Cyber Network Defence

Sophisticated cyber threats and stealthy assaults perpetrated by attackers today exploit the immaturity of the fractured nature of security solutions currently in use by many organisations. DarkMatter’s Cyber Network Defence division provides sophisticated active defence solutions, including assessments, penetration testing, threat hunting, and incident

readiness and response services to help organisations unify and strengthen their security programmes.

DarkMatter provides full-stack security solutions tailored to each client’s unique needs.

  • Security Assessments

    Our Security Assessment teams offer a range of services to help identify and manage threats and vulnerabilities inside your environment. This includes prioritisation and mitigation planning and implementation. Vulnerability Assessment Our Vulnerability Assessment service works… Read more

    Our Security Assessment teams offer a range of services to help identify and manage threats and vulnerabilities inside your environment. This includes prioritisation and mitigation planning and implementation.

    Vulnerability Assessment

    Our Vulnerability Assessment service works to reveal cyber security gaps and weaknesses in your applications, operating systems, networks, infrastructure, access points, hardware and systems. We then provide you with prioritised risk evaluations that offer a roadmap forward.

    Key features:

    • Sweeping assessment of an organisation’s technological environments to discover the widest breadth of vulnerabilities.
    • Technical assessment with results prioritised according to the Common Vulnerability Scoring System (CVSS).
    • Testing methodology based on a combination of the Open Source Security Testing Manual (OSSTMM) standards and tailored customer requirements.
    • Combination of machine and manual testing techniques to provide deeper insights.

    Penetration Testing

    DarkMatter’s Penetration Testing service evaluates the robustness of an organisation’s current security posture by simulating real-world attack scenarios. Specific rules of engagement are established with the organisation to protect business continuity during testing.

    We provide risk evaluations for the chained exploitation paths related to each vulnerability.

    Penetration test types:

    • External: attempted breaches from outside an organisation’s perimeter security.
    • Internal: attacks perpetrated by internal threats.
    • Wireless: attacks directed at wireless technologies and networks.
    • Web and Mobile Applications: malicious acts leveraging technological or logical weaknesses or flaws in web and mobile formats.

    Source Code Review

    Our Source Code Review service uses a combination of machine and manual analysis techniques to detect security defects early in the software development lifecycle. This can deliver significant development cost savings and overall higher-quality apps. Our review service covers web, mobile, and desktop applications, web services and firmware.

    Key features:

    • Customised private auditing tools covering all major programming languages and development frameworks.
    • Testing methodology targeting all of the technical and logical flaws described by OWASP Top 10 Web Security Risks and OWASP Testing Guide.
    • Testing methodology incorporating CERT Coding Standards as a guide for detecting security gaps in the actual implementation.
    • Option to combine source code review with dynamic testing to extend the validation cycle and enhance bug detection capabilities

    Industrial Control Systems Security Assessment

    Designed for the most critical and sensitive industrial control systems (ICS) environments, our ICS Security Assessment combines proprietary methodology and technology and both machine and manual tools to deliver vulnerability assessment and penetration testing of networks, field bus, systems, applications and other ICS elements.

    Key features:

    • Detailed threat modelling and scoping to cover peripheral attack vectors against ICS.
    • Security assessment of ICS components (DCS, PLCs, RTUs, HMIs, Data Diodes, Data Historians).
    • State-of-the-art fuzzing and reverse engineering techniques to identify vulnerabilities
    • Assessment of relevant physical security
  • Cyber Incident Response

    Our Cyber Incident Response teams take immediate action in the critical early moments of any breach to identify, triage, mitigate, and resolve cyber incidents that threaten your data assets and ongoing business operations. We complement… Read more

    Our Cyber Incident Response teams take immediate action in the critical early moments of any breach to identify, triage, mitigate, and resolve cyber incidents that threaten your data assets and ongoing business operations.

    We complement this urgent response with digital forensics and malware analysis to better understand the attack and protect for the future, and offer readiness planning to prepare organisations before they are breached.

    Crisis Mode:

    We offer two models of support to organisations facing an ongoing breach.

    Full-Service Emergency Critical Response Team – Offering end-to-end management and crisis communication, our analysts, malware specialists and forensic experts triage issues and take immediate action to help you contain and mitigate the effects of a breach.

    Consulting Team – Our experts support your in-house team to augment incident response capabilities, ranging from threat identification to remediation.

