Leading Source for UK Technology News & Insights

Managed DevSecOps Services

This is our most comprehensive service offering so we have divided it into 3 distinct engagement models to better align with software development lifecycle. Phase wise detail of our service is provided below

Planning

  1. Selecting the appropriate technology stack for your application and your customers’ requirements

Content Delivery Network

Setting up processes and git workflows to ensure the development team can focus on building the application and necessary feedback loop are enabled, to help them improve and speed up the development process

Setting up Continuous Integration (CI) pipeline to enable developers to test their code, the moment they make any change

Integrating security tools for static and dynamic security scans to ensure you don’t merge any vulnerable code to your production branch

Automating build creation process so it can easily and automatically be deployed to various environments (staging, QA, Integration, and Production).

Deployment

Automating the infrastructure design and rollout using Terraform, Ansible, and other well-known IaC tools

Automatic, fast and reproducible deployments to all major cloud providers (AWS, Azure, and GCP etc.)

Leveraging cloud agnostic solutions like Docker, Kubernetes etc.; to ensure that your application is not vendor locked and can run on any major cloud platform

Integration and security testing as part of the pre-release cycle

Post Deployment

Implementing monitoring practices and solutions (Prometheus, netdata etc.) feedback practices

Troubleshooting – enabling teams to quickly identify and fix issues before they cause downtimes

Integrating application performance monitoring & advising teams ‘how they can handle performance bottlenecks?’ (NewRelic, DataDog)

Managing and running bug bounty programs

Managing and coordinating with the security teams to run periodic pen tests for infrastructure and applications

Designing escalation policies and incident handling frameworks — so you’re timely notified and can respond to an incident

Disaster recovery and backup strategies

Security and Monitoring

Integrating and enabling security controls for the production environments

Helping security teams by enabling them to collect logs and alerts from all the critical infrastructure components

Managing application firewalls to automatically respond to scanners and DOS attacks

Engagement & Pricing Model

hourly

  • Fixed development and support hours – hourly bucket’s price

monthly

  • Engineering resources augmentation – monthly price

estimation

  • One-time engagement for assessment and review – sizing and estimation based pricing

Managed Defense Operations

We’ve Got You Covered!

Being an MSP, the issues faced by security teams around the world are not alien to us. We have carved out our managed defense operations (MDO) to fulfill the needs of small, medium, and large enterprises for boosting their operational level (OP-Level) and efficiency against threats that matter.

  • OP-Level 1 | MSOC | MDO Standard
    A standard managed security operations center service for organizations to make sure their security operations run smoothly all while staying in budget
  • OP-Level 2 | MDR | MDO Advanced
    An advanced service that fulfills all the managed detection and response requirement
  • OP-Level 3 | MDO-X | MDO Premium
    A premium service that fulfills all the managed detection and response requirements and more

Vulnerability Management Service

Remote service designed especially for customers looking to deal with vulnerabilities on a regular basis
Vulnerability risk assessment
Virtual Patching

Read More

Optional Services

L2-as-a-Service (L2aaS)
Remote service designed especially for customers who can manage their L1 operations
Advanced investigations
Playbook creation

Read More

MDO – Salient Features

24×7 monitoring of network & endpoints (log ingestion)
Alert investigation, managed escalations, and false alarm identification
SIEM optimization, log management

Read More

Governance, Risk & Compliance Consultancy Services

1 .Security Governance & Compliance Services

RMS

We offer our customers Risk Management Service (RMS -ISO 31000) that helps them to identify and manage enterprise business and operational risks.

Read More

BCMS

We help organization to implement Business Continuity Management System (BCMS – ISO 22301). It helps them to protect against, prepare for, respond to, and recover

Read More

CIS Controls

The Center for Internet Security (CIS) critical security controls v8 is a prioritized set of best practices created to stop the most pervasive and dangerous threats of today.

