Security Advisory Services, UK
UNDERSTANDING YOUR SECURITY
Navigating today’s complex cyber security landscape is a challenge for many organisations and the demand for expert guidance is higher than ever. At PSBA, we offer bespoke strategic advice and solutions to organisations across the globe to assist at every stage of their security journey.
The Security Advisory Services team assesses and tests an organisation’s defences and selects the solutions that best matches their security needs – whether it’s building a new security strategy or upgrading their protections to combat the latest threats.
We are here to help your organisation with a wide range of security challenges, underpinned by our
vast experience and collaborative approach.
OUR REMIT
Our close relationships with security specialists and sales teams means we are in the perfect position to deliver expert advice. We take a holistic approach to building a strategic relationship with our customers in order to understand their cyber maturity, including Governance, Risk and Compliance (GRC), Cyber Maturity Assessments / Health checks, Zero-Trust, Cloud, Operational Technology (OT) / Industrial Control Systems (ICS) and Internet of Things (IoT) security, as well as other areas of cyber security.
Through this approach, we become well versed in your organisation’s needs and, through collaboration, can create a tailored and resilient security journey that will last for years to come.
OUR SERVICES
GOVERNANCE, RISK & COMPLIANCE SERVICES
Inadequate risk management can lead to a loss of information regarding security threats. Without this in place, it is difficult to invest effectively in security controls to mitigate against risks, or to know if the implemented controls are appropriate and effective.
We will carry out a cyber risk assessment of your organisation using an agreed methodology. This will look at a number of areas, including:
- Information assets
- Information security threats
- Security controls
- Vulnerabilities
- Overall impact of these on the organisation
The outcome of this assessment, along with discussions with your team, will inform the subsequent risk management process. This will include a document detailing this process and we will provide training on how to maintain this process. We will also work collaboratively to assess the level of risk the organisation is willing to accept and to create a suitable risk register.
Through this process, specific threats will be identified and tailored procedures put in place. Such procedures could include:
- Reduction, to mitigate the risk
- Acceptance of the risk, dependent on an assessment of cost vs benefit
- Transference of the risk by contracting a third party or insurance
- Avoidance of the risk by completely removing it if appropriate
WHAT WILL WE DO?
We ask for an introduction to your account team or, if we are already working with you, your BT team will continue to lead on this work.
Once we have introduced ourselves, our remit and services, should you wish to employ our services, we will write a Statement of Works proposal for a formal piece of work to be commissioned. The proposal will detail the work needed, how the work will be implemented, any requirements for your team and costs for the service. This proposal will be presented by your account manager.
This initial activity and its duration will differ dependent on the service requested and, depending on the piece of work required, can range from a few hours to several months.
Where we need to interact with your networks and systems, such as for a Firewall Policy Configuration review or Industrial Control Systems review, we will provide instructions and assistance to ensure that this is carried out correctly and securely.
WHAT ARE THE OUTPUTS?
When the piece of work is complete, a tailored report will be produced and we will present the findings to discuss next steps.
Where interviews and reporting on findings are required, these can take place on-site or virtually.
Cyber security is a dynamic and constantly evolving field. Without constant vigilance, regular review and testing of security maturity, and clear visibility of system controls, it’s easy for attackers to usurp organisations and take advantage.
Our Security Health Check assesses an organisation’s security maturity at a strategic level to identify risks and produce a prioritised strategy to protect it from threats.
We present our findings in the form of a prioritised list of recommendations mapped against the selected industry standard control framework.
WHAT WILL WE DO?
We will carry out a workshop with key stakeholders within your organisation, engaging with representatives from security, IT, finance, risk, HR, legal, operations, marketing and any other relevant departments to understand the organisation and its business needs. We will also discuss the below:
- Infrastructure and IT estate
- Approach to risk
- Effectiveness of existing policies, processes and controls
These touchpoints will be assessed against an industry standard framework (for example, CIS20 or ISO27K), taking into consideration the specific needs of the organisation.
The health check workshops can take place on-site or virtually. We aim to minimise impact on operations while gathering the necessary information.
WHAT ARE THE OUTPUTS?
We will present our findings in the form of a prioritised list of recommendations, mapped out against the selected industry standard control framework.
Having an Information Security Management System (ISMS) helps an organisation to protect and manage its information. It can enable compliance with laws and regulations such as the European General Data Protection Regulation Act (GDPR), increase resilience and improve responses to cyber threats, secure data, and reduce costs by ensuring focus of investment to areas where it is most needed.
