Experiencing a Security Breach?
contact@prisminfosec.com +44 (0) 1242 652 100 +44 (0) 1242 652 100

Archives: Services

PULSE – Agile Red Team Engagement

Introduction

PULSE is a Prism Infosec Agile Red Team service. It is a stepping stone for organisations who are not yet ready for a full Red Team engagement but want to understand their security posture and evaluate their defences against real world threats.

Why Pulse?

Red Teaming is a fantastic tool for exercising security tooling, staff, policies, and procedures in a realistic, secure, and safe manner. It does this by taking the Tactics, Techniques and Procedures of genuine cyber threat actors and applies them in intelligence led scenarios which can span multiple weeks. However, not every organisation is ready for the cost, time, and effort that a full red team engagement requires to deliver value for the business.

Penetration Tests are great services for contained evaluations of the security boundaries and controls of distinct systems. It excels at analysis of specific vulnerabilities contained to specific control planes of individual systems but struggles to deliver real-world tests of threat actor activities and capabilities.

Pulse seeks to bridge the gap between costly Red Teams and contained Penetration Test. It does this by focusing on the scenario of an opportunistic cyber threat actor seeking to breach the perimeter, establish a foothold, and compromise the environment in the space of a working week. We compress a Red Team scenario into this timeframe by unit testing specific phases of breach in a controlled manner which does not risk disrupting ongoing work but still effectively exercises the security controls in a declared manner.

Key Features of PULSE

  • PULSE is best suited for organisations who have invested in security tooling but lack a full-time dedicated Security Operations Centre and staff.
  • A unit testing approach means that testing can be flexible, repeatable, and measurable.
  • Over a 5-day testing phase it seeks to evaluate the security of an organisation’s perimeter, endpoint security, and environment, from the point of view of a time limited, opportunistic, threat actor.
  • The service uses techniques linked back to ATT&CK MITRE IDs so that you can clearly identify what real-world Tactics, Techniques, and Procedures have been exercised.

PULSE Methodology

PULSE has a modular methodology which does follow traditional breach attack paths. It is able to move at pace by sacrificing stealth for a smash and grab approach, rapidly testing multiple different payloads and delivery mechanisms in a manner similar to a purple team but combining that a red team evaluation of environment to determine how an opportunistic threat actor could use an established foothold to impact an organisation.

To deliver this effectively, we break a PULSE engagement into the following steps:

  • Scoping – Following a Pre-Sales discussion with your account manager, a scoping call will be held with one Prism Infosec’s experienced Red Team consultants to capture the information needed for a successful engagement.
  • PULSE Test Plan – The consultant will put together a tailored test plan based on the PULSE methodology, and the details from the scoping questionnaire.
  • PULSE Preparation – Clients will provide the pre-requisites whilst Prism Infosec’s consultant prepares payloads, infrastructure, and tooling.
  • PULSE Perimeter Assessment – Testing begins with an assessment of the perimeter – different payload delivery techniques are sent in to see what gets through.
  • PULSE Attack Surface Assessment – For payloads which get through the perimeter we then assess which ones would succeed against the installed security products. Working with your staff, we assess which ones alert, which ones are blocked, and which ones succeed.
  • PULSE Environment Assessment – Using a successful payload, we then assess your environment. Investigating how far a threat actor can get within a week.
  • PULSE Report – the outcomes of all three phases are then documented, along with recommendations to harden your environment, and suggestions and advice for follow-up testing to improve your security posture.

What about physical testing?

Thanks to the modular nature of PULSE, should a client want to include a physical test element, we can customise the service to include a short physical testing phase. During this one of our consultants will spend a day evaluating the physical controls of an organisation’s location before trying to physically breach the perimeter using a variety of real-world social engineering and physical breach techniques before attempting to achieving a specified objective. This approach is covered by our risk management strategy, during which we will guide clients through the art of the possible to ensure a safe, legal, and effective test can be conducted.

Risk Management

Real world threats do not target non-production systems, and organisations will only really be able to defend themselves properly if testing occurs on those same production environments. Testing in Production however carries significant risks to business disruption.

We recognise this, and as with all of Prism Infosec’s Red Team services, we have applied our risk management strategy that seeks to minimise the chance of disruption, permits realistic testing, and ensures that client control is supported by expert knowledge.

The PULSE risk management strategy is documented and provided in the test plan; this is reviewed with clients prior to preparation and is enforced during testing.

Deliverables

The service deliverable shall be a technical report clearly documenting the outcomes of each phase of testing, combined with a short narrative of the environment testing, alongside practical, pragmatic, clear and concise recommendations on how to improve the security posture of the organisation.