Read More

SOC 2

SOC (Service Organization Control) 2 is a voluntary compliance standard for service organizations, developed by the American Institute of CPAs (AICPA), which specifies how

Read More

PCI-DSS

The Payment Card Industry Data Security Standard (PCI DSS) is a globally accepted set of policies and procedures intended to optimize the security of credit, debit and cash card

Read More

ISMS (ISO 27001)

Information Security Management System (ISMS – ISO 27001) is an ISO standard on “how to solve information security problems for the organizations” — from all possible dimensions.

Read More

2 .Healthcare Governance & Compliance Services

EHNAC

Electronic Healthcare Network Accreditation Commission (EHNAC) is an independent, federally recognized, standards development organization designed to improve transactional quality, operational efficiency and data security in healthcare. Once an organization becomes EHNAC-accredited, it will meet

Read More

HITRUST

HITRUST (Health Information Trust Alliance) was founded in 2007 and uses the “HITRUST approach” to help organizations from all sectors–but especially healthcare–effectively manage data, information risk, and compliance. HITRUST certification by the HITRUST Alliance enables vendors and covered entities to

Read More

HIPAA

HIPAA compliance is the process that business associates and covered entities follow to protect and secure Protected Health Information (PHI) as prescribed by the Health Insurance Portability and Accountability Act. Achieving compliance with the detailed requirements of HIPAA regulations is

Read More

3. Privacy Governance & Compliance Services

PIPEDA

The Personal Information Protection and Electronic Documents Act (PIPEDA) is a Canadian law relating to data privacy. It governs how private sector organizations collect, use and disclose personal information in the course of commercial business.

Read More

CCPA

The California Consumer Privacy Act (CCPA) is a state law intended to enhance privacy rights and consumer protection for residents of California, United States. We offer CCPA gap analysis and imple mentation consultancy service to our customers.

Read More

PIMS

Privacy Information Management System (PIMS – ISO 27701) helps businesses to protect personal data and privacy information which is used by the businesses in due course of business. We offer PIMS gap analysis and implementation consultancy service

Read More

GDPR / UK- GDPR

The General Data Protection Regulation (GDPR) is an EU-wide regulation that controls how companies and other organizations handle personal data (PII). Moreover, the Data Protection Act (DPA) 2018 controls, how the personal information is used

Read More

4. Quality Assurance & Management Services

OHSM

Occupational Health and Safety Management Systems standard (OH&SMS – ISO 45001) provides a framework for managing OH&S risks and opportunities within an organization. Designed to help organizations reduce risks and hazards within the workplace, implementing ISO 45001 has various

Read More

CMMI

Quality Assurance & Management Services Capability Maturity Model Integration (CMMI) is a process and behavioral model that helps organizations streamline process improvement and encourage productive, efficient behaviors that decrease risks in software, product, and service development.

Read More

Digital Forensics & Incident Response

1. Incident Response

What We Do

Primarily we respond to following types of intrusions:

  1. Rogue activity inside enterprise network or infrastructure
  2. Theft of data, PII or intellectual property
  3. Sabotage or destruction
  4. Insider threats
  5. Financial crime
We Cover
  1. Log Anlaysis
  2. Host Forensics
  3. Memory Forensics
  4. Network Forensics
  5. Malware Analysis
Engagement & Pricing Model

One-Time Response
Priced Hourly
Retainer
Priced per 50+hour quarterly bucket

2. Compromise Assessment Service

We Cover
  1. Organization-wide IOC hunting
  2. Clue-based deep dive
  3. Network traffic analysis

In the case where a compromise is identified, we have the ability to quickly pivot from compromise assessment to incident response (on customer’s discretion

Engagement &  Pricing Model

One Time Assessment
Priced on Number of Assets

A thorough assessment whether you got compromised or not?

3. Incident Readiness Drills

What We Do

Test your organization’s defense with a simulated scenario just like a real cyber-attack. We utilize our knowledge of responding to intrusions to create adversary or scenario specific simulations and then run them against your infrastructure to identify gaps and mitigate them before you actually face an incident
Our Belief
“The more you sweat in training, the lesser you bleed in battle !”

