FIRST Regional Symposium Europe 2023

Training and continuous professional development are important at e2e for everyone, including managers. Recently, I attended the 2023 FIRST Regional Symposium Europe in Bilbao, Spain.

Read More

Keys to the Kingdom

“Business Email Compromise, one of the top three online security risks facing business today that has the potential to be every bit as devastating as a ransomware attack or a production outage.”

Read More

Top attacks against M365

The three biggest cyber threats also create the greatest cyber-related risk for organisations. Cyber risk is defined as Likelihood x impact. The impact is often measured against the cost to repair or recover from the attack or by other business metrics such as reputational impact, financial impact, or business continuity capability.

Read More

Blog Series - Using ChatGPT for cyber defence

Although it was only released November last year, there’s already been a lot of talk about how OpenAI’s ChatGPT could democratise cybercrime and fuel cyberattacks, with examples of how it’s been used to develop malicious tools available on the dark web.

Read More

Cybersecurity Predictions For 2023

As 2022 comes to an end, there will be much trepidation going into the New Year where cyber attacks are likely to become faster and more destructive. Our CEO, Rob Demain, shares his thoughts on what to expect for 2023.

Read More

The cyber paradigm shift- cost centre to competitive differentiator

Cyber security has traditionally been viewed as an item on an IT checklist and a cost centre. But the perception of cyber security is changing and to explore this, e2e-assure invited seven leading cyber security practitioners and experts to participate in a thought leadership roundtable titled, ‘The cyber security paradigm shift: from cost centre to competitive differentiator’.

Read More

e2e-assure is a Microsoft Gold Partner

As part of our ongoing closer alignment with Microsoft as a chosen strategic partner we have received our first Gold status on cloud platform competency. This is the first in a series of what will be several Gold certifications we are currently working towards.

Read More

An interview with Cybernews

Cyber security is a topic that’s talked about far and wide. Whether it’s due to the exponential increase in remote and now hybrid working over the last two years, nation state tensions or the decreasing costs to create a ransomware attack, everyone seems to be talking about it.

Read More

A summary of CVE-2022-22963 (Spring Cloud RCE)

At e2e-assure, we do a lot of work behind the scenes to protect our customers, both proactively through the likes of threat hunting, but also reactively as new vulnerabilities become known. Over the years we’ve worked tirelessly to ensure customer networks are up-to-date and that we can detect and respond to exploits.

Read More

e2e-assure renews Cyber Essentials+ certification

We’re pleased to share that, earlier this month, e2e-assure renewed their Cyber Essentials Plus (CE+) certification. We’ve held the Cyber Essentials certification since it started, evidencing the continued commitment of our teams to ensure we uphold (and exceed) best practice in cyber security.

Every year the requirements to achieve Cyber Essentials changes, in line with the ever-changing threats and best practice to combat these threats. Changes brought in on the 24th of January 2022 saw the biggest overhaul with regards to technical controls since the schemes launch in 2014, reflecting the heightened risk and complexity of cyber threats today.

Read More

Responding to destructive cyber-attacks

With Russia and Ukraine consistently in the news there is more focus on the likelihood of cyber-attacks on Ukraine’s electric grid and the potential of retaliatory attacks on Europe and the United States given the possibility of sanctions on Moscow. The New York Times reports that the top US cybersecurity official met with NATO to discuss how to prepare, deter and perhaps disrupt any Russian cyber-attacks.

Read More

Should your MSP manage your cyber security?

We’re often asked whether we think an organisation’s Managed Service Provider (MSP) should be responsible for their cyber security. Initially it may seem like a question with a simple answer, after all they’re responsible for the overall IT delivery, so surely that should incorporate cyber security?

Read More

The number 1 piece of advice for log4j

Now that the dust has settled a bit on the log4j vulnerabilities and we’re beginning to build up a better picture of the situation, e2e have provided some more guidance on how to ensure your organisation is as protected as possible. This post complements our regularly updated blog, which provides our initial response and subsequent updates, including new patches and information on the latest industry guidance. You can view the update blog here.

Read More

Cyber security tips for SMB's

We’re increasingly being asked by smaller organisations how they can improve their cyber security, without huge budgets, given the increasing threats they are facing in today’s world.

Read More

e2e launches Google SOC services

As part of our ongoing roadmap, covering both specific customer needs and proactive product development, this week we launched our Google Cloud Security Operations Centre services, delivered through new integrations with our SOC Platform, Cumulo, allowing organisations to have a 24/7 detect and respond service for all Google tools.

