We use cookies to ensure our website operates correctly and to monitor visits to our site. This helps us to improve the way our website works, ensuring that users easily find what they are looking for. To allow us to keep doing this, click 'Accept All Cookies'. Alternatively, you can personalise your cookie settings.

Accept All Cookies Personalise settings

As the reliance on digital systems increases and the sophistication of cyber-attacks continues to grow, it is important that organisations regularly test their ability to defend themselves from digital compromise.

Many organisations invest heavily in digital security controls and have spent time and effort developing procedures and processes to counteract cyber-attack, but many have never tested these to see if they are fit for purpose in this ever evolving digital world.

It takes regular and repeatable testing cycles to ensure that an organisation is ready to protect and respond to comprise of digital platforms and it often requires sophisticated approaches to replicate and simulate the types of attacks an organisation may face. In many cases testing needs to go far beyond simple exercising of digital systems to identify potential vulnerabilities and move more towards actually testing the resilience of a company’s digital estate and associated operations.

We have a well-established pedigree in providing testing mission critical services and capabilities for the UK public sector and defence communities, and has built on this to develop the longest established dedicated security and penetration testing team in the world.

Our experts can work with organisations to simulate real-world scenarios and test the digital systems of an enterprise in a way that emulates the attack methods threat actors in order to practically, but safely and ethically, test an organisation’s digital resilience posture.

Contact us

Looking for more information? Click here for our contact form.

Key Features & Benefits

  • Vulnerability Identification - Helps organisations identify critical vulnerabilities in their digital systems and operations, which may expose them to risk of compromise
  • Better Decision Planning - Allows organisations to take a systematic approach to risk mitigation, provides a prioritised view of system vulnerabilities on which action can be taken
  • Building Confidence - Gives organisations a level of confidence in their digital and physical controls, thus allowing a board to assess their level of digital resilience
  • Improved Defensive Capabilities - Testing helps organisations better understand their defensive capabilities and to test security operations across the enterprise.
  • Intelligence-led - our extensive exposure to a variety of targeted industries provides us with an excellent insight across the cyber threat landscape. Leveraging this breadth and depth of knowledge enables us to tailor testing to match real-world attack scenarios and build a realistic picture of the risks an organisation faces.

Our Security Health Check Penetration Testing services cover application, infrastructure, wireless, cloud and mobile environments. Our certified specialists use industry best practice and extensive experience to identify vulnerabilities in systems, the risks they pose, the consequences of their configuration, and a tailored recommendation for the issue, which makes sense for your business.

We continually adapt to new ways of working. Ransomware attacks are more prevalent and remote working is becoming the new norm. Both government and commercial organisations have recently come under sustained, and at times damaging, attack from increasingly capable adversaries.

Recent high-profile security compromises have proved that whilst the theft of intellectual property or subscriber data can have regulatory or financial implications, the reputational damage that can result from such a breach can have far reaching implications for even the biggest multinationals.

It has also shown that attackers are becoming increasingly sophisticated and are now using multidimensional attacks against their targets. The security of information systems is of paramount importance to almost every type of organisation, as core business functions often depend on digital data, services and infrastructure.

Our methodologies have been extensively examined, our expertise is trusted, and our reporting standards are held in high regard, which is why we are a trusted supplier to many large and small UK government entities.

Key Benefits
  • Identifies how real-world attackers would compromise your systems
  • Provides prioritised recommendations and guidance to fast track remediation
  • Provides real actionable intelligence against your security posture
  • Highly experienced Security Cleared and Developed Vetting CHECK specialists

Contact us

Looking for more information? Click here for our contact form.

Download our Penetration Testing service sheet

CHECK IT Health Check

Our CHECK IT Health Check (ITHC) service provides high-assurance application and infrastructure testing by highly experienced and security cleared, CHECK, CREST and Tigerscheme certified pentest security specialists.

Our CHECK service has been collaboratively supporting pentest accreditation since the late 1990's, proudly using trusted methodologies to safely provide the highest levels of assurance, communicating findings in a professional non-alarmist manner.

As a founding member of the original scheme, Our Security Health Check has been a CHECK approved team since the scheme's inception and are proud to be recognised as one of the UK's best assets in helping protect the UK's IT systems.

