We see two issues affecting the security industry:
Separating signal from noise: security decision-makers are deluged by information. The problem isn’t that the threat keeps changing nor the immense number of security products out there – it’s because there is so much information, and so much of it is the same. Everyone is keen to sell fast & grow quickly, pushing partial solutions in a crowded security market, awash with money. Too often shouting about trends, but missing the real story.
Insufficient focus on security value: we see a disconnect between organisations who need better security and the way in which the market is structured to provide that capability. Buyers feel unsure on which features to invest in, CIOs need things to better fit together and CISOs want users to make better security choices. Concerned by a lack of focus on resilience, we are passionate about driving better security performance.
Today’s world of ongoing disruptive change requires organisations to move fast whilst staying secure. To thrive in the digital revolution, organisations must spend smarter on their resilience. We help customers improve the security performance of their organisation. We bridge the gap between understanding risk, incidents, tools and people to help organisations invest wisely in the right capability to deliver better security value. Working with your Board, Security Operations team and suppliers, we bring the real security story into focus and show what needs doing to make things better. Being independent to drive solution agnostic outcomes, we are free to act in your best interests to unlock more value from your security investment.
Practical thinking to get better value from existing security suppliers and new capabilities
We assess your cyber preparedness not only against statutory regulation such as NIST 800-53 Security Controls or NCSC’s Cyber Assessment Framework (CAF), but also against digital responsibility and ethical business good practice. We validate attacker behaviour using the AttackIQ breach simulation platform to validate your defences, identify gaps in coverage, and evidence your security posture.
Next, we then work with your SecOps team to automate the continuous validation of how your cyber defences should be tuned to stop intruders.
We check your definition of data crown jewels fits your business. We then assess how well this data can be defended to focus attention on minimising risks and prioritise the actions needed to improve resilience.
We use AttackIQ to verify the performance of your security tools. This evaluates your posture against the MITRE ATT&CK framework to mitigate vulnerability to known tactics, techniques, and procedures (TTPs). We can then advise you on how to achieve better security performance using vendor best practice and learning from real incidents.
We can support you through a structured walkthrough of security incidents. We review tactics, decision making and actions to ensure root cause is understood. We can then test if lessons learned have made a positive impact on your operations.
Security transformation is often about managing multiple threads of activity. So we design roadmaps to plan your security journey. We then work with you to implement this as single change programme, governed by a Resilience Delivery Unit. The Unit will comprise a multi-disciplinary team capable of getting things done by joining the dots between threats, risks, incidents, technology, contracts and spending.
Our techies are experienced in solving the complex security issues that can bedevil legacy infrastructure and complex supplier landscapes. We are architects who design ‘security as code’ and incident responders who enjoy hunting threats across both cloud-based and on-premises infrastructure. Our business folk are savvy professionals who see things ‘end-to-end’ and focus on time/cost/quality outcomes.
Alchemmy Executive Director Phil Aitchison explains in a blog with TechUK why, by investing in better Resilience, Boards also demonstrate their commitment to Digital Responsibility, and in doing so, support a whole-society approach which is central to the UK’s National Cyber Security Strategy to safeguard digital Britain.
Check out Phil’s post here.