Information Security
We help transform information security from a source of fear, risk, and complexity to a source of strength, value, and competitive advantage.
Cybersecurity (Self-Learning AI & Threat Intelligence)
Darktrace, a global leader in cybersecurity AI, delivers world-class technology that protects over 5,000 customers worldwide from advanced threats, including ransomware and cloud and SaaS attacks. The company’s fundamentally different approach applies Self-Learning AI to enable machines to understand the business in order to autonomously defend it. Headquartered in Cambridge, UK, the company has 1,500 employees and over 30 offices worldwide. Darktrace was named one of TIME Magazine’s ‘Most Influential Companies’ for 2021.
The Enterprise Immune System detects novel attacks and insider threats at an early stage — without relying on rules, signatures, or prior assumptions.
Modeled on the human immune system, the technology learns and understands ‘self’ for everyone and everything in the business, and can spot the subtle signals of an advanced attack, whether that emerges in the network, cloud environments, SaaS applications, or endpoint devices.
Industrial Immune System is a fundamental AI technology for OT cyber defense. It works by passively learning what ‘normal’ looks like across OT, IT and industrial IoT, allowing it to detect even the subtlest signals of emerging cyber-threats in real time, in both OT environments, such as SCADA systems, and IT networks.
Powered by Self-Learning AI, Darktrace Antigena is an Autonomous Response technology that calculate the best action to take, in the shortest period of time, to effectively respond to in-progress cyber-threats, limiting damage and stopping their spread in real time.
Antigena can stop novel and advanced phishing attacks from reaching the inbox, prevent account takeovers in cloud applications, and stop ransomware in its earliest stages. Its response is targeted and proportionate, containing the threat in seconds, without disrupting the business.
Over three years, Darktrace developed AI that observed how expert security analysts interacted with the output of our Self-Learning AI and came to conclusions about threat scenarios and incidents.
The result is Cyber AI Analyst, Darktrace’s AI investigation technology, which saves security teams time by automatically and continuously triaging, interpreting, and reporting on the full range of security events. It prioritizes the most relevant incidents and generates natural-language reports ready for review and action.
"Darktrace is a game-changer. It allows us to remain resilient in a rapidly changing threat landscape.”
CEO and Founder, Raspberry Pi
Key benefits:
Dark Web Intelligence & Monitoring
Searchlight Cyber’s market-leading dark web investigation and monitoring tools are trusted by the world’s most forward-thinking law enforcement agencies, enterprises and MSSPs. The Cerberus and DarkIQ products equip governments, law enforcement agencies, as well as energy and financial service industries with an unmatched toolset of dark web intelligence and monitoring tools in their fight against criminal activity on the dark web.
Cerberus: The dark web investigation platform. Gather intelligence on marketplaces, forums, sites, individuals, and groups from the most comprehensive datasource on deep and dark web activity.
DarkIQ: The dark web monitoring platform, which continuously searches the deep and dark web for indicators of an attack against your organisation.
Security Awareness Training
According to Cybint, 95% of cybersecurity breaches are caused by human error, proving that cybercrimes consistently rely on the human factor to succeed. In 2018, 21% of breaches were due to employee negligence. We help ensure that your employees are empowered with a sense of awareness and understanding, necessary to handle information that must pass through security protocols, making them less prone to costly security incidents.
Why invest in Security Awareness Training?
Loss due to cybersecurity breaches and reputational damage cost companies millions every year while employee training cost is significantly less.
As cyberattacks increase, regulators such as the Payment Card Industry Data Security Standard (PCI DSS) are calling on specific industries to implement security awareness training.
As organisations adapt to new Work-From-Home arrangements, employees are no longer restricted to the confines of the corporate office. However, security awareness should also be maintained even from home.
Awareness training in Social Engineering (such as scamming) is especially important if your organisation employs seasonal staff.
Training not only benefits the organization but also customers, suppliers and other entities they are linked to. In the world of cybersecurity, once one network is infected, the rest are just seconds away from facing the same fate. A trained workforce can make a difference.
Our Security Awareness Training programs include:
We provide baseline testing to assess the Phish-Prone™ percentage of your users through a free simulated phishing attack.
The world’s largest library of security awareness training content; including interactive modules, videos, games, posters and newsletters. Automated training campaigns with scheduled reminder emails.
Best-in-class, fully automated simulated phishing attacks, thousands of templates with unlimited usage, and community phishing templates.