Key Benefits
  • Satisfies your mandated and compliance requirements
  • Identifies how real-world attackers would compromise your systems
  • Provides real, actionable intelligence against your security posture
  • Highly experienced Security Cleared and Developed Vetting CHECK specialists

Download our CHECK IT Health Check service sheet

Cyber Intrusion Exercise (CIE)

Cyber Intrusion Exercises use the latest real-world simulated attack delivery methods, to determine how attractive your organisation would look to a motivated and determined adversary. CIE’s can regularly exercise and provide visibility of the robustness of your organisation’s internal technical controls and assure the impact and effectiveness of your third-party investments.

CIE’s are delivered in three main phases:

  • Internet-based assessment
  • Stand-off attacks
  • Onsite testing and egress assessment

This approach helps to fast track your organisational resilience by benchmarking and providing recommended remedial improvements clearly and concisely, from critical to low. CIE’s provide a much higher level of organisational coverage and assurance by complementing conventional annual, compliance driven testing, and therefore delivers more value for money to your business. This new service targeted to SME’s, in addition to our class leading Advanced Intrusion Testing service, which is focused towards enterprise customers, provides a full spectrum capability at an appropriate price point.

Our Approach

Our subject matter experts will undertake testing that aims to simulate attacks against a target application or network using the same tools and techniques as the most highly skilled adversary.

Throughout this process, our experts liaise with the customer to ensure they are kept informed of progress.

All engagements are expertly managed from inception to delivery and include the generation of clear and concise reporting in a timely manner.

Our reports prioritise areas of technical risk and present them in an easily understandable and actionable format.

We can offer SC and higher cleared security specialists with both industry standard CREST, Tigerscheme and Cyber Scheme qualifications.

We offer both on-site and remote, internet-based assessments.

Red Team Cyber Attack Simulation

Our Red Team exercises are designed to deliver a fast paced and intensive cyber adversary simulation over a set period. For this offering, the Security Health Check adopts the attributes of an adversary that is less concerned about stealth and attribution than about the ability to complete their exercise objectives and withdraw before the organisation can detect and mitigate the threat.

Our Red Teaming service consolidates over two decades of experience delivering infrastructure and web application testing, open source intelligence gathering, and classical penetration testing. The Red Team service provides the highest levels of assurance by challenging our customer’s assumptions of security by adopting the real world adversarial methodologies, tools and techniques used by highly skilled, highly motivated attackers. QinetiQ’s SHC team continues a strong heritage of innovation, leading the way in Red Team exercises by challenging the normal penetration testing paradigm. The Red Teaming service identifies those attack vectors which may be overlooked by more tightly scoped penetration testing exercises, culminating in highly focused technical reporting and leading to deeper insights for our customers.

Key Benefits
  • Emulates real world threat actors and vectors in controlled environments
  • Uses network implants, spear- phishing and OSINT
  • Provides real, actionable intelligence against security posture
  • Gains a foothold on internal and external networks

Contact us

Looking for more information? Click here for our contact form.

Download our Red Team Cyber Attack Simulation service sheet

Advanced Intrusion Exercising (AIE)

Pro-actively examining the real-world threat posed by targeted attackers by combining social engineering, physical breach and traditional cyber-attack methodologies, the AIE provides the most comprehensive practical exploration of breach simulation. Performed by highly qualified and trusted security specialists, the AIT can safely emulate nearly any potential threat actor.

The AIE service can also be performed alongside and with the full interaction of a customer’s SOC analysts and security teams so that they can see, in real-time, what different types of advanced attacks against the organisation look like as they happen, and to identify what footprints that even a highly skilled and covert attacker will leave in system logs. This helps the Blue Team network defenders to “train like they fight”.

Key Benefits
  • Emulates real world threat actors and vectors in controlled environments
  • Assess the effectiveness of physical controls and human practices
  • Provides real, actionable intelligence against security posture
  • Exercise SOC capabilities in real time with attack methodologies

Download our Advanced Intrusion Exercising (AIE) service sheet

Multi Scenario Advanced Attack Simulation (MSAAS)

QinetiQ will design and execute multiple attack scenarios, supported by an open source intelligence gathering exercise, tailored to an organisation, while emulating the capabilities and techniques of threat actors.

The Multi-Scenario, Advanced Attack Simulation service provides an organisation the opportunity to evaluate its ability to defend against real world threats. The challenge for organisations is to facilitate the sharing of information in a controlled and resilient manner for legitimate business purposes; whilst at the same time protecting information that should not be shared, altered or disrupted.