Email Prism Infosec, complete our Contact Us form or call us on 01242 652100 and ask for Sales to setup an initial discussion.

Artificial Intelligence (AI) Testing

Prism Infosec conducts security testing of AI-driven systems by analysing how they behave and respond to different inputs, prompts, and outputs. This testing is designed to evaluate the robustness of Generative AI and Large Language Models (LLMs) to find weaknesses which enable attackers alter the model’s outputs, extract sensitive information, or trigger unintended behaviours.

Our Approach

Our bespoke approach to AI and LLM testing will help your organisation to:

  • Map the attack surface of AI systems and components to identify vulnerabilities and potential entry points;
  • Improve the security posture of AI-driven solutions against emerging threats;
  • Implement robust security mechanisms based on detailed report findings.

Our experienced consultants follow established methodologies to examine the model’s security controls. The outcome of our testing aligns the system with security best practices, providing a detailed list of identified vulnerabilities along with recommended remedial actions.

Our testing approach largely aligns with the OWASP TOP 10 LLM guidelines to ensure a methodological review of the in-scope systems. As an example, our consultants may look to attempt prompt injections which are intended to cause the model to ignore pre-written instructions and leak sensitive data / perform unauthorised actions. Furthermore, inadequate sandboxing vulnerabilities may be exploited to gain unauthorised access to critical systems or data – while insecure output handling misconfigurations could be leveraged to exploit vulnerabilities introduced in downstream systems.

As organisations become increasingly reliant on AI-driven solutions, novel vulnerabilities and attack vectors have emerged in the threat landscape. Prism Infosec’s service offering is designed to address these concerns, ensuring that AI-driven solutions are carefully vetted before implementation.

Email Prism Infosec, complete our Contact Us form or call us on 01242 652100 and ask for Sales to setup an initial discussion.

Cyber Security Incident Response (CSIR)

Our comprehensive Cyber Incident Response and Analysis service provides organisations with a robust and tailored approach to managing and mitigating cybersecurity incidents. We offer expertise in four key areas: Incident Response (IR), Malware Analysis, Threat Intelligence, and Forensic Investigation to ensure rapid identification, containment, and recovery from cyber threats.

Our team of experts operate 24/7/365 and are ready to assist whenever you need them.

Cyber Incident Response Life Cycle

Incident Response (IR)

Timely and effective response to cyber security incidents is crucial to minimise damage and downtime. Our Incident Response service includes rapid identification and containment of threats, investigation, recovery, and compliance with best practices and regulations.

Key Features:

  • 24/7/365 Incident Response Team availability
  • Incident triage and classification
  • Forensic analysis of affected systems
  • Incident recovery planning and execution
  • Post-incident reporting and recommendations

Malware Analysis

Analysing and understanding the behaviour of malware is vital to prevent its spread and minimise its impact on your organisation. Our Malware Analysis service offers in-depth inspection and assessment of malicious software to support effective countermeasures.

Key Features:

  • Malware sample collection and preservation
  • Static and dynamic malware analysis
  • Behavioural analysis to understand malware actions
  • Identification of malware origins and delivery methods
  • Recommendations for malware removal and containment

Threat Intelligence

Staying informed about the evolving threat landscape is crucial for proactive cyber security. Our Threat Intelligence service provides you with real-time, actionable information about emerging threats and vulnerabilities that may impact your organisation.

Key Features:

  • Collection and analysis of threat data from various sources
  • Vulnerability assessment and risk analysis
  • Indicators of Compromise (IOCs) identification
  • Threat actor profiling and attribution
  • Customised threat intelligence feeds and reports

Forensic Investigation

In-depth forensic investigation helps identify the root causes of security incidents, gather evidence, and support legal proceedings if necessary. Our Forensic Investigation service offers expert analysis to uncover the full extent and root cause of incidents.

Key Features:

  • Digital evidence collection and preservation
  • Chain of custody documentation
  • Data recovery and analysis
  • Expert witness testimony support
  • Forensic reports and findings

 

Email Prism Infosec, complete our Contact Us form or call us on 01242 652100 and ask for Sales to setup an initial discussion.

 

Cloud configuration reviews

  • Identify security weaknesses in the configuration of cloud services
  • Measure gaps against common best practices
  • Reduce the risk from using cloud Infrastructure, Platform or Application as a Service
  • Improve the resilience of data and endpoints to attack

Cloud services can be configured and licensed with a variety of security configurations and features, many of which are not enabled by default. It is therefore important to ensure that the security configuration of cloud services are defined and provide robust protection from attackers.

