Coffee break

Do you police your social media policy? We think you should.

Posted on

Many organisations have had a social media policy in place for some time.  Yet we have found that policing the social media footprint of employees and contractors is another matter.  We have developed an AI based open source intelligence platform.  Managed by our team of ex Police, Military and Government staff, we produce fantastic insightful reports highlighting any issues.

This does not have to be a negative thing either, because issues like own goals (something that can influence the reputation of an employer and employee) can be deleted, restoring the right image instantly.  If you use your own staff to do screening it can create unconscious bias towards individuals which can be a legal nightmare.  Giving us your screening means we stay focussed on just the issues that impact business reputation with protected characteristics.

To make the policing job affordable, we produce these reports for £50 per person and always ask the person being screened for their permission.  Contact us to find out more at enquiries@audent.co.uk

Cyber Essentials

ACE Cyber Essentials Plus services make a difference working with the Audent Consortium. A bit of history.

Posted on

The original CESG 10 steps to cyber security in 2012 led to an evolution in security positioning.  Cyber Essentials was born on the back of custodians of IT security wanting more guidance and detail than the 10 steps programme.  Developed by government and industry the NCSC (was CESG) now has 5 certification bodies and have successfully helped to train many consultants to become accredited Cyber Essentials Practitioners or ACE practitioners.

Being an ACE practitioner is not the end of the story at Audent.  Our ACE practitioners, (often experienced in other areas of security governance such as 27001 and PCI) bring real world security experience to the table.  Our experiences at the Ministry of Justice, YJB, The Supreme Court, Energy Systems Catapult Warwick Manufacturing Group and Warwick University have been based on practical gap analysis and an eye on ensuring they are as secure as possible, within budget.  We are not an organisation that is prescriptive, each customer has their own challenges and particular areas that need more attention.  Our Cyber Essentials remediation advice is in plain English and we will debate the best route to get Cyber Essentials without cutting corners.

Cyber Essentials is based heavily on preventing attacks from the internet, yet we have detailed knowledge about all attack vectors assisted with a separate team of advanced penetration testers.  Complimented with our consortium of 10 separate, specialist companies.  We have in depth knowledge of infrastructure from servers to firewalls and security software enabling us to fully guide each client with a practical remediation.  In many cases we are asked to architect a remediated environment for the client and assist with implementation using our pool of 600 experts.  Check Point, Palo Alto, Cato, Forcepoint, Cisco, Symantec, Veeam, Fortinet, IBM, Dell and HP are just a few of our vendors where we have accredited consultants.

Don’t hesitate to contact us if you would like to talk real world Cyber Essentials and everything that surrounds successful IT security!  Contact us.

Application development

Virtual companies are the way forward just like virtual operating systems, Audent has been doing this since 2010 and going strong.

Posted on

Audent Limited leads a group of 10 separate companies to meet the requirements of it’s corporate customers.  Like VMware, we manage virtual teams to meet the IT demands of major corporates.  The difference with us is that we engage our resources only when they are needed.  This makes us very lean and agile.

The analogy is a bit like comparing a large corporate IT supplier with thousands of employees (like an old mainframe, always on even when not processing) with Audent spinning up expertise when required in virtual teams (like a modern VMware estate, only on when needed).  The consumption of power, fuel and other vital resources is hundreds of times lower at Audent because we are only using the resource pool of 600 experts when needed.  This enables us to maintain competitive edge with reduced overheads.

Our carbon footprint is massively reduced.  Like a pilot light, our core team of senior managers is ready to react fast and spin up expert teams quickly to meet demand.  From Cyber Essentials consulting to implementing a hybrid cloud infrastructure, we are ready to help, fast.

It has been said that companies that grow to over 100 staff start to forget who their customers are and their management often forget who their staff are.  Smaller companies care more about their customers.  Let’s face it each £1 means more to small company compared to a massive entity.

We have taken 10 smaller, specialist companies spanning the important areas of IT and combined them in the Audent Consortium. This gives us scale and expertise to compete with the big players yet we still value our customers and they get the attention they deserve.  We have also invited some of the top experts globally to join us and ensure we deliver the best solutions.  Many are drawn to us because our philosophy is that technology is secondary to customer requirement.  We are requirement led and not product led like so many other IT integrators.

Doug Woodburn (Managing Editor, CRN Magazine) wrote a great summary last year and was taken by our virtual structure. See the blog:  Interview with Doug.  If you want to know more, don’t hesitate to contact us.

Consultative selling

Audent. Here for the long haul, unlike some others.

Posted on

Audent grows from strength to strength based on long term, strategic partnerships with clients since 2010.

We are a consortium of 10 separate, specialist companies spanning the most important areas of IT.  600 resources and over 250 vendors gives us so many opportunities to add real value.  Here is one journey we have had with a client spanning 8 years:

1.   In 2010 we were asked to provide a WiFi router to this strategic client, we were price competitive and delivered quickly.

2.  We were invited to help with the provision of the security estate and implemented, Check Point, Clearswift and Cisco ASA.

3.  We also provide 24/7 help desk support for the security estate.

4.  Won a bid to implement online backup.

5.  Delivered a market analysis of anti-virus products to replace Sophos, the client chose Symantec for 350 users.

6.  Won the bid for a new storage environment with EMC for the NAS, coupled with Cisco and Dell to complete the   implementation.

7.  Introduced Vodafone to replace EE on 350 handsets.  Won the contract with £30,000 extra hardware fund together with completely funded Microsoft 365 environment for 350 users.

8.  Delivered the latest Windows phones to complete the mobile working enablement capability.
We were invited to write a five year IT strategy with our interim CIO over a 6 month period, working closely with key stakeholders to really understand what the business needed. Delivered the strategy.

