top of page

Protect your reputation and build trust in your business

As an IT Security consulting practice, Defence Vector Ltd (DVL) can help your business establish sustainable effective Cyber Security. We work in partnership with your security team and key internal stakeholders to deliver strategic (or tactical) Information Assurance and Cyber Defence capabilities to protect your business's reputation.

 

Your reputation, and the trust in your business is directly linked to your Cyber Security capability. Cyber Security is about sustainable Cyber Resiliency. It's achieved through active Cyber Defence, calibrated to defend against targeted cyber attacks. It's hard to achieve and there is no 'silver bullet' technology answer.

Our Services

Building your Cyber Security capability

Defence Vector delivers broad and in-depth capabilities spanning Enterprise Security Architecture, Information Assurance and Cyber Security underpinned by Governance, Risk and Compliance experience at C-level

Our Services

vCISO

A tactical choice with strategic value

A tactical choice- gaining a fully qualified and experienced enterprise level expert, without the full time commitment. A no compromise choice.

 

 

 

DVL can deliver an enterprise level CISO to support your business in achieving strategic level security capabilities and compliance to compete with larger, more established businesses

Security Capability

Assessment/ Audit

The first step to assurance

Addressing gaps in Information Assurance and Cyber Security capabilities is not just a compliance matter; in the digital economy, it’s a trust factor for clients, investors, vendors and partners. Gaps in legislative and regulatory compliance also influences trust in your business.

DVL can undertake security capability assessments in context of your business ecosystem and operational context - and then roadmap a path to bridge gaps and build trust in your digital offers.

Governance, Risk & Compliance (GRC)

Foundational Security

GRC has a relationship to reputation in the digital marketplace. It's foundational to a compliant Information Security Management System (ISMS) driving directive security controls. It's also essential to Data Privacy compliance and effective Cyber defence deployment.

DVL can deliver strategic or tactical engagements to evolve your GRC capability, enabling effective Information Assurance for Data Privacy and Cyber Defence deployment.

Cyber Threat Intelligence (CTI)

Forewarned is forearmed

Threat intelligence enhances your Cyber Defence posture. CTI driven controls calibrated in context of your business ecosystem can be a game changer in managing risk.

CTI drives preventive controls to counter threats and protect cloud workloads. This in turn enables identification of detective controls to alert on Indicators of Compromise (IoC).

CTI is a key aspect of Cyber Defence. 

 

DVL can help you use CTI to raise the bar on the quality of preventive and detective controls - tailored to the most imminent threats to your business.

Attack Surface Analysis

Are you a target rich environment?

To operate in the digital economy, you will by necessity have a corporate, social media, digital and technology (i.e. your IT) footprint. Fundamentally, this is your attack surface.

However, you won’t have a choice in (or may not be aware of) your footprint on the Dark Web where your vulnerabilities (whether known to you or not) are being discussed or sold to threat actors.

Visibility of your attack surface is critical.

 

DVL delivers a sustainable capability to discover and continuously monitor (i.e. a single view of) your attack surface through existing Vulnerability, Threat & Risk Management functions.

Vulnerability, Threat & Risk 

Understanding your exposure

Understanding your business’s exposure to threats and associated risk requires continuous awareness of vulnerabilities across your attack surface, particularly digital and technology footprint.

Threats need context - vulnerabilities are a part of that context.

VTR drives detective, preventative and responsive controls, and (SIEM) use cases to to support security monitoring.

DVL can deliver a structured capability (i.e. process, tool and training) enabling rapid threat and risk assessment, and a single view of vulnerabilities, threats and risks across your attack surface.

Security

Assurance

A quality & compliance Gate

This is a primary assurance gate for enforcing security governance. It demonstrates to internal and external stakeholders that your business has enforceable, sustainable, and compliant security practices.

​Security assurance starts with baseline security requirements and how those requirements are reflected in design, build & operate, and in any subsequent incremental changes.

 

DVL delivers a structured sustainable capability (framework, Process, Roles & Responsibilities) engineered to fork off from your GRC functions. It’s merged and integrated with Agile Solution Development Life Cycle and change control across delivery and business support functions.