Prism Infosec can audit the current standard of a cloud instance’s configuration against commonly accepted best practices and other governance requirements (e.g. Payment Card Industry or Sarbanes Oxley). Where we identify security weaknesses we will then produce a report highlighting gaps and providing technical details of where improvements can be made.

If necessary we can then work with the client’s systems and security teams to establish configuration documentation, and to deploy to new builds, manage and test changes to existing live configurations and document and report on changes made.

Prism Infosec has extensive experience with identifying gaps and advising on improvements as well as assisting with their implementation on a number of platforms, including:

  • Microsoft Office 365
  • Microsoft Azure
  • Amazon Web Services (AWS)
  • G Suite from Google Cloud
  • Google Compute Engine
  • Salesforce

Email Prism Infosec, complete our Contact Us form or call us on 01242 652100 and ask for Sales to setup an initial discussion.

Cloud security advice

Prims InfoSec’s security consultants have  a proven track record  providing organisations with effective cloud security advice to identify areas of weakness in cloud deployments and drive improvement for the business.

  • Implement pragmatic security controls to protect a cloud deployment
  • Effectively manage the risks associated with consuming or offering cloud services
  • Comply with legal and regulatory requirements associated with protection of data
  • Reduce the likelihood of a cloud compromise
  • Demonstrate robust security measures to prospective clients

Organisations world-wide are now beginning to appreciate the potential cost savings associated with migrating services to the cloud.

Significant IT infrastructure and support savings can be realised due to outsourcing those elements of the service delivery model. As such, there has been an increase in organisations delivering cloud-based infrastructure, platforms and applications.

However, it is essential that information security is an inherent part of a prospective cloud delivery service. Prism Infosec’s cloud security consultancy service provides clients with the necessary support to properly plan and implement the delivery or consumption of a cloud service.

Our consultants work with client project teams providing cloud security advice, as part of short or longer term project engagements to ensure that necessary security controls are implemented to adequately protect cloud deployments, including:

  • Single and multi-tenant information asset protection and separation
  • Suitable protection of data in-transit and at rest
  • Adequate security controls associated with customer management interfaces
  • Suitable authentication, authorisation and accounting models
  • Robust service management architectures
  • Strong supporting acceptable use and other policies
  • Compliance with applicable legislation including the protection of personally identifiable information
  • Effective customer on and off boarding processes and data erasure
  • Appropriate end of life procedures and data sanitisation
  • Proportionate security monitoring
  • Incident handling and forensic readiness
  • Commensurate business continuity and disaster recovery requirements

Email Prism Infosec, complete our Contact Us form or call us on 01242 652100 and ask for Sales to setup an initial discussion.

Cloud risk assessment

Whether considering the procurement of cloud services, migrating the organisation’s existing services onto a cloud delivery model, or delivering a new cloud-based service to your customers it is important to conduct a cloud risk assessment to identify and manage the associated risks.

A cloud risk assessment of the cloud service will help to recognise the project risks and will appropriately feed into the project or organisational risk register to ensure effective risk management and where necessary the implementation of additional security controls.

A cloud risk assessment of the cloud service will help to recognise the project risks and will appropriately feed into the project or organisational risk register to ensure effective risk management and where necessary the implementation of additional security controls.

  • Identify technical security risks associated with a cloud deployment or procurement
  • Understand legal and regulatory issues that could affect your use or delivery of a cloud service
  • Ensure your policies and procedures are sufficient for cloud working
  • Effectively manage the risks associated with cloud working moving forward

 

 

The Prism Infosec Cloud Security Assessment service includes an initial cloud risk assessment consultation to understand more about your business and its associated threat landscape as well as to explore further your cloud procurement or deployment project. Following that, we will work with your project teams to understand in more detail how the service is designed and implemented, alongside how it will operate and be utilised on an ongoing basis. Our consultants will also determine the nature of the information assets that are being hosted within the cloud environment to incorporate any risks associated with legal or regulatory issues that could affect the service.

The assessment will also be supplemented, where appropriate, with technical security reviews of elements of the cloud service. The nature of the reviews vary dependent on the type of service being assessed, however typical test cases include data separation tests, build reviews, infrastructure and application tests.

We will also identify whether your policies, procedures and any necessary service contracts are sufficiently robust to complement the service’s technical security controls and to ensure effective use of the service.

The service deliverable shall be executive and detailed reports clearly identifying the risks associated with the cloud service and any associated organisational assets, alongside practical, pragmatic, clear and concise recommendations on how to effectively manage them moving forward. Additionally, we will deliver a presentation to executive and/or technical staff on our findings and recommendations.