QinetiQ have developed the Multi-Scenario, Advanced Attack Simulation to avoid the usual drawbacks of traditional penetration testing, namely that the response teams are aware of upcoming tests and will be more vigilant than under normal circumstances. This creates a false sense of security and is generally accepted to diminish the value of test results. By marrying this testing with the Cyber Kill Chain, QinetiQ provide a thorough examination of our customer’s current defensive and monitoring capabilities.

Key Benefits
  • Emulates real world threat actors and vectors in controlled environments
  • Engagement run over extended period, mimicking a true threat actor
  • Provides real, actionable intelligence against security posture
  • Highly-experienced, SC and DV-cleared CHECK specialists

Download our Multi Scenario Advanced Attack Simulation (MSAAS) service sheet

Purple Teaming and Actionable Intelligence

The best time to test a Blue Team and an organisation’s resilience is before it is attacked. QinetiQ’s Purple Team exercise is designed to team up our Red Team specialists with your Blue Team defenders to identify tools, signatures and techniques used by threat actors before they become a problem.

Understanding that people form the first and most important part of an organisation’s defence, QinetiQ’s Social Engineering service helps identify if your staff training and security culture have been embraced, understood and implemented. Social Engineering can be tested through spear phishing with emails, phone calls, text messages, or in person.

Key Benefits
  • Targeted threat actor emulation in a safe environment
  • Exercising SOC capabilities in real time with attack methodologies
  • Uses spear-phishing and OSINT
  • Provides real, actionable intelligence against security posture OSINT

Assess an organisations security from a human perspective

Download our Purple Teaming and Actionable Intelligence service sheet

Penetration Testing Training

Our Penetration Testing skills and tradecraft has been honed over decades of experience in the field. This training service takes that knowledge and best practice, distils it into a series of modules and instils our students with knowledge of the laws, tools and tradecraft to succeed as a penetration tester. Our Security Health Check team has developed a training solution to help develop the skills required to quickly and efficiently gain the relevant skills required to perform penetration tests.

Penetration testing, is a pro-active simulated real world attack conducted against a network, system, application or organisation that identifies vulnerabilities and weaknesses. Penetration tests (pentests) are part of an industry recognised approach to identifying and quantifying risk to an organisation. Pentests actively attempt to practically exploit vulnerabilities and exposures in a company’s infrastructure, applications, people and processes as part of a Security Health Check (SHC). Through exploitation, the Security Health Check will provide context to the vulnerability, impact, threat and the likelihood of a breach in an information asset. This module will teach the practical skills required to perform a Security Health Check, along with the reasons why pro-active testing of security, using realistic methodologies is so important for any organisation.

Key Benefits
  • Gain practical advice and appreciation of penetration testing
  • Learn industry recognised methodologies
  • Delivered by qualified CREST and TIGER professionals
  • Practical hands on exercising

Contact us

Looking for more information? Click here for our contact form.

Download our Penetration Testing service sheet

Red Team Tradecraft

Our Red Team training service elevates a penetration tester to think like an offensive security specialist by teaching through lecture and practical experience, across multiple modules, how to plan, build, and execute a high assurance, offensive, cyber operation; the training culminates in a simulated operation against our challenging cyber lab.

This course provides the theoretical and practical experience required to realistically simulate advanced threat actors. This course provides pentesters with the techniques required to become red teamers, and provides blue teamers with the opportunity to practically understand the techniques that may be deployed against them.

The course practically teaches the atomic elements used in a red team attack, including but not limited to setting up the attack platforms, passive and active reconnaissance, phishing, command and control, lateral movement, privilege escalation and exfiltration of target resources. Then the course draws the lessons learnt together in a realistic stand-off electronic attack against a simulated organisation utilising enterprise technologies and mature defensive technologies which alert the “blue team hunt pack” which will try to push you back out of the network if you register on their alert dashboard.

The theoretical elements will also cover the often overlooked infrastructure fundamentals and secure handling of customer data and persistence to protect your access to your clients and to protect their data.

Key Benefits
  • Realistically emulate real world threat actors in a safe environment
  • Learn attack simulation methodologies
  • Access to QinetiQ's challenging assault courses
  • Take skills to the next level

Download our Red Team Tradecraft service sheet