WHAT WILL WE DO?
We will carry out an agreed set of interviews and mark against ISO27001 requirements to determine the suitability of your existing processes and controls. Additionally, we will assist in the creation of an ISMS, which includes:
- Helping to assemble your team and identifying the objectives/scope of the ISMS
- Identifying the controls required for your contractual, business and regulatory purposes
- Conducting a risk assessment to identify any additional necessary controls
- Creating a Statement of Applicability and risk treatment plan
- Drafting policies and procedures as dictated by the selected controls
- Implementing protocols to train and educate staff
- Employing the ISMS
- Monitoring the ISMS to ensure it works as planned
WHAT ARE THE OUTPUTS?
From the output of the interviews, we will develop a prioritised plan to enable your organisation to progress towards ISO27001 compliance. If necessary, we can also help you to develop the required processes and documentation to enable you to gain compliance and, if required, certification.
Reviewing security controls is vital to ensuring that there are no gaps present and that the organisation is operating effectively. It is worth noting that to deliver a robust audit, we may need to use resources that your organisation uses in its day-to-day operations.
WHAT WILL WE DO?
We will audit the organisation to provide independent assurance that your processes around governance, risk management and compliance are effective.
Our advisors will work with your team to understand the level of auditing required, as well as the scope of the testing to be undertaken. The audits can be aligned against a number of frameworks if required, such as CIS20, PCI-DSS, NIST, ISO27001, COBIT and others.
We can carry out the audit on-site or virtually.
WHAT ARE THE OUTPUTS?
We will produce a report detailing the findings of the audit, highlighting any areas of weakness and our recommendations on how best to address these.
ZERO TRUST SERVICES
It is vital that organisations understand who and what has access to their networks and business critical applications.
An identity maturity assessment considers an organisation’s identity maturity at a strategic level, enabling us to understand their identity and access management controls. Using this information, we can identify risks and produce a prioritised strategy to protect your organisation from threats.
WHAT WILL WE DO?
We will carry out a workshop with key stakeholders within your organisation, engaging with representatives from security, IT, finance, risk, HR, legal, operations, marketing and any other relevant departments to understand their operations and business needs. We will also discuss the below:
- Infrastructure and IT estate
- Approach to risk
- Effectiveness of existing policies, processes and controls (specifically where they apply to identity and access)
These touchpoints will be assessed against an industry standard framework, taking into consideration the specific needs of your organisation.
WHAT ARE THE OUTPUTS?
We present our findings in the form of a prioritised list of recommendations on identity and access management to protect your business.
The identity maturity workshops can take place on-site or virtually. We aim to minimise impact on operations while gathering the necessary information.
Managing security for Industrial Control Systems (ICS) and Operational Technology is essential to mitigate threats, deal with security incidents, ensure compliance and verify that an ICS strategy is effective.
WHAT WILL WE DO?
Our ICS offering has been developed to understand your existing and future ICS needs, with specific focus on strategy, compliance and security. These elements are assessed against industry standard frameworks.
WHAT ARE THE OUTPUTS?
By speaking with key stakeholders in the organisation, we will understand the assets, risks, and controls in place within the organisation’s ICS setting. We will assess the existing controls to determine maturity and identify any gaps.
We will use a discovery tool and packet capture data to retrieve information on network behaviour, which we will then analyse and provide a detailed anonymised report of the findings.
Firewall policies can be complex and difficult to manage, requiring specialised resources to ensure they are functioning effectively and protecting the organisation from threats.
Our Firewall Policy Configuration Review service is designed to help you make sense of complex firewall policies. The service highlights faulty configurations, which can not only leave the organisation susceptible to cyber threats, but are also capable of duplicating redundant tools, which can impact performance.
WHAT WILL WE DO?
We will connect securely to your organisation’s firewall, or use provided log files, and use Skybox to analyse the firewall policies and configurations. Policies will be reviewed to identify weak rules or those that are redundant. The firewall configuration will be assessed against industry best practice to identify risks.
WHAT ARE THE OUTPUTS?
We will provide a report highlighting the business risks, including detailed breakdowns of specific issues and critical ratings, along with prioritised recommendations and action plans.
CLOUD SERVICES
A Cloud Security Technical Assessment considers an organisation’s digital infrastructure, including cloud instances, business drivers, key assets and specific regulatory / compliance requirements. An analysis of network traffic allows us to identify risks and produce a prioritised strategy to protect the organisation from threats.
WHAT WILL WE DO?
