technology infrastructure before the adversaries do.  Penetration Testing evaluate the security of the technology infrastructure by simulating an attack from a malicious or dangerous source.

In CyberSolace we believe in a holistic approach to security penetration testing which covers testing of the technical infrastructure and applications, the physical premises, the networks, and equally importantly, the people in the organisation through their levels of awareness.

We can provide CREST and/or CHECK accredited security testing services that would help management focus its resources on what matters and prioritise improvement actions in accordance with the qualified risk.

Cybersecurity Risk Assessment:

Risk assessments help you understand the scale and nature of the cyber threat that you face and the valuable business assets that stand to be compromised. It will ultimately help you focus your priorities and channel your investment to what really matters in order to mitigate the risks proportionately.

Cybersecurity Gap / Maturity Assessments:

We adopt a holistic approach to security and typically our assessments cover multiple facets, comprising People, Process, Technology and Organisation. Yet we mindfully maintain a close attention to external influencing factors such as regulations, standards and emerging business technology and operating models.

We can utilise a number of known industry standards and frameworks to measure, audit or gap-assess your security posture and give you an objective view of how well your security practices measure up or if there are any urgent concerns that need to be addressed. Examples of some of the standards and governance frameworks we can utilise are: ISO 27001, GDPR, UK Government Cyber Essentials Framework and NIST Cyber Security Framework.

But we also recognise that not all companies are the same or operate under identical regulations. Thus we can easily tailor an assessment framework that is specific to your business context and is more aligned to your company culture in order to ensure the final outcome is as meaningful as possible to your management.

Because you cannot protect or improve what you do not know

Cybersecurity Strategy In Business Transformation

The ability to drive transformational business change such as moving from mediocre to improved performance, wasted investment to cost-effectiveness or turning around a crisis is never a trivial one. It can mean the difference between success and growth, and confidence-loss and failure.

We strongly believe security should be at the heart of all business transformation because it is often too late and too risky if left to the end or as an after thought!

Our philosophy dictates that security considerations should be present across the key stages of any business transformation, e.g. business case definition and strategic alignment, sourcing and development, change project planning and transition to operations, and post implementation reviews.

We can support your business transformation campaign through a structured and iterative approach to security. Whether it is a small business or a larger multi-stakeholder community, we can help you navigate all the relevant security touch-points. Fortified by our long and varied years of experience in client consulting, we are confident about increasing your chances of success and minimising your security risks to safeguard your investment.

In a rapidly changing world, the biggest risk is not adapting

Resilience Planning

To stay competitive in a global economy, deliver timely responses to changing customer demands, meet increasing service expectations and reduce operational costs, organisations have adapted their processes and business models by adopting emerging business technology. This widespread use of information technology and advances in connectivity have transformed many businesses and transferred information flows from paper or the telephone to digital transactions and databases.

However, these advances also present more opportunities for attackers. The scale of the targeting, coupled with the difficulty of monitoring all possible attack methods, means some attacks will get through.

Foreign states, organised cyber-crime syndicates, low level opportunistic cyber pick-pockets, hacktivists, insiders and terrorists all pose different kinds of threat. They may try to compromise networks to meet various objectives that include:

  • Stealing sensitive information for espionage
  • Circumventing digital systems/information for fraud or extortion
  • Attracting publicity for a cause
  • Tarnish reputation or brand image
  • Hijacking computer infrastructure to support other nefarious activity
  • Disrupting or destroying computer infrastructure or business operations

The unexpected happened…..What then?

The need for cyber resiliency is thus increasingly important for modern businesses. The information systems and business functions which depend on them need to be resilient in the face of persistent, stealthy, and sophisticated attacks.

CyberSolace can help you assess and bolster your resilience against cyber attacks.  We can help you improve your ability to Anticipate, Withstand, Recover from, and Evolve to improve capabilities in the face of attacks or adverse conditions.

