It is crucial that understand the exposure your organisation has to phishing, spear phishing, or even whaling attempts. Knowing what these types of attacks look like is the first step in ensuring the safety of your network and, ultimately, the reputation of your business. In raising awareness of these threats, this service strengthens a key part of your cyber security – your people.

Using statistics from a simulated phishing campaign we are able to produce an in-depth executive summary identifying areas within an organisation that would benefit from increased or additional cyber awareness training.

An ITC pen test will help you to:

• Sophisticated and safe simulated phishing campaigns run on a quarterly basis
• Increased awareness of phishing attacks within an organisation
• An understanding of the responsive actions employees should take

It’s critical you have a qualified view of the cyber risks your organisation is exposed to. Whether it’s a point-in-time view of your own cyber security maturity, that of a current third-party supplier, vendor or partner, or that of a business you are considering investing in, trading with or acquiring, this service will provide you with the information needed to make informed decisions.

We provide a straightforward report that rates the cyber security of your business or that of a third party, giving comparisons with industry peers.

The ratings report provides data on:

• Compromised systems (evidence of any communication with known malware-associated IP addresses)
• Diligence (the configuration of public facing services, such as emails and encryption)
• User behaviour (potentially insecure practices such as the use of peer-to-peer file sharing)

Cyber attacks are a daily occurrence, so an effective defence barrier is essential. And staying ahead of the so-called threat actors is critical. Gaining knowledge of an attack before it happens means you can be prepared – ready to prevent any form of data loss or loss of service, and confident your organisation’s key data assets (its Crown Jewels) are safe.

ITC’s advanced threat intelligence solution provides organisations with regular cyber security updates relevant to their sector, and with professional advice on how to prevent attacks from specific threat actors.

This service identifies potential cyber risks to your organisation, and provides:

• Expert advice on industry-specific threat actors
• Incident monitoring specific to your organisation (domain squatting and brand protection)
• Security for your organisation, both physical and intellectual

It’s estimated that over 60% of breaches are linked to third parties. So, understanding and mitigating this risk is a business imperative. Whether it’s vendors, clients, partners or acquisitions you’re dealing with, continuous visibility of their security performance is critical. Poorly rated third parties carry a significantly higher risk of cyber breach.

Using externally observable data, our analysts can rate all the third parties you interact with.

This service delivers:

• A stress-free onboarding process
• 24x7x365 monitoring
• Industry recognised ratings from expert analysts
• Risk identification and advice for remediation
• Peer and industry comparisons

It also frees up time for your valuable internal resources.

This is a cost effective, entry-level cyber protection service that guards against network intruders and attackers. Allowing you to be sure your network perimeter is secure, and to know that anyone accessing it, from outside or inside, will not pose a risk to your cyber security. It’s an essential part of the cyber security basic hygiene that all businesses should adopt, and it ensures compliance with the growing demands from tighter regulation.

The service ensures that, in spite of an ever-evolving threat landscape, your critical infrastructure is protected and you have control and visibility of all applications.

ITC delivers:

• 24/7/365 proactive monitoring and management
• Rapid deployment of preventative measures
• Protection against advanced persistent threats
• Actions to stop malware entering your network
• ISO 20000:1 change control processes
• Easy integration with other ITC services

How do you know who’s using your network, when and for how long? Can you compare usage to identify suspicious behaviour? And do you have records that confirm your regulatory compliance?

This service simplifies your security arrangements by providing:

• 24x7x365 monitoring (via our secure operations centre in London)
• Time-synchronised logs across your multiple platforms (infrastructure, servers, endpoints and applications)
• Scalable secure storage for the multiple terabytes of data logged each day
• A centralised repository which ensures regulatory compliance

The service also enables better risk management and decision-making, as logged data can be used in sophisticated ‘what ifs?’ to evaluate, and plan for, possible future intrusions. This means appropriate recovery plans can be designed around likely scenarios.

In an ever-evolving threat landscape, with increasing corporate risk responsibilities, more regulated compliance rules and hefty breach fines, how do you manage your cyber risk, your critical data and protect your brand reputation?

The main benefit associated with ITC’s SIEM service is peace of mind. We deliver this through a constant process of monitoring known areas of risk and analysing dynamic threat feeds, which we review against your logging data, asset model and vulnerability management rules.

The service provides:

• 24x7x365 monitoring (via our secure operations centre in London)
• Time-synchronised logs across your multiple platforms (infrastructure, servers, endpoints and applications)
• Scalable secure storage for the multiple terabytes of data logged each day
• A centralised repository which ensures regulatory compliance

In a world where cyber resource is scarce and most businesses require around ten full-time staff to provide 24-hour network monitoring, our experts take the pressure off your security team and help you make the most of your IT budget.

How can you provide a mobile workforce or a diverse customer base with access to your network while ensuring security and complying with data regulations?

And with BYOD and the IoT can you really police who, and what, uses your network without limiting creativity, reducing productivity and potentially excluding new business?

Through a process of simplifying, identifying, controlling and remediating, our NAC service enables seamless interaction, while ensuring compliance.

It provides:

• 24x7x365 proactive monitoring and management across your entire network (wired and wireless)
• Visibility from any device, anywhere at any time
• Processes for guest access and onboarding
• Assurances to keep pace with ever-evolving cyber threats (patch management policies)
• Automated containment of rogue or compromised devices

It will help you to understand the threat to your business, and enable you to take control of, and manage your level of risk. It does this by establishing where you are most vulnerable to cyber attacks, identifying precisely what’s on your network, where your key data is housed, what should be patched and how effective your patching process is.

It also considers the cyber threats to your business – what they are, which are a priority and where you are most vulnerable to the attacks that will inevitably occur.

You will obtain visibility of all your assets (known and unknown), and gain an understanding of those that are critical to your business.

To make this possible we:

• Provide visibility of disparate systems and applications
• Identify your critical data
• Show you where you are most vulnerable
• Review the effectiveness of your current patching process.

Based on machine learning and artificial intelligence, it observes and monitors user devices and network activity to learn your organisation’s way of life. It can then detect threats and anomalies in real time – and act on them.

This will help you manage the evolving risk of cyber attacks and ever-present insider threats, meet increasing regulatory expectations, and make best use of finite resources.

It is an automated process that provides 24x7x365 security risk reduction and real time remediation of incidents that may have gone undetected in traditional event-driven alerting platforms.

In addition it:

• Frees-up existing staff (entire network monitoring reduces reliance on security maintenance)
• Brings greater visibility of network traffic (maintains regulatory compliance)
• Increases flexibility and cost-effectiveness (additional benefits through integration with existing services)