Careers in cyber security

There are numerous routes into a cyber security career and different paths to take within it. You may be new to the world of work and thinking that cyber security might be for you, but unsure what path to take or where to start. You may have years of experience in cyber security roles, but not clear what your next step or even end-goal for your career is. You may even have years in other industries and be considering a complete career change.

Read More

10 ways for individuals to improve their cybersecurity

We kick off Cybersecurity Awareness Month with 10 simple ways in which individuals can improve their cybersecurity for themselves and by extension, their businesses. It’s worth noting that most potential attackers don’t target a specific individual (unless of extreme wealth!) as it’s doesn’t represent a good ROI for them and so will normally use bulk techniques, including ‘credential stuffing’ based on previous breaches and the equivalent of mass marketing. This means that taking relatively simple steps can massively reduce your risk of having your details compromised.

Read More

Employee spotlight - Duncan Wright

To launch our new blog series aimed at finding out more about the people behind e2e-assure we spoke to Duncan Wright, Cyber Consultant. Duncan has worked at e2e since the very early days, joining as employee #16 in 2016 and has had an extremely interesting life and career to date, which we explore in this blog.

Read More

Introducing e2e-assure's new starters - Tom Evans

At e2e-assure we’re seeing increasing demand for our services and as part of that have started ramping up recruitment across the business. We’ll be introducing new starters at e2e as we continue to grow as an organisation and thought it was best to start with the new starters to our Business Development team that has doubled in size in the last few months.

Read More

My first 3 months at e2e-assure

Hi. I’m Dan, the new(ish) Marketing Manager at e2e-assure. In contrast to my normal ways of working I decided to write a blog on my first 3 months at the company. I hope it will be useful, whether you’re looking to join e2e and unsure what it’s like, are about to join e2e or are a current employee and interested to see my initial experiences.

Read More

e2e-assure and Nine23 announce strategic partnership

Abingdon, June 2021: Nine23, specialising in cyber security solutions to enable end-users to utilise secure technology through its secure UK Platform FLEX cloud and managed services, and e2e-assure, a trusted cyber security services company with over 20 years’ experience specialising in SOC as a Service and Managed Detection & Response (MDR) will join forces and work together to deliver world class cyber security solutions to reduce risk and deliver value whilst being fully transparent.

Read More

e2e awarded place on the CyberTech 100

We are delighted to announce that e2e have been recognised as one of the 100 most innovative cybersecurity companies helping financial institutions by FinTech Global as part of their 2021 refreshed list.

Read More

Automating false positives in your SOC

Alerts are undoubtedly critical in delivery of an effective Cybersecurity operation, but sheer volume of alerts can be crippling to a SOC. In this blog we’ll talk about the steps you can take to reduce the false positive alerts, freeing up your analysts to provide more pro-active defence and less ‘alert bashing’. We talk openly about the challenges we’ve faced in this area and how we’ve seen drastic improvement through a process designed to save analyst time without increasing security risk.

Read More

BGF Invest £10.5m in Cyber Security Business, e2e-assure

BGF, the UK and Ireland’s most active investor, has completed a £10.5 million minority investment in e2e-assure, an established, fast-growth cybersecurity business based in Oxfordshire. The funding will be used to facilitate international growth and expand its go-to market offering.

Read More

Back To The Future 2 - Lessons Learnt

Part One of this article covered some of the challenges of the traditional SOC approach – overly technology focused with budgets taken up with hardware costs and licence fees desperately chasing log capture.

Read More

Coffee and Cake

Saturday 10th October was World Mental Health Day - an important reminder of the continued importance of mental health in both the workplace and our wider lives.

Read More

Oxford Cyber Security Cluster Meeting – 10th July

The next meeting should be fun as we’re trying something slightly different, with SEROCU kindly running their cyber exercise for us. It is designed to raise awareness of the need for greater focus on cyber security and is aimed at the boards of small to medium sized organisations.

Read More

Cyber Security Summit 2017

In recent months, we have seen an increase in the number of cyber-attacks taking place across the globe. The UK Government is dedicating £1.9bn over the next five years to grow the country’s cybersecurity capabilities to be able to match this growing threat.

