- Security Assurance
- Cloud Security
- DevSecOps Consultancy
- Cyber Defence
- Managed Services
- Digital Forensics and IR
- Strategic Consultancy
Application Security Assurance
Application security assurance is designed to comprehensively assess digital applications and associated APIs against “known” vulnerability types (such as those recorded in the OWASP Top 10) to identify exploitable vulnerabilities which could be leveraged by a malicious actor.
This level of assessment goes beyond signature-based scanning activities to provide increased assurance and resilience to attack; ensuring that users are only able to perform intended actions, and that an attacker’s ability to abuse a compromised account (and surrounding infrastructure) is sufficiently limited.
Mobile Security Assurance
Mobile security assurance is designed to identify vulnerabilities affecting mobile devices or applications, using industry leading techniques and tooling to benchmark against security standards such as the OWASP Mobile Top 10 and Mobile Application Security Verification Standard.
Many organisations are increasingly reliant on mobile devices to support core business processes, operations, and services. As a result, corporate mobile devices must have sufficient access privileges to interface with business applications. However, despite being a core aspect of a modern corporate IT estate, mobile security is often sacrificed in favour of usability. MWR employs a broad range of assurance-based tests to identify vulnerabilities and provide actionable recommendations for issue resolution and broader security hardening.
Network Security Assurance
Network security assurance enables organisations to determine whether exploitable vulnerabilities exist on the organisation’s internal or external network infrastructure that would enable an attacker to gain access to high-value systems and applications.
Infrastructure vulnerabilities and misconfigurations are central to an attacker’s strategy in moving laterally and positioning a targeted attack, making this form of assurance integral to an organisation’s broader security strategy. MWR’s network security assurance assessment enables organisations to develop their understanding of network segments and their linked components and can often overlap with the assessment of key applications to determine the broader risk and impact of an attack.
Web and Mobile Applications + Services
Mobile Device Management
Help organisations to predict, prevent, detect, and respond to attacks in IaaS, PaaS, and SaaS cloud implementations, across multiple providers, at all stages of adoption
Cloud security assessments help organisations to predict, prevent, detect, and respond to attacks in Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS) cloud implementations, across multiple providers, at all stages of adoption. This involves the application of one or many existing MWR services adapted to the unique technical challenges of a cloud-based environment, for example: a review of the deployment security architecture, an assessment of access controls or an inspection of security policy enforcement.
MWR’s typical cloud security offering involves design and/or configuration reviews of an existing or planned deployment to ensure the asset has been securely implemented and makes best use of the security controls and tools made available by the cloud service provider.
Cloud-based infrastructure solutions, including hybrid and cloud-only configurations, are gaining increasing traction with organisations looking to drive growth and efficiencies. However, the benefits provided by cloud solutions present a set of challenges to security professionals, such as declining visibility and an increase in shadow IT or decentralised management and loss of control. MWR recognises that many of the challenges surrounding the security of cloud environments remain consistent with traditional systems and infrastructure. Thus, MWR’s approach, whilst corresponding with traditional engagements is also adapted to account for nuances within the cloud.
Amazon Web Services (AWS)
Google Cloud Platform (GCP)
Help organisations to improve or adapt security practices in their software development process
DevSecOps consultancy helps organisations to improve or adapt security practices in their software development process. This service works alongside an organisation’s development teams to enhance their ability to build best practice security methodology into their development lifecycle activities.
Historically, software developers and IT security have not worked closely together, with security perceived as limiting innovation and delaying time to market. Unsurprisingly, this makes development environments susceptible to attacks, meaning that greater security consciousness needs to be integrated in software development. MWR seeks to facilitate the integration of development and security by elevating the organisation’s understanding of its current risk exposure and building security into software as its designed. This enhances the reliability of delivery timescales and reduces the likelihood of costly delays. Additionally, such engagements mean that confidence in products and services is reinforced, improving the confidence of both internal and external stakeholders, in turn, changing the perception of security as a product feature rather than a compliance requirement.
Use our extensive knowledge of real-world attacker TTPs to deliver effective offensive, defensive and collaborative client engagements across various specialties
Active Directory Security Review (ADSR)
Active Directory (AD) is used by 90% of businesses and is responsible for managing permissions and access to networked resources including business critical services and applications. AD security reviews provide organisations with a comprehensive review of their AD security posture, incorporating customised recommendations to reduce the organisation’s risk exposure.
The functionality of AD has grown significantly over time, managing a widening array of services and corresponding user roles, permissions, and accounts, while its implementation with Windows has grown in complexity. As a result, AD is frequently targeted by attackers due to its highly pivotal nature.
MWR combines best practice approaches to designing and administrating a secure AD environment with MWR’s experience of responding to, and simulating, AD-based attack paths. It involves a white-box collaborative assessment of all aspects of an organisation’s AD environment: from its implementation, relationship to business applications, and network infrastructure, as well as the processes and procedures through which it is managed and used, to provide a conclusive security assessment of the AD environment.