Engagement & Pricing Model

Bi-Annual Drills

Priced Per Drill (2 weeks of engagement per drill)

Quarterly Drills

Priced Per Drill (2 weeks of engagement per drill)

Knowledge of your enemy’s offensive capability, determines the strength of your defense

4. Incident Readiness Service

We assess the readiness of your organization against future incidents with a 360-degree perspective of security.

We Assess

Strategic Capability

- Maturity of your incident response plan

- Response procedures, roles and policies

- Maturity of response team and its layers of defense

Operational Capability

- Ability to investigate and respond from a single point

- Ability to investigate at scale

- Level of visibility inside host and network telemetry

Our Belief
“You cannot protect what you don’t know!”

Engagement & Pricing Model

One-Time Assessment

Priced Per Engagement

Add-Ons include

  1. Assistance in creation of Information Security Policy
  2. Assistance in creation of Incident Response Plan
  3. Assistance in creation of Response Playbooks

CYBERSECURITY ASSESSMENT SERVICES

We Offer

We Offer Cloud Security Assessment

Amazon web services (AWS), Microsoft Azure and Google Cloud Platform (GCP) security assessment is performed based upon the CIS security benchmarks. To go above and beyond, we use our custom scripts and tools -- to cover all security aspects for cloud infrastructure

Read More

External Infrastructure Pentest

Pentest conducted through the Internet by an ‘attacker’ with no preliminary knowledge of your system

Read More

Internal Infrastructure Pentest

Pentest scenarios based on an internal ‘attacker’ , like a legitimate infrastructure user or visitor with only physical access to organization network or a guest with limited systems access

Read More

Build & Configuration Review Pentest

Build and configuration review testing uses an authenticated -- credential base access and scanning -- approach to identify vulnerabilities, security baseline & configuration settings, potential illegitimate access to sensitive data and other issues and potential com promises on devices

Read More

Wireless Network Pentest

Wireless network pentesting provides an ordered list of issues, their associated qualitative risks, and remediation guidelines for identified vulnerabilities

Read More

Web/Mobile application Pentest

Web and Mobile applications are tested for exploitable vulnerabilities identifications and business logic flows. Please refer ‘modes of penetration testing’ below for further details

Read More

Social Engineering Based Testing

End users are the weakest link of cybersecurity control chain. An assessment is conducted to test the security awareness among the personnel of the organization that includes phishing, pseudo-malicious links in emails, and crafted suspicious attachments etc

Read More

Red Teaming (RT)

Unlike VAPT’s breadth intensive activities in vulnerability identification, our red teaming service is a depth intensive activity. It is based upon non-destructive methodology -- during the emulation of attacker’s behavior -- to achieve the ‘mutually agreed mission objectives’ with the Customer IT/security teams. To combat the hackers, the defenders need to mimic the thinking patterns of hackers

Read More

Our Methodology

Tech4uk’ broad penetration testing methodology is given here with brevity. But, a carefully define scope would leverage actual components of the testing.

Read More

Planning & Preparation

Defining the scope and goals of a penetration testing activity including the systems to be addressed and the testing methods to be used.

Read More

Reporting & Deliverables

A penetration testing conducted by Tech4uk Pentest team will include a post assessment report – that will detail any vulnerabilities discovered and a step-by step remediation guidance to fix them

Black Box Pentest (BBP)

Black box penetration is conducted from outside -- the by a pentester -- with zero preliminary knowledge of an infrastructure and/or applications.

Read More

Gray Box Pentest (GBP)

In gray box testing, pentester may have a partial understanding of the application. They login through all available user profiles of the application

Read More

White Box Pentest (WBP)

If static application security testing (source code review) is integrated with gray box penetration it is labelled as white box pentesting.

Read More

Offensive Security Certifications

Offensive Security Certified Professional (OSCP) CREST Practitioner Security Analyst (CPSA) CREST Practitioner Security Analyst (CPSA)

Read More