We will carry out a workshop with key stakeholders within your organisation, speaking with representatives from security, IT and operations to understand their infrastructure.
As part of the assessment, we will use Prisma Cloud – a Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) solution – to conduct read-only analysis of network traffic, user activity, and system and service configurations. We will identify any risks and compliance issues and measure against an appropriate industry standard framework.
WHAT ARE THE OUTPUTS?
We will produce a report detailing relevant threats, along with any issues and risks highlighted by Prisma. The report will also include a prioritised list of recommended actions.
Many businesses have had to quickly deploy Microsoft Office 365 in response to the rise in remote working but do not have a complete understanding of the security tools they have licensed or how to safeguard them. We can help you to secure your Microsoft 365 account and protect users.
The security assessment highlights which security tools are being underused and the key steps you can take to secure your account.
Our Microsoft 365 Security Assessment advisory service will allow you to:
- Reduce the rate of compromised user accounts by up to 99%
- Protect designated powerful accounts to prevent attackers from taking control
- See clear explanations of how existing security threats create risk for the organisation
- Receive a fast, non-intrusive review of their account security
WHAT WILL WE DO?
Once granted access (we can provide full guidance for arranging this and for subsequent removal), we will review the security controls on the account, identify the licensed security tools present, and whether they’re being utilised.
We will analyse the information and match any identified threats against our risk library to establish any vulnerabilities that need addressing.
WHAT ARE THE OUTPUTS?
We will provide a report outlining key business risks and how these could affect your security, based on our experience. This will make you better equipped to make a business case for stronger security. The report will also cover clear and immediate recommendations on how to resolve identified issues for quick security wins.
OPERATIONAL TECHNOLOGY / INDUSTRIAL CONTROL SYSTEMS
New ‘smart’ connected devices are increasingly becoming a part of traditional Operational Technology (OT) environments, which means a higher likelihood of cyber threats.
As OT security starts to become the Chief Information Security Officer’s responsibility, there is an urgency to understand the environment and to identify the risks your organisation is facing. It is too dangerous to rely on reactive security and wait for attacks to occur before responding.
WHAT WILL WE DO?
We will carry out a workshop with key stakeholders within your organisation, speaking with representatives from security, IT and operations to understand their infrastructure.
We will use our bespoke framework model to analyse your organisation’s maturity against our three-layer maturity model, covering 10 categories and management activity for each category. The model is aligned with OT industry standard frameworks, including NIST CSF, IEC62443-2.1 and IEC62443-3.3. We will work with your team to provide a comprehensive cyber maturity assessment of your current status based on our maturity model.
WHAT ARE THE OUTPUTS?
You will receive a set of reports detailing your organisation’s current maturity and benchmarking them against best practice. This will identify any critical gaps, weak points in infrastructure, at-risk assets and uncover pathways between your IT and OT infrastructure.
These reports can help you to develop a proactive approach to defending against threats.
A cyber maturity assessment can be run many times, with scales of detail ranging from levels 1 to 3.
Operational and technological colleagues within Industrial Control Systems (ICS) and IT teams are commonly understaffed and finding themselves with increased remote access demands, which can leave networks vulnerable. Many have unreliable (if any) asset information and are using old systems with inappropriate remote access controls, combined with poorly managed and unpatched networks. This leads to a lack of real-time visibility and an inability to respond effectively to inappropriate activity in the network. Additionally, organisations that want to meet compliance standards, such as IEC62443, require an accurate and up-to-date asset inventory as part of the initial assessment phase.
WHAT WILL WE DO?
We will deploy either a physical or remote sensor on to your network for a fixed period of time in order to capture the traffic in real time from your ICS and Operational Technology (OT) IT network. In order to install the sensor and analyse the data, we will require assistance with firewalls and installation from your on-site network team. For best results, the sensor will need to be on-site for a two-week period and, as the information will be delivered in real time, it means the reporting will be very detailed.
There are two different Proof of Value (POV) packages available: Proof of Value Remote and Proof of Value On-site.
WHAT ARE THE OUTPUTS?
We will produce a detailed analytical report covering:
- Assets detected
- Vulnerability management data
- Summary of information flows
- Any adverse network issues
- Any security threats detected
- Post POV report
The POV will allow you to see exactly what traffic is flowing over your organisation’s network in real time, including all activity and vulnerabilities as they are released, as well as the discovery and details of assets.