Attack Detection Capability Assessment (ADCA)
ADCAs simulate stages of a targeted cyber-attack to assess the effectiveness of implemented security controls. MWR can simulate attacker techniques at each stage of the kill chain to measure whether they can be detected and to determine if an organisation’s processes allow for effective response measures to be executed.
MWR’s ADCA seeks to assess defence in-depth across the lifecycle of an attack and areas that would benefit from improvement (including proposed improvements in people, process or technology). The service is designed to provide a more holistic assessment of the effectiveness of the security controls in place, accelerating risk reduction and reducing costs.
Attack Path Mapping (APM)
APMs are designed to identify and architect the most likely routes an attacker could and would take to reach an organisation’s key business and critical assets, identifying existing security controls in place to prevent and detect such attacks. Given the increasingly complex nature of modern-day organisations, it is not uncommon to have thousands of systems. However, combined with finite resources and budgets, it is difficult to secure an organisation’s estate, particularly as threat actors become more familiar with traditional security controls, and seek to bypass these to find the path of least resistance.
APM is a collaborative service, comprising of interviews and workshops with key technical and business owners, aimed at understanding what an organisation’s critical assets, processes and key risk events are and how they map to IT assets. MWR will enumerate the likeliest paths an attacker will take towards these assets. From there, MWR will assess the effectiveness of security controls present along these paths, noting the absence of other controls that could materially alter the risk. The result is a complete picture of an asset’s security posture, enabling the organisation to prioritise security initiatives and investment accordingly.
Red Team testing emulates what it is like to be attacked by an intelligent and persistent adversary with realistic objectives, targeting critical business functions. MWR tests an organisation’s security capabilities by accurately simulating a sophisticated, targeted attack using offensive security experts that harness the attacker mindset to operate like a real-world threat actor.
Activities include the reconnaissance of a target, establishing a foothold on the organisation’s network, moving laterally across it, and escalating privileges whilst gathering intelligence about the target. All these activities are done in the pursuit of strategic objectives that represent both a realistic pay-off for the attacker as well as a significant business impact to the organisation.
Targeted Attack Simulation (TAS)
MWR’s TAS is an adaptable framework, blending elements of a red, blue and purple team approach to meet the individual security needs of an organisation. It emulates real-world attacker TTPs to exercise an organisation’s detection and response capability.
As the scale and frequency of reported security compromises increases, organisations must assure their security capabilities against such threats. Organisations increasingly opt for Red Team services; however, ‘Red Team’ is often used as a “catch-all” term, with the objectives of an engagement varying vastly between providers. MWR’s TAS applies real-world experience of sophisticated modern attacks through its simulation-based testing. It is goal-oriented and focuses on an organisation’s threat profile and critical assets, considering the wider business context. Additionally, elements of the service act similarly to a persistent attacker whereby if one method or breach is unsuccessful, the attack phase will re-start with adaptation until the objective is achieved.
A TAS is designed to be the ultimate experience for security teams, exposing them to a hyper-realistic and authentic cyber threats, wielding a range of sophisticated and adaptable TTPs to evaluate resilience against a persistent, motivated, and capable threat actor.
Active Directory Security Review (ADSR)
Targeted Attack Simulation (TAS)
Attack Path Mapping (APM)
Attack Detection Capability Assessment (ADCA)
Provide continuous services that assist clients in managing their internet-exposed estates, through external asset mapping and vulnerability management services
Managed vulnerability scans are a highly cost-effective method of identifying vulnerabilities that can be targeted and exploited by less sophisticated attackers. For example, identifying where default passwords have not been changed, patches have not been applied or other common misconfigurations. Vulnerability assessments are a control that most organisations implement and is a requirement for many security schemes, such as PCI DSS.
Whilst vulnerability assessment scans can provide a cost-effective means of identifying potential vulnerabilities, they can also return many false positives. MWR’s approach combines automated assessments with manual verification to deliver organisations with filtered, accurate and actionable results. MWR will adapt its vulnerability scanning approach depending on each organisation’s unique requirements, customising the scheduling to run during periods of low user activity and tailoring the results and metrics to suit an organisation’s internal reporting requirements.
External Asset Mapping (EAM)
EAM seeks to discover and analyse all external-facing assets comprising an organisation’s estate, providing an accurate overview of the integrity of their security perimeter. Today, modern enterprise organisation’s estates are rapidly growing and changing over time. Combined with outdated asset registers and omitted maintenance updates, there is a heightened risk of attackers discovering unmanaged, vulnerable business critical assets. Ultimately, it is only possible to secure what is known, and building visibility and understanding of the composition of the network is a vital tool in planning and architecting a secure network against internal and external threats.
