Certifications

CREST STAR CHECK CYBER ESSENTIALS ISO27001 ISO9001

Cyberis achieves CREST STAR-FS accreditation

Cyberis has become one of the first cyber security companies to receive accreditation for the CREST STAR-FS framework to deliver intelligence-led penetration testing for the financial sector. The Simulated Target Attack and Response (STAR) scheme has been developed by CREST to meet the needs of Regulators to better understand the current cyber security posture of regulated financial services companies and identify where improvements in security arrangements need to be applied.

Tags

EDR: Is it worth it?

When working with smaller businesses, sometimes we’re asked whether Endpoint Detection and Response solutions are worth the money, over and above traditional anti-virus.  Much of the time, EDR is used in large enterprises in conjunction with a sizeable technical team of experienced professionals who engage in active response and threat hunting as their full-time job.  It can be difficult for smaller businesses to see where EDR might fit in.

Tags

Nessus Scanning with SSH Proxies

Unfortunately, Nessus does not support SSH proxying. This is a problem when scanning remote hosts behind a bastion box, especially when it is not possible to bind or connect to a new port to the bastion box due to firewall rules. Binding a port to localhost and pointing Nessus to 127.0.0.1 is also not an option as Nessus handles scanning localhost in a different way and will report issues with the scanning box itself.

In a pinch it is possible to hack around this problem by tricking the Nessus scanner into thinking it’s scanning the remote host when it is in fact connecting via a port bound to the localhost. Iptables to the rescue….
Tags

COVID-19 Update

The impact of the COVID-19 outbreak on Cyberis’ ability to deliver services is currently minimal. We have always promoted a flexible working culture, with many of our consultants working from home on a regular basis.