9.  Also invited to bring on board our interim IT Manager to deliver the strategy over 4 years as part of the customer team.
Implemented Microsoft 365 with our Microsoft cloud team on time.

10.  A stronger reliance on cloud drove the requirement to replace aging internet connectivity and Audent won the public bid with delivery of dual 200 Mbps circuits.

11.  Won a bid to implement WiFi on seven floors working with Cisco and Cisco Meraki.

12.  Converted all hardware warranties across the estate to reduce warranty costs by over 30%. SLAs range from 4 hours to next business day.

13.  Our resourcing division was successful in placing two engineers to assist with managing IT and support under the newly appointed IT Manager who was recently promoted.

14.  Successfully completed a pen test and instead of simply handing a remediation report to them, we met and discussed how to remediate using our infrastructure knowledge.  We also offered unlimited remediation advice at no charge.  We are focussed on making our clients more secure rather than simply ticking a pen test tick box.

15.  The partnership continues…

The Result

We have grown with our customer and we are seen as an integral component of the IT capability, remaining preferred supplier based on a proven track record.  The customer benefits from our pool of resources and excellent prices from diverse routes to market.  All of the above projects have been sourced through the Audent consortium, making procurement much easier. References on request.

Application development

IoT, smart fridges and hackers

Posted on

February 2017:  Audent takes leading role in IoT security testing.

The first example of a smart domestic device security breach was with an internet enabled fridge.  Hackers took advantage of a flaw in the way a smart fridge fails to validate SSL certificates, making ‘man-in-the-middle’ attacks possible.  Login details from a Gmail account were obtained.

The explosion of IoT devices in domestic, corporate and healthcare environments has huge implications on personal safety. Internet access is now enabled within our cars, fridges, vacuum cleaners, heating systems, utilities and wearable technology such as medical diagnostic tags. Risk from cyber crime is growing at an exponential rate.

Audent has responded to this demand with a team of 25 testing experts covering all aspects of IoT.  Working on devices before they are released and also building assurance standards openly shared throughout the IoT community.

The teams working for Audent are well known and respected in their space, and below are some of their achievements and project highlights:

IoT Experiences:

  • Smart Health Monitor Device: Security assessment of smart health monitoring IoT product from one of the largest international medical/home automation device manufacturer.
  • Smart Vacuum Cleaning Robot: Performed controlled attack and penetration activities to assess the overall level of security of Smart Vacuum Robot from one of the International smart home appliance manufacturer.
  • Smart Food Processor: Performed penetration testing of Smart food processor appliance from one of the largest smart food processor manufacturer.
  •  Other smart domestic heating control devices.
  •  Provide training on IoT, Web, Android and IOS exploitation.

Web, Infrastructure and Mobile Application Experiences:

  • Security assessment of MDM solution, IOS and Android app of a consulting company in Germany.
  • Web Mobile and Network security assessment of various telecom companies. Security testing of large payment gateway.
  • Green field security testing for a government agency who are actively targeted by state sponsored/APT attacks.
  • Hardware/Embedded: Found and reported various issues, such as, buffer overflow in Linksys router, malicious command injection and encryption bypass in Kankun smart plug (IoT device).
  • Fuzzing Infrastructure: We have developed a state of the art in-house infrastructure for fuzz testing of various software. We regularly report bugs we find via fuzzing to product vendors.

Background:

  • Discipline Fusion: our ultimate objective is to secure clients’ systems rather than just finding vulnerabilities and suggesting a few technical steps.  Therefore, Cyber security strategy and defence consultants (who have worked at CISO level of highly secure organisations) are engaged after the security testing is completed by the penetration testing team in order to devise pragmatic risk mitigation solutions.
  • Post-Testing Support:  full support is provided to the client even after the report is presented to help remediate any vulnerabilities that are discovered during the engagement.  we are happy to advise on remediation after testing on an unlimited basis.
  • Organisation Focused Reporting:  a technical vulnerability with “High” criticality for one organisation may be a “Low” criticality for another organisation.  Therefore, our business aware security assessment reporting specifically considers and includes business specific risks in addition to the standard assessment process.
  • Specialist Testing: The security testing of various components, such as, Web App, Infrastructure, hardware devices is conducted by specialists in that area.
  • Research Led Security: Our team members spend a big percentage of their time researching vulnerabilities, crafting exploits, and training that provides them more techniques in their arsenal which they use in real world testing rather than just using the standard pen testing toolset.

Contact us if you would like to explore how we make a difference with our unique penetration testing, especially our unlimited remediation services.  Contact us.

Coffee break

Amazing picture on Google Earth

Posted on

This is a one in a million photo from space to share. What are the chances of this happening? I was looking at on old property on Google Earth and right above my street caught on camera was an Air Canada aircraft!

The chances of seeing something like this are so remote I thought I would share it.  If you look at Groves Close, Bourne End in Google Earth you can see it’s real.  The Finance Director of Air Canada emailed me and said that it was no longer in service and was a few years old.

Consulting

Audent interview with CRN Magazine

Posted on
Virtually working together

Doug Woodburn Managing Editor at CRN explores the Audent consortium. 

Audent says its virtual model is ‘way forward’ for channel Reseller consortium Audent claims it is taking the market by storm with its ‘virtual’ model after enlisting resourcing professional services consultancy Klarion Ltd as its tenth member.

Founded in 2010 by former 2e2 manager Jeremy Hennequin, Audent leads a consortium of suppliers offering services covering security, mobile working, managed services, supplier consolidation, application development and resourcing.

Talking to CRN, Hennequin said the addition of Klarion will help it meet demand from clients looking to recruit technical staff.

“We took the top-10 CIO wish list and instead of employing 500 staff, we went to ten different companies to fulfil those areas and said ‘come and join the consortium and we will take on the likes of BT’,” Hennequin said.....

Read More