YOUR PATH TO CYBER RESILIENCE

CREST STAR PENETRATION TESTING SERVICES

GOVERNANCE, RISK MANAGEMENT & COMPLIANCE

CLOUD SECURITY SERVICES

PAYMENT CARD INDUSTRY SERVICES

CAA AVIATION SECURITY SERVICES

OFFERING THE FULL SPECTRUM
OF CYBER SECURITY SERVICES


Cyber Security Specialists based in the UK

Established in 2006 and with offices in Cheltenham and Liverpool (UK), Prism Infosec provides comprehensive information security services to organisations based in the UK and overseas.

Prism Infosec is an award-winning independent cyber security consultancy, CREST STAR, NCSC CHECK member, CAA ASSURE audit provider and PCI Qualified Security Assessor Company employing consultants with a high standard of technical skill. Whether delivering advice on cutting edge information security architectural solutions, conducting management controls audits, or in-depth technical penetration testing our consultants always deliver a quality end-to-end service.

Prism Infosec operates a fully certified (UKAS accredited) ISO27001:2013 Information Security Management System (ISMS) and ISO9001:2015 Quality  Management System (QMS).

Prism Infosec’s innovative approach to the delivery of PCI projects and technical security testing was recognised with a PCI Award for Technical Excellence in January 2020. The award was presented for the delivery of a client project that was considered by the review panel to be an outstanding example of best practice.

our cyber security services

Delivering a range of testing and consulting services to our clients for over a decade, Prism Infosec works with a global client base to provide high quality solutions and pragmatic recommendations to effectively manage cyber risk.

Cyber Security Assessments

Test your information security controls and ascertain weaknesses and vulnerabilities

GRC and Information Security Consulting

Engage a Prism Infosec security consultant to help manage your cyber security risks.

Cloud Security

Manage the risks associated with procuring, migrating or delivering cloud services.

LATEST NEWS AND VIEWS

News article
Prism Infosec Information & Cyber Security Forum

Posted on

From May 2020, Prism Infosec has been running quarterly cyber security forums for security leaders across our client base.   We created this forum to allow our clients the opportunity to connect, discuss and exchange experiences on common cyber security challenges, and that this shared experience would help our clients as they navigate the security […]

Read more...

News article
Prism Infosec Statement on NPCC Police CyberAlarm

Posted on

Operated by the National Police Chief’s Council (NPCC) and Pervade Software, the Police CyberAlarm service is a free tool to assist organisations with monitoring malicious cyber activity.  The service helps to detect and provide regular reports of suspected malicious activity, enabling organisations to respond to potential cyber attacks.  The NPCC and Pervade Software engaged Prism […]

Read more...


Ensure Microsoft Exchange Servers (2010 - 2019) are patched and updated with latest cumulative update from Microsoft. Unpatched versions of Exchange are affected by auth bypass and admin impersonation vulnerabilities. See https://blogs.microsoft.com/on-the-issues/2021/03/02/new-nation-state-cyberattacks/ #ProxyLogon #CVE-2021-26855

So yes, Zerologon (CVE-2020-1472) is quite easy to exploit. Unauthenticated user to Domain Admin. This is really scary. Run exploit, DCSync with DC account and empty NT hash: you have Domain Admin and a broken DC.
Awesome find by Tom Tervoort 🙂. Patch patch patch!

request a callback

Please complete the form below and we will get in touch with you to discuss your requirements

  • Fields marked with an * are mandatory

  • This field is for validation purposes and should be left unchanged.