Email Prism Infosec, complete our Contact Us form or call us on 01242 652100 and ask for Sales to setup an initial discussion.

Cloud migrations

Whether considering the procurement of cloud services or migrating the organisation’s existing services onto a cloud delivery model it is important to identify and manage the risks associated with cloud migrations.

  • Identify the security risks associated with a cloud migration
  • Produce an information security action plan to appropriately manage the risks
  • Reduce the likelihood of information security incidents associated with migrating the cloud

Whether considering the procurement of cloud services or migrating the organisation’s existing services onto a cloud delivery model it is important to identify and manage the risks associated with cloud migrations.

A security assessment of the cloud service will help to recognise the project risks and will appropriately feed into the project or organisational risk register to ensure effective risk management and where necessary the implementation of additional security controls.

The Prism Infosec Cloud Security Assessment service includes an initial consultation to understand more about your business and its associated threat landscape as well as to explore further your cloud migration project.

Following that, we will work with your project teams to understand the service in more detail, including how it will be delivered or consumed, alongside how it will be managed on an ongoing basis. Our consultants will also determine the nature of the information assets that are being hosted within the cloud environment to incorporate any risks associated with legal or regulatory issues that could affect the service.

The service deliverable shall be executive and detailed reports clearly identifying the risks associated with the cloud service and any associated organisational assets, alongside practical, pragmatic, clear and concise recommendations on how to effectively manage them moving forward. Additionally, we will deliver a presentation to executive and/or technical staff on our findings and recommendations.

Email Prism Infosec, complete our Contact Us form or call us on 01242 652100 and ask for Sales to setup an initial discussion.

Cyber Maturity Assessment

 

Prism Infosec has developed a point-in-time Cyber Maturity Assessment to assist organisations with identifying existing areas of strong cyber security defence (in line with current best practice), as well as where improvements can be made. The assessment has been designed to support all sizes of organisation, from SMEs to Enterprise. It can be used to provide “C-Suite” with an initial benchmark of cyber security maturity and organisational performance. Prism Infosec shall assess people, processes, and technologies to determine your current cyber maturity level.

Assessment Process

Prism Infosec consultants will conduct the assessment through a combination of key stakeholder interviews, documentary reviews and observational information to analyse the findings and present the output in a clear, concise report that provides a benchmark of cyber security maturity alongside recommendations for improvement.

What will our organisation get out of it?

Our cyber maturity assessment report will quickly and clearly document areas which demonstrate best practices or where further action is needed. As an overview of your current cyber maturity it will allow you to focus resources where they are most needed in order to improve your overall cyber security posture. The assessment can be used to inform future cyber maturity management projects in support of business objectives.

Key Features & Benefits

One exercise which shows your current cyber maturity state based on the widely accepted NIST framework:

  • Identify
  • Protect
  • Detect
  • Respond
  • Recover

Practical, concise report output

The following key areas will be included in the report to provide a clear understanding of you cyber security maturity:

  • Asset Management
  • Governance
  • Risk Assessment
  • Supply Chain
  • Identity Management & Access Control
  • Awareness & Training
  • Information Protection Processes & Procedures
  • Protective Technology
  • Security Monitoring
  • Detection Process
  • Response Planning
  • Recovery Planning

Engagement

To arrange a Cyber Maturity Assessment to determine your cyber security maturity and organisational performance, please email contact@prisminfosec.com or call 01242 652 100

Cyber Maturity Assessment to assist organisations with identifying existing areas of strong cyber security defence

Take at look at all our services

GovAssure

Prism Infosec ensures that our experienced team of cyber security consultants provide you with GovAssure audit consultancy as a government organisation who are required to undergo GovAssure self-assessment. Working alongside key stakeholders our consultants will review evidence provided in support of the GovAssure submission and provide an assessment of compliance.

Launched in April 2023  GovAssure service will provide public sector organisations with the ability to assess their cyber maturity in relation to the UK Government Cyber Security Strategy. As a government organisations you will be required to conduct a GovAssure self-assessment which will then subject to an independent 3rd party GovAssure approved assessment against the requirements documented in the National Cyber Security Centre (NCSC) Cyber Assurance Framework (CAF): –

  • Objective 1 Manage cyber security risk 
  • Objective 2 Protect against cyber risk 
  • Objective 3 Detect cyber security events 
  • Objective 4 Minimise the impact of cyber security incidents 

The four objectives above are supported by 14 principles which include 39 contributing outcomes that specify what you need to achieved in order to meet those outcomes. This provides more clarity than would be available as a checklist. Each contributing outcome is aligned to a set of indicators of good practice (IGPs) which are used to develop sector-specific CAF profiles so that your organisation has a view of appropriate and proportionate cyber security. 