Cybersecurity Solution Design

In a constantly changing and increasingly uncertain socio-economic atmosphere organisations need to constantly change, adapt and innovate to remain relevant, cost effective, in growth and in optimal pefromance.

In order to maintain this constant state of evolution businesses invariably will rely on new technologies to help them to continually reshape and progress. But with new technology and change, new security risks will also emerge and if not recognised and addressed properly they can lead to detrimental results. Thus to enable and support new business technology initiatives a combined effort to design and develop new security solutions is paramount.

CyberSolace’s approach to security solution design is well enshrined in security/business integration. We start by taking a top-down approach, aligning business strategy and direction to actionable planning, validation and execution. We help you define your security solution characteristics in line with your security risk profile, risk appetite and your desired business outcomes.

We don’t provide you with a vendor list or a product shopping list, instead we incorporate a number of disciplines into our approach which encapsulates business analysis, security risk and controls assessments, enterprise architecture, business-change planning, user-experience, project management and systems development life-cycle. We work collaboratively with your senior sponsors and key stakeholders to see the security solution design all the way from inception to development.

Analyse, Conceptualise, Innovate, Develop, Validate

Managed Security Monitoring & Detection Service

Let Our Experts Take The Burden Of Security Monitoring & Detection Off You:

In response to popular demand from our clients, CyberSolace has developed a leading capability to assist clients tackle the challenge of continuous security monitoring of their IT estate to detect and respond to malicious attacks and unauthorised intruders.

We don’t just offer a one-size-fits-all service, we work very closely with your organisation to understand your needs and unique threat environment to offer you the best fitting configuration of our moniotring capability.  Through our partnership with industry frontrunners LMNTRIX we are able to leverage their technology, through our stewardship, to offer our clients a 24×7 security monitoring and detection capability.

The LMNTRIX Adaptive Threat Response platform was developed specifically to complement an organization’s existing defenses and enable a comprehensive adaptive security protection architecture.

The following image depicts how LMNTRIX works with clients:

Be Prepared To Detect & Respond….Because All Defenses Fail At Some Point.

Harden and isolate systems

Reducing the surface area of attack is the core foundation of any successful security architecture. This is achieved through a combination of techniques which includes limiting a hacker’s ability to reach systems, identifying vulnerabilities to target and executing malware. Traditional application whitelisting – also known as “default deny” – is a powerful capability which falls into this category. This approach can be deployed at either the network firewall level (which only allows communication on a specified port/protocol) or the system application control level (which only allows specified applications to execute). With this in mind, data encryption can be thought of as a form of whitelisting, one which hardens defenses at the information level.

Other approaches which fall into this category include vulnerability and patch management which identifies and closes vulnerabilities as well as the emerging endpoint isolation and “sandboxing” techniques. These latter techniques proactively limit the ability of a particular process, system, application or network to interact with others.

Divert attackers

It is no secret that attackers have one extreme advantage against organizations – time. This evolving category tries to address this advantage by wasting hackers’ time. This is achieved by masking legitimate systems and vulnerabilities through a variety of techniques including the the creation of fake systems, vulnerabilities and information which are used to lure and occupy the attacker. In and of itself, this “security through obscurity” approach is insufficient to protect an organization, but it does represent a critical plank in a layered, defense-in-depth protection strategy.

Not only does this technique waste hackers’ time, but it also allows the quick identification of attackers with high assurance. This is due to the fact that legitimate users have no reason to access the fake systems, vulnerabilities and information, allowing security teams to rapidly respond and prevent them from causing damage.

With LMNTRIX Deceive we deploy deceptions everywhere to divert attackers and change the asymmetry of cyber warfare by focusing on the weakest link in a targeted attack – the human team behind it. Targeted attacks are orchestrated by human teams, and humans are always vulnerable.

By weaving a deceptive layer over every endpoint, server and network component, an attacker is faced with a false world in which every bit of data cannot be trusted. If attackers are unable to collect reliable data, their ability to make decisions is negated and the attack is stopped in its tracks.

