Application development

Virtual companies are the way forward just like virtual operating systems, Audent has been doing this since 2010 and going strong.

Posted on

Audent Limited leads a group of 10 separate companies to meet the requirements of it’s corporate customers.  Like VMware, we manage virtual teams to meet the IT demands of major corporates.  The difference with us is that we engage our resources only when they are needed.  This makes us very lean and agile.

The analogy is a bit like comparing a large corporate IT supplier with thousands of employees (like an old mainframe, always on even when not processing) with Audent spinning up expertise when required in virtual teams (like a modern VMware estate, only on when needed).  The consumption of power, fuel and other vital resources is hundreds of times lower at Audent because we are only using the resource pool of 600 experts when needed.  This enables us to maintain competitive edge with reduced overheads.

Our carbon footprint is massively reduced.  Like a pilot light, our core team of senior managers is ready to react fast and spin up expert teams quickly to meet demand.  From Cyber Essentials consulting to implementing a hybrid cloud infrastructure, we are ready to help, fast.

It has been said that companies that grow to over 100 staff start to forget who their customers are and their management often forget who their staff are.  Smaller companies care more about their customers.  Let’s face it each £1 means more to small company compared to a massive entity.

We have taken 10 smaller, specialist companies spanning the important areas of IT and combined them in the Audent Consortium. This gives us scale and expertise to compete with the big players yet we still value our customers and they get the attention they deserve.  We have also invited some of the top experts globally to join us and ensure we deliver the best solutions.  Many are drawn to us because our philosophy is that technology is secondary to customer requirement.  We are requirement led and not product led like so many other IT integrators.

Doug Woodburn (Managing Editor, CRN Magazine) wrote a great summary last year and was taken by our virtual structure. See the blog:  Interview with Doug.  If you want to know more, don’t hesitate to contact us.

Application development

IoT, smart fridges and hackers

Posted on

February 2017:  Audent takes leading role in IoT security testing.

The first example of a smart domestic device security breach was with an internet enabled fridge.  Hackers took advantage of a flaw in the way a smart fridge fails to validate SSL certificates, making ‘man-in-the-middle’ attacks possible.  Login details from a Gmail account were obtained.

The explosion of IoT devices in domestic, corporate and healthcare environments has huge implications on personal safety. Internet access is now enabled within our cars, fridges, vacuum cleaners, heating systems, utilities and wearable technology such as medical diagnostic tags. Risk from cyber crime is growing at an exponential rate.

Audent has responded to this demand with a team of 25 testing experts covering all aspects of IoT.  Working on devices before they are released and also building assurance standards openly shared throughout the IoT community.

The teams working for Audent are well known and respected in their space, and below are some of their achievements and project highlights:

IoT Experiences:

  • Smart Health Monitor Device: Security assessment of smart health monitoring IoT product from one of the largest international medical/home automation device manufacturer.
  • Smart Vacuum Cleaning Robot: Performed controlled attack and penetration activities to assess the overall level of security of Smart Vacuum Robot from one of the International smart home appliance manufacturer.
  • Smart Food Processor: Performed penetration testing of Smart food processor appliance from one of the largest smart food processor manufacturer.
  •  Other smart domestic heating control devices.
  •  Provide training on IoT, Web, Android and IOS exploitation.

Web, Infrastructure and Mobile Application Experiences:

  • Security assessment of MDM solution, IOS and Android app of a consulting company in Germany.
  • Web Mobile and Network security assessment of various telecom companies. Security testing of large payment gateway.
  • Green field security testing for a government agency who are actively targeted by state sponsored/APT attacks.
  • Hardware/Embedded: Found and reported various issues, such as, buffer overflow in Linksys router, malicious command injection and encryption bypass in Kankun smart plug (IoT device).
  • Fuzzing Infrastructure: We have developed a state of the art in-house infrastructure for fuzz testing of various software. We regularly report bugs we find via fuzzing to product vendors.

Background:

  • Discipline Fusion: our ultimate objective is to secure clients’ systems rather than just finding vulnerabilities and suggesting a few technical steps.  Therefore, Cyber security strategy and defence consultants (who have worked at CISO level of highly secure organisations) are engaged after the security testing is completed by the penetration testing team in order to devise pragmatic risk mitigation solutions.
  • Post-Testing Support:  full support is provided to the client even after the report is presented to help remediate any vulnerabilities that are discovered during the engagement.  we are happy to advise on remediation after testing on an unlimited basis.
  • Organisation Focused Reporting:  a technical vulnerability with “High” criticality for one organisation may be a “Low” criticality for another organisation.  Therefore, our business aware security assessment reporting specifically considers and includes business specific risks in addition to the standard assessment process.
  • Specialist Testing: The security testing of various components, such as, Web App, Infrastructure, hardware devices is conducted by specialists in that area.
  • Research Led Security: Our team members spend a big percentage of their time researching vulnerabilities, crafting exploits, and training that provides them more techniques in their arsenal which they use in real world testing rather than just using the standard pen testing toolset.

Contact us if you would like to explore how we make a difference with our unique penetration testing, especially our unlimited remediation services.  Contact us.