Award winning cyber security leader and women’s change agent Jane Frankland takes up advisory role at e2e-assure
PRESS RELEASE
Blog Series - Using ChatGPT for cyber defence part 3
Part 3 - Helping SOC analysts with Mitre ATT&CK, TTPs and threat hunting ideas?
FIRST Regional Symposium Europe 2023
Training and continuous professional development are important at e2e for everyone, including managers. Recently, I attended the 2023 FIRST Regional Symposium Europe in Bilbao, Spain.
Is EDR Enough?
What is EDR?
Blog Series - Using ChatGPT for cyber defence part 2
Helping SOC analysts write log queries
Keys to the Kingdom
“Business Email Compromise, one of the top three online security risks facing business today that has the potential to be every bit as devastating as a ransomware attack or a production outage.”
Top attacks against M365
The three biggest cyber threats also create the greatest cyber-related risk for organisations. Cyber risk is defined as Likelihood x impact. The impact is often measured against the cost to repair or recover from the attack or by other business metrics such as reputational impact, financial impact, or business continuity capability.
Top 10 tips for securing Microsoft 365
A robust cyber security strategy should effectively address the following questions:
Blog Series - Using ChatGPT for cyber defence
Although it was only released November last year, there’s already been a lot of talk about how OpenAI’s ChatGPT could democratise cybercrime and fuel cyberattacks, with examples of how it’s been used to develop malicious tools available on the dark web.
Tim Anderson joins e2e-assure as Chief Commercial Officer
Tim Anderson joins e2e-assure as Chief Commercial Officer
Boards Need to Step Up To Avoid ICO Fines
Why firms without cyber resilience strategies are putting their futures on the line
Cybersecurity Predictions For 2023
As 2022 comes to an end, there will be much trepidation going into the New Year where cyber attacks are likely to become faster and more destructive. Our CEO, Rob Demain, shares his thoughts on what to expect for 2023.
Reflecting on Upskill in Cyber
The cyber paradigm shift- cost centre to competitive differentiator
Cyber security has traditionally been viewed as an item on an IT checklist and a cost centre. But the perception of cyber security is changing and to explore this, e2e-assure invited seven leading cyber security practitioners and experts to participate in a thought leadership roundtable titled, ‘The cyber security paradigm shift: from cost centre to competitive differentiator’.
e2e-assure is a Microsoft Gold Partner
As part of our ongoing closer alignment with Microsoft as a chosen strategic partner we have received our first Gold status on cloud platform competency. This is the first in a series of what will be several Gold certifications we are currently working towards.
What is project HANS?
“It feels revolutionary!” J. Rimell Development Manager e2e-assure
e2e-assure's new starters - Siva Singaravelu
In this blog we introduce Siva, recently recruited to the role of Junior Software Tester at e2e-assure.
An interview with Cybernews
Cyber security is a topic that’s talked about far and wide. Whether it’s due to the exponential increase in remote and now hybrid working over the last two years, nation state tensions or the decreasing costs to create a ransomware attack, everyone seems to be talking about it.
e2e-assure's new starters - David Nicholson
Continuing with our new starter series, we are introducing David, Cyber Security Analyst at e2e-assure.
e2e-assure at Cyber UK 2022
We’re really looking forward to attending Cyber UK 2022 this coming Tuesday and Wednesday (10th and 11th of May) in Newport, Wales.
A summary of CVE-2022-22963 (Spring Cloud RCE)
At e2e-assure, we do a lot of work behind the scenes to protect our customers, both proactively through the likes of threat hunting, but also reactively as new vulnerabilities become known. Over the years we’ve worked tirelessly to ensure customer networks are up-to-date and that we can detect and respond to exploits.
e2e-assure partners with iomart PLC
e2e-assure has entered into a new partnership with cloud computing and managed services company, iomart.
e2e-assure launches new Microsoft Defender Services
e2e-assure launches new Microsoft Defender focused SOC services to help organisations kickstart their cyber risk management.
Introducing e2e-assure's new starters - Karl Moss
As part of our new starter series (which has admittedly been on hiatus recently), we’re introducing our newest Senior SOC Analyst and Shift Lead – Karl Moss.
e2e-assure renews Cyber Essentials+ certification
We’re pleased to share that, earlier this month, e2e-assure renewed their Cyber Essentials Plus (CE+) certification. We’ve held the Cyber Essentials certification since it started, evidencing the continued commitment of our teams to ensure we uphold (and exceed) best practice in cyber security.