Enterprise-strength reporting, showing stats and graphs for both training and phishing, ready for management. Show the great ROI!
Step 1
Analyze
Step 2
Train
Step 3
Phish (Test)
Step 4
Review Results
Step 5
Targeted Training
Step 6
Execute
Risk Management Services
As your business evolves and grows, new risks inevitably emerge. For example, new technology applications can increase vulnerability, and moving platforms off-premise to the cloud can create new opportunities for hackers. Taking steps to modernise the business and introducing new technologies is necessary to drive growth, but you also must keep technology risk and security management in mind to identify and address potential threats and intrusions that come along with change.
- Enterprise Risk Culture & Maturity Analysis
- Risk Appetite Definitions & Key Risk Indicators (KRIs)
- Risk Appetite Assessment & Statement Review
- Board Level Reporting Review
- Enterprise Risk Management Committee (ERMC)
- Risk Acceptance Committee (RAC)
- Regulatory Compliance Analysis & Response Assistance
- Expertise in GRC Software Tools
- Review of Risk & Control Self-Assessment (RCSA) Procedures & Use of Effective Challenges
- Review of Risk & Control Language & Risk Register
- Review of Inherent Risk (IRR) & Residual Risk (RRR) Ratings Scoring Methodology
- Review of Control Effectiveness Procedures & Quality of Evidence
- Assistance in Audit Preparedness
- Policy Review and Gap Analysis of Internal Policies
- Policy Mapping Against Industry Authoritative Sources such as NIST, CIS, ISO 27001/2, HIPPA, GDPR, & FISMA
- Reviews include Validation of Internal Procedures w/Process Walk-Thru & Deep Dives
- Review of Issues Management Procedures
- Review of Issues Validation Procedures, Issues Descriptions & Remediation Plans
- Improve Enterprise Risk Management (ERM) Function (2nd Line in 3 LOD Model)
- Leverage Risk Management (RMF) & Cyber Security (CSF) Framework Implementations
- Implement Strategies to Achieve and Maintain a High RMF Maturity Level
- Identify Key Stakeholders and Achieve Buy-In for RMF Value Proposition
- Achieve Greater Risk Management Awareness throughout the Enterprise
- Reduce Risk Scores & Increase Overall Market Attractiveness
- Policy Development
- Policy Review and Recommendations
Continuous network monitoring and response activities, including the 24x7 NSOC monitoring and alerts, escalation management, security dashboard, SIEM, security SLA/SLO reporting and digital forensics.
OneTrust is the #1 fastest-growing company on Inc. 500 and the category-defining enterprise platform to operationalize trust. More than 10,000 customers, including half of the Fortune Global 500, use OneTrust to make trust a competitive differentiator, implementing central agile workflows across privacy, security, data governance, GRC, third-party risk, ethics and compliance, and ESG programs.
The OneTrust platform is backed by 150 patents and powered by the OneTrust Athena™ AI. Our offerings include OneTrust Privacy, OneTrust DataDiscovery™, OneTrust DataGovernance™, OneTrust Vendorpedia™, OneTrust GRC, OneTrust Ethics, OneTrust PreferenceChoice™, OneTrust ESG, and OneTrust DataGuidance™.
OneTrust GRC enables risk, compliance and audit professionals to identify, measure, and remediate risk across their business to comply with internal rules and external regulations. OneTrust GRC is a part of OneTrust, the #1 most widely used privacy, security, and governance platform trusted by more than 7,500 customers and powered by 130 awarded patents.
OneTrust GRC is powered by the OneTrust Athena™ AI and robotic automation engine, and integrates seamlessly with the full OneTrust platform, including OneTrust Privacy, OneTrust Vendorpedia™, OneTrust PreferenceChoice™, OneTrust Ethics, OneTrust DataGuidance™, OneTrust DataDiscovery™, and OneTrust DataGovernance™.
OneTrust PreferenceChoice™ enables marketers and publishers to drive transparent user experiences, build trust, and comply with 100s of global data privacy regulations, including the CCPA, TCPA, CASL, and GDPR. OneTrust PreferenceChoice is the #1 CMP (according to AdZerk) and is an IAB-registered Transparency and Consent Framework (TCF) 2.0 vendor.
OneTrust PreferenceChoice is a part of OneTrust, the #1 most widely used privacy, security and governance platform used by more than 7,500 customers and powered by 130 awarded patents.