Prevent incidents

This category includes traditional “signature based” anti-malware scanning as well as network and host-based intrusion prevention systems – both well-established approaches which work to prevent hackers from gaining initial access to systems. “Behavioral signatures” can also be used to complement the traditional approaches by preventing systems from communicating with known command-and-control centers. Threat intelligence from third-party reputation feeds are central to the deployment of behavioral signatures, intelligence which is integrated into network, gateway or host-based controls. These feeds can also be integrated within a host which prevents one process from injecting itself into the memory space of another.

LMNTRIX Intelligence is one such reputation service feed that can be integrated with a client’s network, gateway or host-based controls, while the LMNTRIX Respond – Advanced Endpoint Threat Detection service is used for confirming infections quickly and blocking or quarantining with precision in real-time or through change control.

Detect incidents

The unfortunate truth is that some attacks will bypass traditional blocking and prevention mechanisms. When the inevitable occurs, it is critical that the intrusion is detected as quickly as possible in order to minimize the hacker’s ability to inflict material damage. While there are a variety of techniques that may be used to detect incidents, the majority of them rely on the analysis of data gathered by continuous monitoring at the adaptive protection architecture’s core . This analysis enables the detection of anomalies from normal patterns of behavior, the detection of outbound connections to known malicious entities, and the detection of sequences of events and behaviors that may be potential indictors of compromise.

LMNTRIX uses a combination of advanced network (LMNTRIX Detect) and endpoint threat detection (LMNTRIX Respond) capability, combined with deceptions everywhere (LMNTRIX Deceive) and continuous monitoring and hunting (LMNTRIX Hunt) to detect incidents that bypass perimeter controls. We do this without any reliance on clients’ existing perimeter controls and without any log collection.

By combining a thorough view of behavior on the endpoint (LMNTRIX Detect) with the rich set of data from network packets (LMNTRIX Detect and Hunt), our intrusion analysts can see and understand everything happening in the client environment and – within seconds – can investigate incidents down to the most granular detail in order to take the most appropriate action.

Confirm and prioritize risk

The first step after detecting a potential incident is to use correlating indicators of compromise to confirm its veracity. By drawing on all the intelligence at hand from across the client’s architecture comparing feeds from a network-based threat detection system’s view of a sandboxed environment to what processes, behaviors and registry entries are being observed on actual endpoints – a potential incident can be confirmed swiftly and accurately. The next critical step is to prioritise the incident by using internal and external context such as the user, their role, the sensitivity of the information being handled and the business value of the asset in order to gauge the level of risk to the enterprise. Once prioritised, this can be visually presented to security operations analysts so they can focus on the highest-risk issues first.

Contain incidents

Isolating the compromised system or account is critical once an incident has been identified, confirmed and prioritized. Commonly, this is achieved via containment capabilities such as network-level isolation, account lockout, endpoint containerization, killing a system process, and immediately preventing others from executing the malware or accessing the compromised content.

The LMNTRIX Respond advanced endpoint threat detection capability includes incident containment by identifying the exact location of malicious files for precise remediation. By identifying the exact location and persistence mechanism of malicious files, our intrusion analysts categorize a file as ‘blacklisted’. Defined as ‘blacklisted’, the intrusion analyst then blocks and quarantines the file. Once quarantined, a file may be deleted from the system. Blocking can be enabled from across the entire enterprise or to a select set of individual machines.


Once compromised systems or accounts have been isolated, retrospective analysis of the data gathered from continuous monitoring is required in order to determine the root cause and full scope of the breach. Not only is it essential to discover how the attacker gained a foothold in the enterprise, but it is also critical to ascertain whether an unknown or unpatched vulnerability was exploited, the number of systems that were impacted, and what specific data was exfiltrated. Detailed historical monitoring information is what allows a security analyst to answer these detailed questions as network flow data alone may be insufficient for a thorough investigation. It is the combination of advanced monitoring technologies – such as full network packet capture, endpoint system activity monitoring and advanced analytics tools – that enable a security analyst to answer these questions. It is also pivotal that new signatures/rules/patterns are run against historical data to see if the enterprise has already been targeted with this attack and has remained undetected.