EAM seeks to ensure that an estate remains secure by building visibility of where assets exist and where they interconnect. This approach is vital to planning broader security initiatives and assessing potential attack paths between applications and hosts, giving organisations the ability to undertake a targeted and cost-efficient means of improving the security of their network perimeter. Additionally, this service is especially useful in the face of wider organisational change, for instance, following an acquisition, where an organisation may possess assets, it is unaware of.
For organisations with mature, well-implemented security programs, we deliver bespoke intelligence-led Targeted Attack Simulations that assess capability to respond to varying threats. These use expertise from MWR’s Cyber Defence and Investigations and Incident Response practices to emulate real world attackers.
External Asset Mapping (EAM)
Provide incident readiness consultancy services to help organisations prepare for cyber-attack as well as rapid assistance for security breaches, containing the incident to allow effective remediation and recovery
Incident Response (IR)
MWR provides a 24/7/365 incident response support service capable of providing remote and on-site support during a live security incident, to contain and remove attackers from a breached network. MWR provides immediate first line triage via a hotline for retainer clients, managed by First Responders, with remote investigator support available within 3 hours (currently 15 minutes on average) and on-site support within 12 – 24 hours (time zone and location dependent). Incident response engagements vary in scale and magnitude, from forensic analysis and investigation support to full-fledged incident response combating live, “hands-on keyboard” attackers to control and neutralise the threat.
As cyber-attacks increase in volume, scale and impact, there is growing consensus that preventive security controls will eventually fail in the face of persistent and capable adversaries. Partnering with a skilled and experienced incident response provider that can contain and neutralise an attacker before damage occurs is one means of mitigating this challenge. Reducing the extent of a compromise is a proven method of limiting the overall cost and damage of a cyber-breach.
Incident Readiness Consultancy
- First Responder Training – Train key personnel to make effective decisions in the early stages of an incident to limit the time that an attacker can operate unchallenged.
- Threat Hunting Training – Focused on the internal blue team, aimed at Improving their detection capability using the tooling and tech at their disposal, to enhance knowledge and insight into ongoing malicious activity across their environment.
- Technical and Executive Simulation Exercises – Accurately simulate high risk incident scenarios to assess technical and executive decision making with the information likely be available to them and improve communication and collaboration.
First Responder Training
Threat Hunting Training
Technical and Executive Simulation Exercises
Utilise in-house security expertise to advise and consult on cyber security strategy, organisational maturity and security assurance testing roadmaps
Cyber Security Maturity Assessment
In MWR’s experience, most organisations fail to invest effectively in cyber security development. Accumulating technologies, tooling, and services without sight of how they should be used, or the overall impact upon cyber security operations, has led investment to be untargeted and unstructured. As a result, many organisations continue to be exposed to excessive cyber-risk despite spending more than ever on cyber-security.
To effectively build Cyber Resilience (the ability of the organisation to withstand malicious cyber activity with minimal disruption of its core business systems and operations), it is important that all components of an organisation’s security operating model interoperate. In real terms, this means ensuring the Readiness, or operational effectiveness of controls; confirming they have been prepared and tuned to be deployed in a real-world cyber defence scenario. Controls are not purely technical safeguards, they encompass all aspects of the security operating model – across people, process, and technology – which can be deployed to identify, manage, and mitigate risks.
MWR performs a lightweight and scalable assessment of security controls and capabilities. Using a tried and tested assessment framework, MWR “scores” the maturity of controls across the organisation to uncover high-level security gaps and create a tailored development roadmap designed to deliver holistic improvements. Once a series of follow-on projects have been performed, the organisation’s capabilities can be re-assessed using the evaluation framework to provide qualitative and quantitative metrics with which to benchmark security maturity across business services and demonstrate return on investment.
Pragmatic Threat Modelling (PTM)
The number of assets that an organisation is expected to identify, manage, and assure continues to grow in line with modern development approaches and emerging infrastructure technologies. PTM enables organisations to better understand, plan and prioritise security assurance testing effort on high probability, high impact threats across a broad scope of assets, such as web applications, infrastructure, and mobile applications, by building visibility, context and understanding of the internal estate.
MWR profiles assets by size, complexity and required effort to test, categorising the assets into logical groupings and undertaking threat modelling and lightweight testing. This approach allows MWR to determine the most effective type of testing required for each asset as well as to prioritise this testing on identifying the security issues and vulnerabilities that pose a genuine risk to the organisation. This means that consultant effort is efficiently assigned to maximise return on investment, rather than spending set pre-scoped lengths of time testing secure or non-critical applications. PTM allows organisations to build a meaningful understanding of their risk exposure, rather than focusing on the quantity of vulnerabilities identified and remediated through the BAU testing process. PTM investigates the threats that pose the greatest risk, delivering tangible capability uplift by ensuring remediations address the issues that matter most.