Every year the requirements to achieve Cyber Essentials changes, in line with the ever-changing threats and best practice to combat these threats. Changes brought in on the 24th of January 2022 saw the biggest overhaul with regards to technical controls since the schemes launch in 2014, reflecting the heightened risk and complexity of cyber threats today.
What the Dickens?
Lessons on managing cyber security risk
Responding to destructive cyber-attacks
With Russia and Ukraine consistently in the news there is more focus on the likelihood of cyber-attacks on Ukraine’s electric grid and the potential of retaliatory attacks on Europe and the United States given the possibility of sanctions on Moscow. The New York Times reports that the top US cybersecurity official met with NATO to discuss how to prepare, deter and perhaps disrupt any Russian cyber-attacks.
Advice following malicious activity in Ukraine
—– 24/03/22, 09:30 update —–
One month of log4j - what have we learnt?
It’s been a month since the world was thrown into frenzy around the log4j vulnerabilities, so what do we know now and what have we learnt since then?
Should your MSP manage your cyber security?
We’re often asked whether we think an organisation’s Managed Service Provider (MSP) should be responsible for their cyber security. Initially it may seem like a question with a simple answer, after all they’re responsible for the overall IT delivery, so surely that should incorporate cyber security?
The number 1 piece of advice for log4j
Now that the dust has settled a bit on the log4j vulnerabilities and we’re beginning to build up a better picture of the situation, e2e have provided some more guidance on how to ensure your organisation is as protected as possible. This post complements our regularly updated blog, which provides our initial response and subsequent updates, including new patches and information on the latest industry guidance. You can view the update blog here.
e2e's response to log4j vulnerabilities
This blog will be updated regularly as we understand more about the log4j software vulnerabilities.
Cyber security tips for SMB's
We’re increasingly being asked by smaller organisations how they can improve their cyber security, without huge budgets, given the increasing threats they are facing in today’s world.
e2e launches Google SOC services
As part of our ongoing roadmap, covering both specific customer needs and proactive product development, this week we launched our Google Cloud Security Operations Centre services, delivered through new integrations with our SOC Platform, Cumulo, allowing organisations to have a 24/7 detect and respond service for all Google tools.
Cyber security threats facing organisations
Let us start by saying that the cyber security threats facing each organisation will differ. For some the challenges could be more internal, in getting everyone to take responsibility for cyber, getting the board to move away from the “it won’t happen to us” mentality, or even malicious insiders. For others, they could be the target of sophisticated nation-state attacks.
Careers in cyber security
There are numerous routes into a cyber security career and different paths to take within it. You may be new to the world of work and thinking that cyber security might be for you, but unsure what path to take or where to start. You may have years of experience in cyber security roles, but not clear what your next step or even end-goal for your career is. You may even have years in other industries and be considering a complete career change.
Improving your organisation's cybersecurity
The next blog in our Cybersecurity Awareness Month series covers 10 tips organisations can take to improve their cyber security without spending huge sums of money. Whilst some of these will be quite basic, the beauty (and challenge) of cyber security is that often having good hygiene will help you just as much as investing thousands in a piece of technology or service.
How to improve your individual cybersecurity
We kick off Cybersecurity Awareness Month with 10 simple ways in which individuals can improve their cybersecurity for themselves and by extension, their businesses. It’s worth noting that most potential attackers don’t target a specific individual (unless of extreme wealth!) as it’s doesn’t represent a good ROI for them and so will normally use bulk techniques, including ‘credential stuffing’ based on previous breaches and the equivalent of mass marketing. This means that taking relatively simple steps can massively reduce your risk of having your details compromised.
Cybersecurity Awareness Month 2021
October is Cybersecurity Awareness Month, a joint initiative between the National Cybersecurity Alliance (NCSA) and the Cybersecurity and Infrastructure Agency (CISA), entering its 18th year in 2021.
The Silicon Cup 2021
Last week a team of 10 e2e-assure employees arrived at the River Solent for our 2nd Silicon Cup Regatta, in support of three great charities:
Reflecting on the NCSS
Last week thousands of people descended on Birmingham’s National Exhibition Centre to attend the National Cyber Security Show (NCSS), as part of the wider Safety and Security Series.
e2e-assure at the NCSS
We are excited to be attending our first physical event in years on the 7th-9th of September 2021; the National Cyber Security Show (NCSS) at the Birmingham NEC.
Employee spotlight - Duncan Wright
To launch our new blog series aimed at finding out more about the people behind e2e-assure we spoke to Duncan Wright, Cyber Consultant. Duncan has worked at e2e since the very early days, joining as employee #16 in 2016 and has had an extremely interesting life and career to date, which we explore in this blog.