    Readiness Planning

    Our Readiness Planning service helps you prepare to respond to a cyber attack by building a tailored response programme that is realistically executable based on your people, processes and technologies.

    Key feature:

    • Comprehensive audit of your baseline incident response capabilities and plans to assess whether your people are equipped with the right tools and procedures
    • Incident scenarios and exercises, standard or customised, to test your incident response plan.
    • Table-top exercises to evaluate tools, procedures and resources in realistic scenarios to identify gaps in current plans
  • Compromise Assessment

    DarkMatter’s Compromise Assessment service proactively and iteratively searches networks and endpoints to detect and respond to threats that evade traditional rule- or signature-based security solutions. The assessment leverages both manual and machine-assisted techniques with the… Read more

    DarkMatter’s Compromise Assessment service proactively and iteratively searches networks and endpoints to detect and respond to threats that evade traditional rule- or signature-based security solutions.

    The assessment leverages both manual and machine-assisted techniques with the goal of finding the tactics, techniques and procedures (TTPs) of advanced adversaries and cyber criminals. The outcome delivers detailed information to help you eliminate threats from your environment.

    Threat hunting

    This process involves the proactive, aggressive and methodical discovery and pursuit of known threats based on indicators of compromise (IoCs) and the detection of unknown malicious behaviour. Any IoCs are disrupted and/or eradicated and critical infrastructure is secured.

    Key features:

    • Network Compromise Assessment: interception of network traffic between client network and the internet for analysis of IoCs.
    • Host Compromise Assessment: review of systems supported within a host-based enterprise for analysis of IOCs.
    • Behavioural analysis of network traffic: outliers identified that indicate the presence of malicious activity
    • In-depth technical breakdown: details of all malicious artefacts and compromised systems, including suggested remediation actions.
    • Threat actor and activity summary: details of the who and why behind any malicious activity identified within the organisation, where attribution and assessment of the threat can be measured with high confidence.
  • Project Zero

    The Project Zero service provides the most robust challenge available to test the strength of an organisation’s end-to-end information security programme. Mimicking the behaviour of malicious actors, our specialised strike teams conduct exercises involving active… Read more

    The Project Zero service provides the most robust challenge available to test the strength of an organisation’s end-to-end information security programme. Mimicking the behaviour of malicious actors, our specialised strike teams conduct exercises involving active attack scenarios designed to target all components of an organisation’s security program.

    Like a real attacker, our teams seek out weaknesses across an organisation’s technologies, business processes and security protocols, personnel, and the physical security of an organisation.

    Project Zero delivers:

    • Authentic attack environment: exercises seek to breach an organisation’s security measures and gain unauthorised access to critical assets.
    • Ultimate black box execution: cyber attack goals and markers of success are not provided to organisation ahead of time, thereby simulating real-world attack scenarios.
    • Expert strike teams: our white-hat hackers draw on advances competences across multiple security and industry domains and disciplines.
    • Security protocols targeted: all likely points of failure in cyber technologies and systems are challenged.
    • Social engineering probed: personnel are tested with all types of social engineering attacks, from generic to customised whaling.
    • Physical security challenged: all points of digital-physical intersection, e.g., RFI card cloning and unauthorised entry, are tested.
    • Full post-exercise analysis: actionable reports detailing detection and response capabilities.
  • Threat Intelligence & Malware Analysis

    Drawing on intelligence from local and international Computer Emergency Response Teams (CERTS), leading research and academic institutions, Internet Storm Centres, and Incident of Threat notification platforms around the world, we analyse and consolidate emerging trends… Read more

    Drawing on intelligence from local and international Computer Emergency Response Teams (CERTS), leading research and academic institutions, Internet Storm Centres, and Incident of Threat notification platforms around the world, we analyse and consolidate emerging trends and developments in cybercrime to help us understand threat vectors, attack scenarios and attack geolocations.

    We analyse attack types and the cybercriminals behind them, using this intelligence to shape short-term remedial responses and build long-term network resilience for our clients.

    Key features:

    • Advanced Threat Intelligence – We provide high value, enriched, contextualised real-time visibility of threats and threat actors specifically for unique targets, assets or identities.
    • Malware and Reverse Engineering – We unravel the most advance persistent and human morphia threats by deconstructing payloads line by line, whether delivered to desktops, servers or mobile devices.