Business model

Driving value and capability

Threat

Risk

Defence

Capability

Technology

Scaling and efficiency

Our world-class research enables us to continually understand, discover, exploit and mitigate threats in technology, people and processes. This in turn allows us to deliver innovative solutions while at the same time deliver on legacy commoditised services.

Strategy, risks and technology

Education

Advising

Assesing

Responding

Our security experts provide a wide range of integrated professional cyber services including end-to‑end capability in all facets of cyber security aimed at improving our client’s business operations.

Assurance
& Escrow

Managed Detection & Response

Managing

Monitoring

Alerting

Responding

Our Managed Detection and Response capability is supported by our security operations centres in the Netherlands and the UK. We also provide managed vulnerability scanning services.

Strategy, risks and technology

Safeguarding

Informing

Defending

We continually look for intellectual property development and commercialisation opportunities to create further value within the Group. This has led to the development and acquisition of a rich portfolio of products and cloud services, for example our new Escrow-as-a-Service proposition.

The model highlights how this translates into a customer journey across our broad service offering

We continually develop our cyber business to provide security services that help our customers meet their everyday business challenges. We develop strong relationships with our customers based on their business objectives and goals. Our relationship is typically based on a three-stage journey.

The first stage of the journey with us is typically an assessment or baseline review to understand what problem the customer is trying to fix.

Ideally this involves a comprehensive Cyber Security Review undertaken against an industry framework, such as the NIST Cybersecurity Framework. However the baseline can be derived from any number of activities including red teaming, a breach response exercise or an executive workshop, all of which are underpinned by our advance threat intelligence capability.

The real value lies not just in the assessment but in the clear advice and guidance provided to improve the level of business resilience.

For example:

  • How to protect the customer’s organisation and what primary actions they need to take
  • How to improve their security maturity rating to satisfy Board requirements
  • How to ensure their cloud environment is secure so they can capture new opportunities and move into new markets efficiently
  • How to comply with legal and regulatory requirements to ensure their business can continue to deliver its services.

To enable businesses to grow and thrive it is essential to work with them to fix the issues identified during the Assess stage. It is only once these areas have been remediated that the true return on investment will be realised against their cyber spend.

The key to successful security transformation is working closely with the customer as a trusted advisor, developing in partnership a strategy that works for their business. This, coupled with robust governance, is essential for any successful implementation.

We operate a full security service and can deliver a range of services during this phase, all of which are dependent on the issues identified and the needs of the business.

For example we may:

  • Provide recommended fixes and a testing programme to ensure that these fixes have been implemented correctly
  • Assess the security of their cloud environment with our Scout Suite auditing tool to ensure the configuration of any applications being moved to the cloud are secure
  • Build a virtual team, working as an extension to the customer’s team, bringing specialist skills such as risk management or in-depth knowledge of key cloud platforms for example
  • Work in collaboration with the customer to design and identify specific technology solutions to meet their requirements
  • Engage our senior advisors to provide support to engage the Board in any remediation activity.

Being cyber safe and protecting against risks isn’t an exercise with a start and end date. The ever evolving threat landscape means that beyond the initial assess and develop phases it is vital to continually improve levels of security, detect incidents and react to them.

In the final stage of this journey, we transition the customer into a set of services, which allows them to continually evolve to meet this threat landscape head on.

We are able to do this through a range of services:

  • Utilising our Managed Detection and Response proposition, which gives confidence that we are working alongside the customer, responding quickly, mitigating threats, reducing risk and ensuring their business continues to operate
  • Our Escrow-as-a-Service (see page 14) provides a simple answer to the question of cloud resilience
  • World-leading threat intelligence offers an insight into threats faced by our customers.