Vulnerability Discovery and Analysis

IT Security professionals today face the challenge of securing complex and diverse environments encompassing mobile workers, cloud infrastructures, networks, applications, devices and back-end systems.  Only by achieving full visibility can you gain a true understanding of how effective your IT security programme is and where the real risks lie. Without this, it is challenging to adequately plan on how best to protect against the threats to your business.

In order to stay on top of impending attacks, it is crucial that businesses are aware of the vulnerabilities on their network so that they can mitigate the risk and should a breach occur, they have the tools and resources to respond and remediate quickly. Once the vulnerability has been rectified it is essential to carry out the necessary analysis and assess the impact on your business.

To be effective when identifying and remediating found vulnerabilities, Sapphire recommends that you develop a vulnerability management programme which is in line with the risk appetite of your business and incorporates your testing, risk management and threat analysis regime.

Penetration Testing

Sapphire has been one of the UK's leading providers of cyber security assurance and testing services; including penetration testing, the security consultancy, and digital forensics since 1996. We are members of the CREST, Tiger, and CESG CHECK schemes and have maintained the CHECK Green Light status since 2004.

The strength and effectiveness of our testing services lie with the expert conducting the test and the quality of the report generated as a result. We pride ourselves on the high quality of our reports which provide a thorough vulnerability analysis, detailed evidence of the associated risks and remediation advice. In addition to this, our consultants are on-hand throughout to offer their expertise, helping you to secure your infrastructure and re-testing if and when required.

We provide a range of different tests from infrastructure vulnerability assessments to mobile device configuration and testing including:

  • External Perimeter
  • Web Applications
  • Mobile Device Testing
  • Vulnerability Scanning
  • CHECK Testing
  • Physical Security Audits
  • OWASP Testing
  • Internal Networking
  • Wireless Network Testing
  • Configuration and Build Reviews
  • Remote Access and VPN Access
  • IT Health Checks
  • Social Engineering (Telephone & Physical)
  • CREST

Security Improvement Programme (SIP)

Our Security Improvement Programme (SIP) offers the visibility needed to define a workable security strategy. We focus on the area’s most needing attention and offering pragmatic advice and guidance on the best controls to implement, in line with your business plans and budget.

The Security Improvement Programme allows organisations to attain the visibility needed to ensure their investment in security appropriate to requirements and effective in its operation, including:

  • Understand your current posture and capabilities
  • Prioritise vulnerabilities and risk
  • Guidance on cyber security resources and investments
  • Uncover existing cyber threats and identify immediate areas of compromise
  • Help define an appropriate cyber security strategy that’s right for your business

Cyber security should include protection for people, information systems, processes and reputation - not just for technology and computers. We take all of these elements into consideration offering the very best advice to protect your business. Our Security Improvement Programme has been designed to take into consideration your business needs and to suit every budget. We will become your outsourced security experts working with you to develop a comprehensive information security strategy in a non-intrusive manner that will have no impact on your business operations. Instead, it will give you the visibility and control needed to take your information security to the next level.

Threat Assessments

It only takes one vulnerable host to infect an entire network. Yet according to research 96% of organisations use at least one high-risk application. Sapphire provides a Security Threat Assessment and Analysis Report, this service enables you to uncover potential risks on your enterprise network.

The benefits of a threat assessment include better awareness of your security risk exposure. The identification and prioritisation of security gaps that require improvement and an introduction to the latest security technologies that cover all aspects of network security.

Our onsite security assessment gives you a threat analysis report that shows: Access to high-risk web applications. Malware-infected computers. Exploited vulnerabilities and attacks. Data leakage incidents and recommendations to protect your network.

Vulnerability Assessments

Over the last 22 years, Sapphire have tested, secured and protected sensitive and mission-critical networks. Our certified testing team continue to draw from this experience and now offer this knowledge in a direct and unique way through our Vulnerability Assessment and Management Service.

Sapphire provides an effective platform for reducing risk through vulnerability detection and alerting. Our managed service continuously monitors networks and critical systems, alerting and informing on the vulnerabilities that could undermine operations, exploit data and compromise businesses. We identify exploitable weakness and provide a platform to prioritise threats for effective remediation planning. Data only resides in the UK, segregated and secured on a per customer basis.

Monthly and quarterly reports are generated for compliance and vulnerabilities. Each report is reviewed by a subject matter expert who will highlight areas of concern and provide their own interpretation of events. Serious vulnerabilities will be escalated immediately and one of our consultants will be available to discuss findings or remediation actions.

Digital Forensics

Our highly experienced forensic team are able to recover data and reconstruct events and associated timelines. Our service includes:

  • Forensic Investigations
  • Data Recovery
  • Forensic Strategy
  • Forensic Awareness Training

We are fully prepared to offer a quick and timely response to all your digital needs, from failed systems to virus/malware infections and compromised systems. Typical investigations include inappropriate content, HR investigations, fraud/theft, disk failure and the contravention of acceptable usage policies.

Our team at Sapphire are on hand right from the start to help, advise and lead you through the often-challenging process of scoping an investigation. Commissioning Sapphire is simple, cost-effective and will ensure that results are presented as irrefutable evidence to an internal group, a disciplinary hearing or a court of law. Sapphire has over a decade of working with digital evidence and is fully certified to ISO/IEC 27001:2013 for the provision of forensic investigation services.