The LMNTRIX Adaptive Threat Response incorporates endpoint forensics (LMNTRIX Respond) and network forensics (LMNTRIX Hunt).

With LMNTRIX Respond, our intrusion analysts can pull full process and memory dumps, view the Master File Table (MFT), and see all modified/deleted files while with LMNTRIX Hunt we use behavior analytics and data science to identify covert channels and C2 threats. We do this by capturing and enriching full network packet data, which means an attack can be reconstructed to understand the full scope of the attack and, in turn, implement an effective remediation plan to stop the attacker from achieving their objective.

Design/model change

Once a threat has been dealt with, it is likely that policy changes or updated controls will be needed in order to prevent new attacks or reinfection of systems. This may include closing vulnerabilities, closing network ports, updating signatures, updating system configurations, modifying user permissions, updating user training or strengthening information protection options (such as encryption). With more advanced platforms it is possible to automatically generate new signatures/rules/patterns to address the newest advanced attacks — providing what is essentially a “custom defense.” However, before these are implemented, changes need to be modelled against the historical data gathered from continuous monitoring to minimise the occurrence of false positives and false negatives.

Our team works collaboratively with clients to assist in defining the necessary changes to policies or any new controls that are needed to prevent new attacks.

Remediate/make change

After modelling and testing has ensured a change to be effective, the change must then be implemented. While some responses and policy changes can be automated and policy changes pushed to security policy enforcement points (firewalls, application control, anti-malware systems etc.) most enterprises prefer these changes to be implemented manually as these automated systems are only in their infancy.

Baseline systems

Due to the constantly evolving nature of enterprise IT, whether in the form of continued introduction of new mobile devices and cloud-based services, the ephemeral nature of user accounts, the discovery of new vulnerabilities or the deployment of new applications, baselining must be continuous, as must the discovery of end-user devices, backend systems, cloud services, identities, vulnerabilities, relationships and typical interactions.

The LMNTRIX Respond (advanced endpoint threat detection capability) and LMNTRIX Hunt (advanced analytics capability) capabilities use automated baselining.

Predict attacks

While the ability to predict attacks is only emerging, it is a capability which will continue to grow in importance. By using reconnaissance of hacker marketplaces and bulletin boards together with the type and sensitivity of data being protected, this category is designed to proactively anticipate future attacks so that enterprises can adjust their security strategies accordingly. For example, if intelligence gathered indicates an attack on a specific application or OS is likely, an enterprise could proactively implement application firewalling protection, strengthen authentication requirements or proactively block certain types of access.

With the LMNTRIX Recon capability, we automatically DETECT cyberthreats in the open, deep and dark web by aggregating unique cyber intelligence from multiple sources. We then analyze the cyberthreats using proprietary data mining algorithms and enable remediation by translating our cyber intelligence into security actions.

With the LMNTRIX Intelligence capability we deliver earlier detection and identification of adversaries in your organization’s network by making it possible to correlate tens of millions of threat indicators against your real-time network activity logs. The LMNTRIX approach enables detection at any point during the attack lifecycle, making mitigation possible before there has been any material damage to your organization.

Proactive exposure analysis

As intelligence – both internal and external – is being updated constantly, so too must an organization’s risk exposure evaluation. In some cases, this process of revaluation may necessitate adjustments to enterprise policies or controls. A common example is when new applications – whether enterprise or consumer – are discovered on devices on the enterprise network. The risk these applications pose to an organization must be evaluated and could potentially lead to additional controls such as application firewalls or even endpoint containment.

LMNTRIX Intelligence and Recon provide some of the necessary inputs for clients to assess risk and exposure against their assets.