Application

Security

Early attack surface reduction

Secure Software Development Life Cycle (sSDLC) practices are becoming a mandatory requirement on vendors whose clients may put their reputation on the line using the vendor's software.

​Most major breaches have been attributed to zero-day vulnerabilities (and unsecure 3rd Party Libraries) that trace back to poor ​code security hygiene during development. This has exposed live services to common exploit vectors listed on OWASP top ten and SANS 25 vulnerabilities charts.

DVL can deliver a proven framework based and sustainable shift left system of identifying code security defects early during Agile SDLC sprints. Automated code security checking is integrated in CI/ CD build pipelines - delivering least resistance in DevOps life cycle.

Security

Architecture

Secure by Design

Operational and Corporate environments need to be constructed to meet functional business requirements.

 

However, environments must be architected in context of Access, Data Privacy and segregation security domains to ensure compliance and reflect your business's risk appetite.

To be agile in the digital space, Security Architecture needs to be 20% Threat driven and 80% reusable patterns​​.

DVL can work with your teams to provide a structured approach, processes and tooling that will establish a security architecture way of working.

Data Privacy

Privacy by Design

Data Privacy is the common compliance obligation for all businesses- arguably a shared responsibility between all participants partnering and collaborating to deliver services to clients.

 

Data Privacy aspects occurs in all phases of corporate, product, solution and operational delivery life cycles- it's embedded and it's your responsibility to identify and manage.

The scope, extent, accountability and privacy roles in your supply chain will be complex.

DVL can work with your teams to provide a structured approach, processes and tooling to establish continuous Data Privacy discovery and management in all life cycles.

Protective Monitoring

Your Situational Awareness

Knowledge of your attack surface is the first step to establish meaningful situational awareness.

 

Situational awareness involving real-time view of system and user behaviour that deviates from a known baseline is at the core or protective monitoring. Compliance monitoring is no less important.

Security monitoring is a critical control supporting agility & risk management. 

DVL can work with your teams to deliver a structured approach, processes and tooling that will establish (or enhance) a protective monitoring capability

Security Controls

Consistent, targeted controls

Agility and adaptability is key to align with product and business deployment.

Directive, Detective, Preventative and Responsive Security Controls need to be identified in context of Information classifications- mapped to security architecture patterns.

DVL can work with your CISO office and engineering teams to help refine and/or define security controls aligned to industry standard best practices

Cyber Defence Framework

Security Calibrated to APT Threat

The greatest threat to your business is a targeted attack executed by an Advanced Persistent Threat (APT) actor. These attacks involve a progressive attack logic employing Tactics, Techniques & Procedures (TTPs) engineered to breach your business.

Knowing, on a continuous basis, which TTPs to counter, how and which associated Indicators of Compromise (IoC) to monitor and alert on is a challenge.

DVL can deploy a sustainable, adaptable framework-based defence capability. CDF continuously addresses each logical attack phase in context of threat intelligence, your attack surface and business ecosystem. CDF becomes your business’s primary cyber defence capability.

3rd Party Assurance

Don't dilute your security

The very best and well tuned Cyber Security can be undermined by programmatic or electronic interaction with a 3rd Party Vendor or a Partner whose security posture does not meet your standards.

DVL can work with your CISO office and procurement teams to establish a strategy, policy, process and tooling to carry assurance of third parties

Testimonial from a financial Services FinTech client

"I worked with Tony for well over a year at Pollinate. Tony is a big thinker but also very practical with lots of experience and a vast catalogue of capability. He created an entire cyber security framework that catapulted our security maturity as well as hugely improved our delivery capability. We are now much more able to develop very secure applications in a consistent manner as well as programmatically deliver good security governance across everything from vulnerability management to solution designs. I can honestly say I've consistently been impressed by Tony's unending reservoir of knowledge and how he applies that in real-world scenarios. He delivered what he set out to do at the beginning of the engagement, and more. Mission accomplished!"

Jim Hart, CISO,

Pollinate International, June 2020

Contact

Ready to find out more?

Contact us for an initial discussion about Information Assurance and/or Cyber Security aspects that may be of interest- and what your goals are. Our approach is to engineer assignments (i.e. solutions) around your business context to enable you to achieve capability and compliance goals.

bottom of page