Read More

Cyber security threats facing organisations

Let us start by saying that the cyber security threats facing each organisation will differ. For some the challenges could be more internal, in getting everyone to take responsibility for cyber, getting the board to move away from the “it won’t happen to us” mentality, or even malicious insiders. For others, they could be the target of sophisticated nation-state attacks.

Read More

Careers in cyber security

There are numerous routes into a cyber security career and different paths to take within it. You may be new to the world of work and thinking that cyber security might be for you, but unsure what path to take or where to start. You may have years of experience in cyber security roles, but not clear what your next step or even end-goal for your career is. You may even have years in other industries and be considering a complete career change.

Read More

Improving your organisation's cybersecurity

The next blog in our Cybersecurity Awareness Month series covers 10 tips organisations can take to improve their cyber security without spending huge sums of money. Whilst some of these will be quite basic, the beauty (and challenge) of cyber security is that often having good hygiene will help you just as much as investing thousands in a piece of technology or service.

Read More

How to improve your individual cybersecurity

We kick off Cybersecurity Awareness Month with 10 simple ways in which individuals can improve their cybersecurity for themselves and by extension, their businesses. It’s worth noting that most potential attackers don’t target a specific individual (unless of extreme wealth!) as it’s doesn’t represent a good ROI for them and so will normally use bulk techniques, including ‘credential stuffing’ based on previous breaches and the equivalent of mass marketing. This means that taking relatively simple steps can massively reduce your risk of having your details compromised.

Read More

Employee spotlight - Duncan Wright

To launch our new blog series aimed at finding out more about the people behind e2e-assure we spoke to Duncan Wright, Cyber Consultant. Duncan has worked at e2e since the very early days, joining as employee #16 in 2016 and has had an extremely interesting life and career to date, which we explore in this blog.

Read More

Introducing e2e-assure's new starters - Tom Evans

At e2e-assure we’re seeing increasing demand for our services and as part of that have started ramping up recruitment across the business. We’ll be introducing new starters at e2e as we continue to grow as an organisation and thought it was best to start with the new starters to our Business Development team that has doubled in size in the last few months.

Read More

My first 3 months at e2e-assure

Hi. I’m Dan, the new(ish) Marketing Manager at e2e-assure. In contrast to my normal ways of working I decided to write a blog on my first 3 months at the company. I hope it will be useful, whether you’re looking to join e2e and unsure what it’s like, are about to join e2e or are a current employee and interested to see my initial experiences.

Read More

e2e-assure & Nine23 announce partnership

Abingdon, June 2021: Nine23, specialising in cyber security solutions to enable end-users to utilise secure technology through its secure UK Platform FLEX cloud and managed services, and e2e-assure, a trusted cyber security services company with over 20 years’ experience specialising in SOC as a Service and Managed Detection & Response (MDR) will join forces and work together to deliver world class cyber security solutions to reduce risk and deliver value whilst being fully transparent.

Read More

e2e awarded place on the CyberTech 100

We are delighted to announce that e2e have been recognised as one of the 100 most innovative cybersecurity companies helping financial institutions by FinTech Global as part of their 2021 refreshed list.

Read More

Automating false positives in your SOC

Alerts are undoubtedly critical in delivery of an effective Cybersecurity operation, but sheer volume of alerts can be crippling to a SOC. In this blog we’ll talk about the steps you can take to reduce the false positive alerts, freeing up your analysts to provide more pro-active defence and less ‘alert bashing’. We talk openly about the challenges we’ve faced in this area and how we’ve seen drastic improvement through a process designed to save analyst time without increasing security risk.

Read More

BGF Invest £10.5m in e2e-assure

BGF, the UK and Ireland’s most active investor, has completed a £10.5 million minority investment in e2e-assure, an established, fast-growth cybersecurity business based in Oxfordshire. The funding will be used to facilitate international growth and expand its go-to market offering.

Read More

Back To The Future 2 - Lessons Learnt

Part One of this article covered some of the challenges of the traditional SOC approach – overly technology focused with budgets taken up with hardware costs and licence fees desperately chasing log capture.

Read More

Coffee and Cake

Saturday the 10th of October was World Mental Health Day - an important reminder of the continued importance of mental health in both the workplace and our wider lives.

Read More

Cyber Security Summit 2017

In recent months, we have seen an increase in the number of cyber-attacks taking place across the globe. The UK Government is dedicating £1.9bn over the next five years to grow the country’s cybersecurity capabilities to be able to match this growing threat.

Read More

UKCloud Preferred Partner

e2e-assure has become a Preferred Partner in UKCloud’s partner programme and will deliver their world class cyber defence and security monitoring capability to UKCloud’s cloud platform. It will also be available as an optional service for UKCloud’s public sector customers: including Public Sector organisations, System and Service Integrators and Independent Software Vendors.