CAF Principles: –

  • Governance
  • Risk Management
  • Asset Management
  • Supply Chain
  • Service Protection Policies and Processes
  • Identity and Access Control
  • Data Security
  • System Security
  • Resilient Networks and Systems
  • Staff Awareness and Training
  • Security Monitoring
  • Proactive Security Event Discovery
  • Response and Recovery Planning
  • Lessons Learned

Prism InfoSec’s GovAssure certified consultants will assess your self-assessment against the CAF to verify your current cyber security maturity.

Your GovAssure status will then be reviewed by the Government Security Group who will then work with you to generate a get well plan to remediate any risks identified.

Email Prism Infosec, complete our Contact Us form or call us on 01242 652100 and ask for Sales to setup an initial discussion.

Virtual Chief Information Security Officer Service

vCISO as a service Overview

The Virtual Chief Information Security Officer (vCISO) as a service is a comprehensive and flexible solution designed to provide organisations with expert guidance, strategic planning, and leadership in information security. The service offers a cost-effective alternative to hiring a full-time, in-house CISO by leveraging experienced professionals who can deliver tailored information security management and support remotely.

Objective

The primary objective of the vCISO as a service is to assist organisations in developing, implementing, and maintaining a robust information security program that aligns with their specific needs, industry requirements, and regulatory compliance obligations. This is achieved by providing access to a team of skilled professionals with expertise in various aspects of information security and risk management.

Scope of Services

The vCISO as a service covers a broad range of activities and responsibilities, including but not limited to:

  1. Security Strategy and Planning:
  1. Development and maintenance of an information security strategy and roadmap
  2. Establishment of security policies, procedures, and guidelines
  3. Alignment of security initiatives with organizational objectives and industry best practices
  • Risk Management:
    1. Identification, assessment, and prioritisation of information security risks
    2. Implementation of risk mitigation measures and controls
    3. Regular monitoring and reporting of risk posture
  • Compliance Management:
    1. Ensuring adherence to industry-specific regulations and standards (e.g., GDPR, PCI-DSS, etc.)
    2. Management of security audits, assessments, and certifications
    3. Implementation of required controls and remediation activities
  • Incident Management:
    1. Development and implementation of an incident response plan
    2. Conduct incident response table top exercises
    3. Coordination and support during security incidents
  • Security Awareness and Training:
    1. Development and delivery of security awareness programs and training materials
    2. Regular communications to promote a security-conscious culture within the organisation
  • Supplier and Third-Party Risk Management:
    1. Evaluation of third-party security risks and management of supplier relationships
    2. Implementation of appropriate security controls for third-party access and data sharing
  • Cybersecurity Metrics and Reporting:
    1. Collection, analysis, and reporting of key security metrics
    2. Regular reporting to executive management and relevant stakeholders

Engagement Model

The vCISO as a service is typically provided on a retainer basis, with a predetermined number of days allocated per month for the required scope of services. The engagement model can be adjusted based on the specific needs of the organisation, with options for project-based or ad-hoc support as needed.

Benefits

By opting for a vCISO as a service, organisations can benefit from:

  1. Access to a team of highly skilled and experienced information security professionals
  2. Cost savings compared to hiring a full-time, in-house CISO
  3. Flexibility to scale services up or down based on changing needs and priorities
  4. Enhanced security posture through expert guidance, strategy, and execution

Improved compliance with regulatory requirements and industry standards

Having the right people with the right skills in place is key to managing information security risk within your organisation. There is a global shortage of cyber security professionals at all levels but especially so at senior management level. Data is the lifeblood Prism Infosec is able to provide experienced cyber consultants to act as a virtual CISO (vCISO) within your organisation to provide the leadership and guidance needed to ensure that an effective, comprehensive and pragmatic information security framework is established and maintained.

The vCISO as a service enables the effective management of information security and reduces the realisation of risks, informs best practice and also improves the organisational security culture.

Given the way organisations now work whether on premises, remotely or hybrid our vCISO will support you in a bespoke manner. We can tailor the necessary time needed to fit your requirements, ranging from a weekly calls or onsite meetings to support your organisational information security needs being available accordingly.

Email Prism Infosec, complete our Contact Us form or call us on 01242 652100 and ask for Sales to setup an initial discussion.