OneTrust Vendorpedia™ is the leading third-party risk exchange - a community of shared vendor risk assessments with 70,000 participating vendors and aggregated data from authoritative security, privacy, and compliance sources. OneTrust Vendorpedia is a part of OneTrust, the #1 most widely used privacy, security and data governance platform backed by 130 awarded patents.
OneTrust Data Privacy is designed to help you visualize the vast amount of data coming into your organization so you can proactively manage your data sprawl while ensuring compliance and honouring customer rights, choice, and transparency.
Go beyond compliance.
Deliver business value and build trust through transparency, choice, and control.
Trust Intelligence (including Data Protection Compliance)
Calibra’s partnerships with OneTrust and Data Privacy & Security Advisors (DPSA) LLC, provide consulting services and software solutions to:
- Bring visibility, action, and automation to customer’s commitments across all Trust domains.
- Help organisations build and maintain programs that feature universal privacy and security best practices and navigate the complex landscape of evolving global regulatory compliance.
From global privacy to industry-specific regulations, DPSA LLC provides businesses with compliance evaluation and technology-driven assessments to identify gaps, uncover risks, and target remediation efforts for the greatest impacts.
- Benefit from data privacy and security expertise in the strategy, operation, and execution of global data protection programs.
- Solve complex compliance problems.
- Develop targeted Notices and Policies for your organisations based on applicable data protection regulations.
- Conduct Gap Analyses, Impact Assessments or Risk Assessments.
- Adapt quickly to the changing regulatory landscape.
- Complete OneTrust Migration and Implementation.
Readiness Assessment (Deep Dive)
A holistic view of your organisation’s cybersecurity policies, procedures and overall security posture is needed to be able to effectively manage security risks associated with your business
Step 1
Security Policy
Step 2
Vulnerability
Step 3
HR Process
Step 4
Vendor Selection Process
Step 5
SETA Programme
Step 6
Threat Hunting
Our Deep Dive approach helps:
Week 1 - 2
Planning
Week 3 - 7
Implementation & Assessment
Week 8 - 10
Reporting & Documentation
Penetration Testing
Conventional penetration testing focuses on identifying and exploiting vulnerabilities in IT Systems by simulating attacks on a network or computer system to evaluate its security—with the permission of that system’s owners.
We partner with top international providers to help:
Step 1
Recon & Mapping
Step 2
Discovery
Step 3
Vulnerability Assessment
Step 4
Exploitation
Step 5
Post Exploitation
Step 6
Reporting
Incident Response Handling
Services that identify, investigate and respond to potential security incidents in a way that minimises impact and supports rapid recovery. Services options include the following:
Pre-negotiate a contract with us to improve your organisation’s readiness and response times for handling cybersecurity incidents. Retainer hours can be used for Calibra’s consultation services if no security breach occurs for the duration of the retainer
Cyber incident response to help remediate a major cybersecurity Incident occurring within your organization. Calibra will assist in the Detection, analysis, containment, and eradication processes as a part of the Incident response.
Information Security Architecture
If a hacker breaches one security measure, Mission Critical Assets (databases, devices, processes and applications that are essential to the day-to-day operations) are still protected by all subsequent layers. This concept is known as Layered Security or Defense in Depth. The combination of multiple security controls slows and eventually thwarts a security attack.
Failure can result in an entire operation grinding to a halt with huge losses in revenue and reputational damage. Are your Mission Critical assets protected?
The first line of defense at the outermost layer of the network and is the boundary between the company’s private network and the public network such as the internet. Data flowing in and out of the network is carefully monitored to prevent any potentially dangerous or unknown traffic that may constitute a threat based on a set of rules about the type of traffic and permitted source/destination addresses on the network.
At the network layer of the framework, protecting resources from unauthorized access and intrusion relies on encryption, intrusion detection and prevention systems, threat intelligence and malware analysis.
Focuses on endpoints or entry points of end-user devices such as desktops, laptops, mobile devices etc. It protects endpoint devices on the network from being exploited by malicious actors or in a cloud environment from cybersecurity threats.
Protects the network by controlling access to applications through authentication, authorisation, encryption, logging and application security testing.
The protection of data at different states such as DAR (data-at-rest), DIU (data-in-use), DIM (data-in-motion). It also includes data classification, drive encryption and Public Key Infrastructure (PKI).
- Policy Development
- Policy Review and Recommendations
Continuous network monitoring and response activities, including the 24x7 NSOC monitoring and alerts, escalation management, security dashboard, SIEM, security SLA/SLO reporting and digital forensics.