Introducing e2e-assure's new starters - Aaron Lewis
As part of our new series introducing our new starters, this week we find out more about Aaron Lewis.
e2e-assure signs the Respect In Security pledge
e2e-assure, as a member of the cybersecurity community committed to the prevention of all forms of harassment within our industry, hereby pledges its support for a workplace and community free from harassment and fear.
Introducing e2e-assure's new starters - Tom Evans
At e2e-assure we’re seeing increasing demand for our services and as part of that have started ramping up recruitment across the business. We’ll be introducing new starters at e2e as we continue to grow as an organisation and thought it was best to start with the new starters to our Business Development team that has doubled in size in the last few months.
My first 3 months at e2e-assure
Hi. I’m Dan, the new(ish) Marketing Manager at e2e-assure. In contrast to my normal ways of working I decided to write a blog on my first 3 months at the company. I hope it will be useful, whether you’re looking to join e2e and unsure what it’s like, are about to join e2e or are a current employee and interested to see my initial experiences.
e2e-assure & Nine23 announce partnership
Abingdon, June 2021: Nine23, specialising in cyber security solutions to enable end-users to utilise secure technology through its secure UK Platform FLEX cloud and managed services, and e2e-assure, a trusted cyber security services company with over 20 years’ experience specialising in SOC as a Service and Managed Detection & Response (MDR) will join forces and work together to deliver world class cyber security solutions to reduce risk and deliver value whilst being fully transparent.
e2e awarded place on the CyberTech 100
We are delighted to announce that e2e have been recognised as one of the 100 most innovative cybersecurity companies helping financial institutions by FinTech Global as part of their 2021 refreshed list.
Automating false positives in your SOC
Alerts are undoubtedly critical in delivery of an effective Cybersecurity operation, but sheer volume of alerts can be crippling to a SOC. In this blog we’ll talk about the steps you can take to reduce the false positive alerts, freeing up your analysts to provide more pro-active defence and less ‘alert bashing’. We talk openly about the challenges we’ve faced in this area and how we’ve seen drastic improvement through a process designed to save analyst time without increasing security risk.
The Pros & Cons of a hybrid SOC
In May, e2e-assure held the first of two ‘virtual private events’ (VPEs), hosted by Amar Singh of the Cyber Management Alliance with 15 CISOs.
Autism Awareness Week - 29th March - 4th April 2021
This week is Autism Awareness Week, and to help celebrate this, we thought it was best to help collate some useful articles and tools from experts in the field that we feel are worth reading and watching to expand your knowledge:
BGF Invest £10.5m in e2e-assure
BGF, the UK and Ireland’s most active investor, has completed a £10.5 million minority investment in e2e-assure, an established, fast-growth cybersecurity business based in Oxfordshire. The funding will be used to facilitate international growth and expand its go-to market offering.
Back To The Future 2 - Lessons Learnt
Part One of this article covered some of the challenges of the traditional SOC approach – overly technology focused with budgets taken up with hardware costs and licence fees desperately chasing log capture.
Back To The Future 1 - Traditional vs. Modern SOCs
Since launching in 2013 e2e have used our own, specially designed SOC platform “Cumulo”, designed as the ultimate analyst support tool, and have focused on recruiting the best and most diverse analysts in the business.
Coffee and Cake
Saturday the 10th of October was World Mental Health Day - an important reminder of the continued importance of mental health in both the workplace and our wider lives.
Announcing CloudSOC!
We’re very excited to be offering our new service, CloudSOC, with our partners at UKCloud
The forgotten PCI standard
2018 seems to be the year when the panoply of cyber security standards comes into effect.
Cyber Security Summit 2017
In recent months, we have seen an increase in the number of cyber-attacks taking place across the globe. The UK Government is dedicating £1.9bn over the next five years to grow the country’s cybersecurity capabilities to be able to match this growing threat.
The 'Quick and Dirty' Guide to DMARC
Earlier this year, we implemented DMARC records and reporting for e2e-assure.com. In this blog post, we look at what DMARC is, and the benefits it can provide.
UKCloud Preferred Partner
e2e-assure has become a Preferred Partner in UKCloud’s partner programme and will deliver their world class cyber defence and security monitoring capability to UKCloud’s cloud platform. It will also be available as an optional service for UKCloud’s public sector customers: including Public Sector organisations, System and Service Integrators and Independent Software Vendors.
Hacking Android devices
As an active member of the security community, e2e-assure is committed to keeping up-to-the-minute with information security tools, techniques and discoveries. However, we know that the only way the ‘Good Guys’ stay ahead of the ‘Bad Guys’ is by thinking offensively, and beating them to the punch. One way we do this is through security research and vulnerability disclosures to major companies.