Read More

Hacking Android devices

As an active member of the security community, e2e-assure is committed to keeping up-to-the-minute with information security tools, techniques and discoveries. However, we know that the only way the ‘Good Guys’ stay ahead of the ‘Bad Guys’ is by thinking offensively, and beating them to the punch. One way we do this is through security research and vulnerability disclosures to major companies.

Read More

Decrypting malware ciphers

In our daily work of Protective Monitoring we see a lot of encoded/encrypted traffic - from webpages served over HTTPS, to passwords being obscured using Base64, to zipped binary data, and PGP emails.

Read More

Android Photo Vault app analysis (Part 3)

Welcome to Part 3 of this series on Android Photo Locker app weaknesses, and things are getting more interesting… As you’ll recall, in Part 1 we discussed the general Android app security landscape, while in Part 2 we delved into poor data storage practices. We’re now going to discuss poor implementations of encryption, alternative methods of data hiding, and the dangers of over-privileged users and apps.

Read More

Maktub Locker - An overview

Ransomware has unfortunately been gaining in popularity over the last year. With targets such as hospitals and schools ‘paying up’ to get their files decrypted, ransomware has become the latest menace to both home and corporate users.

Read More

Android Photo Vault app analysis (Part 2)

This is the second part of a security review of Android ‘Photo Locker’ apps. In the first part we looked at an overview of the state of these types of apps, determining the most common vulnerabilities, and revealing that most of them were easy to extract images from just by having access to the device – with others being vulnerable to other attack vectors requiring more skill or access levels.

Read More

Android Photo Vault app analysis (Part 1)

Security is an important issue to all of us today, and we are all realising the value of our personal data. Images in particular are deemed to be important - we have a desire to protect these over most other types of data. And to address that need comes the ‘Photo Locker’ category of apps. Whether we want to keep corporate secrets in images safe, protect photos of ourselves from others with access to our devices, or keep a personal collection of pictures to ourselves, there are these apps available to keep them safe. But how much protection do these apps really provide?

Read More

NetWars Tournament of Champions 2015

For those of us privileged to have been invited to the 4th annual SANS Netwars tournament of champions, held in the ballroom of the Grand Hyatt hotel in the centre of Washington D.C. last week, the sight of the massive display screens towering over the rows of competitor’s tables was an inspiring start to the event. Each of the tables had several rows of seats for the attendees of the SANS Cyber Defence Initiative, the competitors being made up of people who were attending one of the many concurrent SANS courses and people invited to the Champions Tournament, with my invitation having come from my top scoring performance in the Cyber Academy in Cardiff in October.

Read More

‘Angler’ Exploit Kit - web-based JavaScript malware

When e2e discovered a suspicious webpage had been visited by a host on a client’s network we decided to analyse the script contained within the webpage to find out its functionality. What we discovered was a landing page used by the sophisticated exploit kit ‘Angler’…

Read More

Why people matter in Cyber Defence

In the last blog entry I gave my view of why major corporations keep getting hacked. I argued that the focus of security within organisations is all wrong and, due to lazy evolution, corporate security teams fail to provide business owners with the information needed to make informed decisions on how to defend against cyber-attacks.

Read More

Cost effective monitoring services- Part 3

This is the third article of a three part series that provides advice to organisations looking to procure managed security monitoring, protective monitoring (PM) and/or Security Operations Centre (SOC) services. This article explains e2e’s approach to delivering protective monitoring services.

Read More

Cost effective monitoring services- Part 2

This is the second of a three part series that provides advice to organisations looking to procure managed security monitoring, protective monitoring (PM) and/or Security Operations Centre (SOC) services.

Read More

Cost effective monitoring services- Part 1

This is the first of a three part article that provides advice to organisations looking to procure managed security monitoring, protective monitoring (PM) and/or Security Operations Centre (SOC) services.

Read More

The future of Incident Response?

e2e attended the SecurityExpo at Excel earlier in the week and managed to listen to a few key note speakers. We were very interested in ‘The Future of Incident Response’ talk by Bruce Schneier and thought we should add our thoughts…

Read More

The Achilles' heel of public cloud

How do you make and maintain a massive public cloud? You use common parts and you use them everywhere. You try to keep the whole cloud as similar as possible. You do this at every layer of the stack from the hardware to the application api’s. That means the major cloud back ends are homogenised. Key to keeping in control of a massive cloud is to reduce the number of variables - reduce components, reduce complexity and look for as many ‘one size fits all’ solutions as possible.

Read More