Additional benefits include:
- The ability to plan downtime, rather than be dictated by asset failure, as not all unusual activity is criminal
- Manage certificates
- Manage End of Life equipment to plan for upgrades
- Segmenting flat networks
- Analysis of network communications
- Remote access control
PROOF OF VALUE REMOTE
If your organisation can provide remote or internet access, we will deploy an OT sensor on to your site with an agreed time period.
ADVANTAGES:
- Highest level of detail and accuracy
- Platform can be demonstrated using your own data
- Can be set up on multiple sites
DISADVANTAGES:
- Longer delivery time
- Requires remote access or internet access to organisation’s environment
PROOF OF VALUE ON-SITE
If your organisation has a closed environment, we will deploy an OT sensor on to the site with an agreed time period. A member of our team will need to be on-site to carry out the analysis.
ADVANTAGES:
- Highest level of detail and accuracy
- Platform can be demonstrated using your own data
- BT colleague on-site to coordinate set up, initialisation and instruction of the application to your team
- Can be set up on multiple sites
DISADVANTAGES:
- Longer delivery time
- Requires access for BT colleague on organisation’s site
Operational and technological colleagues within Industrial Control Systems (ICS) and IT teams are commonly understaffed and finding themselves with increased remote access demands, which can leave networks vulnerable. Many have unreliable (if any) asset information and are using old systems with inappropriate remote access controls, combined with poorly managed and unpatched networks. This leads to a lack of real-time visibility and an inability to respond effectively to inappropriate activity in the network. Additionally, organisations that want to meet compliance standards such as IEC62443 require an accurate and up-to-date asset inventory as part of the initial assessment phase.
WHAT WILL WE DO?
Based on the packet capture (PCAP) taken from a portion of your network coverage we will produce a bespoke report covering:
- Point in time view of assets connecting to your organisation’s network
- Vulnerabilities, malware and detailed information on the assets seen during the PCAP
- Advice on remedial activity
- A demonstration of the Asset Discovery tool, using the PCAP file
In order to create the report, we will need a PCAP from your network, utilising Wireshark or similar sniffer technology. The PCAP file needs to be approximately 350mb to 450mb in size and the time taken to collect the file will vary depending on how active the network is.
WHAT ARE THE OUTPUTS?
The report will allow you to see exactly what is happening in your organisation’s network at the time of the packet capture. Giving visibility on your Operational Technology (OT) assets is the first step to identifying vulnerabilities and controlling cyber risks.
We will also demonstrate how one of the Asset Discovery applications (eg Nazomi or Dragos) uses the PCAP file so that you can see the live issues on the network.
Additionally, we can also deploy a Proof of Value to provide real-time, detailed reporting, allowing you to see any vulnerabilities as they are released, discovery of assets and information on the assets. This will require on-site work and fine tuning of the tool.
PACKET CAPTURE DEMO (PCAP DEMO)
Your organisation provides the PCAP files to us, which would be transferred securely.
We then perform a demonstration of the Asset Discovery tool on a cloud instance of the OT platform.
ADVANTAGES:
- Fast turnaround
- Simple delivery
- Platform can be demonstrated using organisation’s own data rather than a stock PCAP file
DISADVANTAGES:
- Data is only a snapshot in time – you may miss flows running at lower frequency
- No full insight into infrastructure
PACKET CAPTURE REPORT (PCAP REPORT)
Your organisation provides the PCAP files to us, which would be transferred securely.
We then perform a demonstration of the Asset Discovery tool on a cloud instance of the OT platform.
ADVANTAGES:
- Fast turnaround
- Simple delivery
- Report based on assets seen in the PCAP provided by you
DISADVANTAGES:
- Data is only a brief snapshot in time – you may miss assets running on a less regular basis
- No full insight into infrastructure
The threat landscape is a continuously changing environment, especially within the Operational Technology and Industrial Control field. Staying up to date with vulnerabilities, techniques and tactics that could potentially affect operational environments is an increasingly challenging task. Security Advisory Services are simplifying this task for others by producing a report which summarises the details from the past month in an easy-to-consume format.
WHAT WILL WE DO?
We will produce monthly Operational Technology Threat Intelligence bulletins that detail the latest observed threats to the Industrial Control System and Operational Technology (OT) landscape.
WHAT ARE THE OUTPUTS?
The monthly bulletin provides details of:
- MITRE ATT&CK tactics, techniques and procedures seen used against OT organisations
- Cyber events that have affected OT organisations within the previous month
- Threat leads on observed actors revealing / selling data on OT organisations on the dark web
This helps individuals and organisations to gain visibility into the current threat landscape.