Decrypting malware ciphers
In our daily work of Protective Monitoring we see a lot of encoded/encrypted traffic - from webpages served over HTTPS, to passwords being obscured using Base64, to zipped binary data, and PGP emails.
Android Photo Vault app analysis (Part 3)
Welcome to Part 3 of this series on Android Photo Locker app weaknesses, and things are getting more interesting… As you’ll recall, in Part 1 we discussed the general Android app security landscape, while in Part 2 we delved into poor data storage practices. We’re now going to discuss poor implementations of encryption, alternative methods of data hiding, and the dangers of over-privileged users and apps.
Security issues with the 'My EE' app
At e2e-assure, we like to play our part in making the web safer for everyone.
Maktub Locker - An overview
Ransomware has unfortunately been gaining in popularity over the last year. With targets such as hospitals and schools ‘paying up’ to get their files decrypted, ransomware has become the latest menace to both home and corporate users.
Android Photo Vault app analysis (Part 2)
This is the second part of a security review of Android ‘Photo Locker’ apps. In the first part we looked at an overview of the state of these types of apps, determining the most common vulnerabilities, and revealing that most of them were easy to extract images from just by having access to the device – with others being vulnerable to other attack vectors requiring more skill or access levels.
Android Photo Vault app analysis (Part 1)
Security is an important issue to all of us today, and we are all realising the value of our personal data. Images in particular are deemed to be important - we have a desire to protect these over most other types of data. And to address that need comes the ‘Photo Locker’ category of apps. Whether we want to keep corporate secrets in images safe, protect photos of ourselves from others with access to our devices, or keep a personal collection of pictures to ourselves, there are these apps available to keep them safe. But how much protection do these apps really provide?
NetWars Tournament of Champions 2015
For those of us privileged to have been invited to the 4th annual SANS Netwars tournament of champions, held in the ballroom of the Grand Hyatt hotel in the centre of Washington D.C. last week, the sight of the massive display screens towering over the rows of competitor’s tables was an inspiring start to the event. Each of the tables had several rows of seats for the attendees of the SANS Cyber Defence Initiative, the competitors being made up of people who were attending one of the many concurrent SANS courses and people invited to the Champions Tournament, with my invitation having come from my top scoring performance in the Cyber Academy in Cardiff in October.
‘Angler’ Exploit Kit - web-based JavaScript malware
When e2e discovered a suspicious webpage had been visited by a host on a client’s network we decided to analyse the script contained within the webpage to find out its functionality. What we discovered was a landing page used by the sophisticated exploit kit ‘Angler’…
Detecting backdoors in network equipment
A breakdown into the Dec 2015 vulnerability in Juniper ScreenOS by carlu
Why people matter in Cyber Defence
In the last blog entry I gave my view of why major corporations keep getting hacked. I argued that the focus of security within organisations is all wrong and, due to lazy evolution, corporate security teams fail to provide business owners with the information needed to make informed decisions on how to defend against cyber-attacks.
Cost effective monitoring services- Part 3
This is the third article of a three part series that provides advice to organisations looking to procure managed security monitoring, protective monitoring (PM) and/or Security Operations Centre (SOC) services. This article explains e2e’s approach to delivering protective monitoring services.
Cost effective monitoring services- Part 2
This is the second of a three part series that provides advice to organisations looking to procure managed security monitoring, protective monitoring (PM) and/or Security Operations Centre (SOC) services.
Cost effective monitoring services- Part 1
This is the first of a three part article that provides advice to organisations looking to procure managed security monitoring, protective monitoring (PM) and/or Security Operations Centre (SOC) services.
BYOD – the CEO still wants to use their iPad
I’ve previously argued that by attempting to secure an employee’s personal device you were creating a ‘technology tug of war’ – the security measures remove the user experience and so on.
The future of Incident Response?
e2e attended the SecurityExpo at Excel earlier in the week and managed to listen to a few key note speakers. We were very interested in ‘The Future of Incident Response’ talk by Bruce Schneier and thought we should add our thoughts…
The Achilles' heel of public cloud
How do you make and maintain a massive public cloud? You use common parts and you use them everywhere. You try to keep the whole cloud as similar as possible. You do this at every layer of the stack from the hardware to the application api’s. That means the major cloud back ends are homogenised. Key to keeping in control of a massive cloud is to reduce the number of variables - reduce components, reduce complexity and look for as many ‘one size fits all’ solutions as possible.
Cyber Essentials - a must for every business
The Cyber Essentials Scheme (CES) - http://www.cyberessentials.org is relevant to every business. Even small ones like ours.