Penetration Testing & Threat Emulation

Penetration is the act of simulating an attack on an organisation or system in order to provide a more accurate appraisal of security issues and risks. This process is more involved than a vulnerability assessment and allows Mercury ISS to better appraise our clients and provide detailed understanding of the threats and risks they are likely to encounter. Our testing takes place across the following areas of specialisation:

Infrastructure penetration testing

Web application penetration testing

Social engineering

Wireless penetration testing

Our focus with penetration testing relies heavily on an organisations desired endstate or purpose of security. Whilst specific technical risks, areas of concern or scope might be defined, Penetration testing is of little value unless these are synchronised with the overall business objectives and their commensurate security requirements. This transcends our mission, our strategy and our approach; as we seek to protect all aspects of an organisation, our services seek to evaluate the holistic posture as opposed to a specific area or defined scope.

Where possible we seek to integrate this with our other services including specific Technical Security Services.

Professional Services

Mercury seeks to augment existing governance practices & our other security services in order to provide guidance on addressing the “root causes” of security issues. Mercury ISS seeks to take its offensive security knowledge and involve itself in the defence and mitigation of issues at an earlier stage or from a position where it can better evaluate risks. The benefits of this more involved approach include:

  1. A broader spectrum of security risks can be identified and addressed;
  2. Threats and risks can be mitigated with less effort; and
  3. Reoccurrence of issues is minimised, thereby reducing the cost to the business.

Services featured in our consultation services program include:

  1. Implementing security in procurement and system development life cycles;
  2. Architecture and design reviews;
  3. Defining an information security strategy;
  4. Assisting in the remediation effort following security testing;
  5. Defining and implementing technical security requirements;
  6. Infrastructure hardening assessments; and
  7. Secure code reviews.

As we pride ourselves on being product agnostic and remaining vendor neutral, you can be assured that our services will be objective, constructive and pragmatic for your organisation.

Technical Security Services

Products, platforms or security activities often require specific services that integrate with the overall information security program. Mercury ISS seeks to provide niche technical security services and capabilities in order to contribute specialised technical security advice to our clients.

Industrial control systems security

The loss or degradation of any operational technology such as SCADA and industrial control systems represents a significant financial and operational risk; it is necessary to identify and prepare these assets against any threat. Our team is trained and has had substantial experience across several control systems environments including utilities, manufacturing, industrial sites and power plants.

Hardware security

Hardware security is the process of evaluating electronic devices and embedded systems against reverse engineering and their resistance to bypassing intended security controls.

Social Engineering

Social engineering is the practice of manipulating people into performing actions or tasks that result in the disclosure of sensitive information or unauthorised access. People can be an organisations greatest security risk; Mercury ISS leverages the practice of social engineering to identify these risks and reorientate an organisations approach to protecting against them.

Physical Security

If an adversary is genuinely targeting an organisation the last thing you need to be concerned about is technically oriented attacks on your IT infrastructure. An evaluation of physical security controls is a necessity for an environment that demands higher levels of assurance that it is protected from unauthorised access. Mercury ISS can provide a detailed, methodical evaluation of an organisations physical premises and provide guidance on enhancing physical security controls.

Security training

Training and professional development is critical for the ongoing protection of an organisations IT infrastructure. with the anticipated shortfalls in suitably qualified and experienced staff and the need for existing personnel to remain agile and skilled, internal training that aligns with the issues an organisation is facing is a viable and cost effective option to complex and unnecessary training. our security training seeks to tie in with our existing services and develop our clients employees to understand relevant threats and effective protective measures they can take to defend an organisations IT infrastructure.

Security research & intelligence

Have a subject thats a little bit out there? using a particular type of methodology, piece of equipment or system? or are you just curious about something and looking for some trusted advice? With its staff regarded as industry leaders, Mercury ISS regularly performs independent security research activities and would be more than happy to take on any subject of interest for our clients.

Let's Get In Touch!

Ready to take your information security to the next level? Think our services can benefit you? Give us a call or send us an email and we will get back to you as soon as possible!