Read More

UKCloud Preferred Partner

e2e-assure has become a Preferred Partner in UKCloud’s partner programme and will deliver their world class cyber defence and security monitoring capability to UKCloud’s cloud platform. It will also be available as an optional service for UKCloud’s public sector customers: including Public Sector organisations, System and Service Integrators and Independent Software Vendors.

Read More

Hacking Android devices

As an active member of the security community, e2e-assure is committed to keeping up-to-the-minute with information security tools, techniques and discoveries. However, we know that the only way the ‘Good Guys’ stay ahead of the ‘Bad Guys’ is by thinking offensively, and beating them to the punch. One way we do this is through security research and vulnerability disclosures to major companies.

Read More

Decrypting malware ciphers

In our daily work of Protective Monitoring we see a lot of encoded/encrypted traffic - from webpages served over HTTPS, to passwords being obscured using Base64, to zipped binary data, and PGP emails.

Read More

Android Photo Vault app analysis (Part 3)

Welcome to Part 3 of this series on Android Photo Locker app weaknesses, and things are getting more interesting… As you’ll recall, in Part 1 we discussed the general Android app security landscape, while in Part 2 we delved into poor data storage practices. We’re now going to discuss poor implementations of encryption, alternative methods of data hiding, and the dangers of over-privileged users and apps.

Read More

Maktub Locker - An overview

Ransomware has unfortunately been gaining in popularity over the last year. With targets such as hospitals and schools ‘paying up’ to get their files decrypted, ransomware has become the latest menace to both home and corporate users.

Read More

Android Photo Vault app analysis (Part 2)

This is the second part of a security review of Android ‘Photo Locker’ apps. In the first part we looked at an overview of the state of these types of apps, determining the most common vulnerabilities, and revealing that most of them were easy to extract images from just by having access to the device – with others being vulnerable to other attack vectors requiring more skill or access levels.

Read More

Android Photo Vault app analysis (Part 1)

Security is an important issue to all of us today, and we are all realising the value of our personal data. Images in particular are deemed to be important - we have a desire to protect these over most other types of data. And to address that need comes the ‘Photo Locker’ category of apps. Whether we want to keep corporate secrets in images safe, protect photos of ourselves from others with access to our devices, or keep a personal collection of pictures to ourselves, there are these apps available to keep them safe. But how much protection do these apps really provide?

Read More

NetWars Tournament of Champions 2015

For those of us privileged to have been invited to the 4th annual SANS Netwars tournament of champions, held in the ballroom of the Grand Hyatt hotel in the centre of Washington D.C. last week, the sight of the massive display screens towering over the rows of competitor’s tables was an inspiring start to the event. Each of the tables had several rows of seats for the attendees of the SANS Cyber Defence Initiative, the competitors being made up of people who were attending one of the many concurrent SANS courses and people invited to the Champions Tournament, with my invitation having come from my top scoring performance in the Cyber Academy in Cardiff in October.

Read More

‘Angler’ Exploit Kit - web-based JavaScript malware

When e2e discovered a suspicious webpage had been visited by a host on a client’s network we decided to analyse the script contained within the webpage to find out its functionality. What we discovered was a landing page used by the sophisticated exploit kit ‘Angler’…

Read More

Why people matter in Cyber Defence

In the last blog entry I gave my view of why major corporations keep getting hacked. I argued that the focus of security within organisations is all wrong and, due to lazy evolution, corporate security teams fail to provide business owners with the information needed to make informed decisions on how to defend against cyber-attacks.

Read More

Selecting cost effective monitoring services - Part 3

This is the third article of a three part series that provides advice to organisations looking to procure managed security monitoring, protective monitoring (PM) and/or Security Operations Centre (SOC) services. This article explains e2e’s approach to delivering protective monitoring services.

Read More

The future of Incident Response?

e2e attended the SecurityExpo at Excel earlier in the week and managed to listen to a few key note speakers. We were very interested in ‘The Future of Incident Response’ talk by Bruce Schneier and thought we should add our thoughts…

Read More

Homogenisation - the Achilles' heel of the public cloud?

How do you make and maintain a massive public cloud? You use common parts and you use them everywhere. You try to keep the whole cloud as similar as possible. You do this at every layer of the stack from the hardware to the application api’s. That means the major cloud back ends are homogenised. Key to keeping in control of a massive cloud is to reduce the number of variables - reduce components, reduce complexity and look for as many ‘one size fits all’ solutions as possible.

Read More