Design and Implementation
The principle of least privilege, where each part of the system has only the privileges that are needed for its function. That way even if an attacker gains access to that part, they have only limited access to the whole system.
Code reviews and unit testing are approaches to make modules more secure.
Defence in depth, where the design is such that more than one subsystem needs to be violated to compromise the integrity of the system and the information it holds.
Default secure settings, and design to “fail secure” rather than “fail insecure” (see fail-safe for the equivalent in safety engineering). Ideally, a secure system should require a deliberate, conscious, knowledgeable and free decision on the part of legitimate authorities in order to make it insecure.
Audit trails tracking system activity, so that when a security breach occurs, the mechanism and extent of the breach can be determined. Storing audit trails remotely, where they can only be appended to, can keep intruders from covering their tracks.
Security Posture Snapshot – this service provides organisations with a high-level cyber threat and resilience assessment designed to identify the security issues that require further effort to raise security standards to a level commensurate with the threats to the particular business.
Governance, Risk and Compliance (GRC) – services are designed to assist an organisation’s executives and management team to develop or enhance an overall program to manage business risk. Our specialised cyber security experts will provide an independent assessment of an organisation’s current information security program and policies, which can lead to better risk mitigation and business delivery optimisation, and enhanced communication and elevated reputational advantage.
Security Architecture and Review -security architecture review provides organisations with an expert review of architectural designs to ensure appropriate security controls are implemented and systems are appropriately resilient to cyber attack.
Virtual Security Advisor – A service to provide you access to a pool of experienced information security professionals with experience in CISO, ITSA and/or strategic advisory roles. You can leverage this service for liaison with regulators, board advisory consulting and general cyber-security expertise.
Managed Security Solution Provider
A blend of machine automation and highly skilled analysts, focused on protecting your organisation’s key IT assets, 24 hours a day, 365 days a year.
We deliver this service through a Cyber Security Operations Centre rated to store and service Australian Government networks up to protected level. SIEM monitoring and alerting service minimises business risk associated with the entire spectrum of cyber incidents; particularly targeted, persistent and sophisticated cyber intrusions.
We partner and outsource this capability to an MSSP industry leader.
Vulnerability Assessment – A vulnerability assessment comprises a cyclical process to identify, classify and scan key assets. The process generates monthly tailored reporting so clients can remediate or mitigate identified vulnerabilities.
Red Teaming – A simulated cyber-intrusion that mimics a targeted attack against your organisation, based on methods and techniques successfully employed by real-world attackers today, but in a trusted and controlled manner. We offer a tailored service that can include physical access and social engineering based testing in conjunction with traditional technology based attack techniques.
Penetration Testing – A deeply technical hands on systematic test of each application or system in scope. This systematic review provides a thorough understanding of the technical risk presented by an application or system.
IoT/OT/ICS Security Testing – An in-depth security analysis of IoT solutions focusing on the hardware, software and end-to-end solution. This assessment gives clients a holistic understanding of the security threats posed by IoT solutions right from the silicon layer to the user interactions and data flows.
Sales as a Service
Using our 30+ years of combined vendor experience, we provide on-demand sales and sales engineering capabilities for cyber-security vendors.
Through this extensive experience of selling emerging technologies and knowledge of the local market, our value proposition for vendors is to accelerate their international expansion and help build the region with minimal guidance or direction. Evolved Security provides a complete outsourcing service, covering the spectrum of enterprise sales prospecting to new markets, partner development and marketing services.
Reduce your risk to enter a new market
Test your product or service in a new market
Accelerate sales expansion plans