Nettitude and Lancaster University are developing an ICS framework and network based appliance that will provide end users within complex supply chains the relevant knowledge and visibility of their key areas of risk. A common framework and approach will provide consistency across the supply chain and help identify the priorities and actions needed to ensure a robust security posture is maintained.

Organisations value their data. Security controls have historically been implemented around the environment in which data resides in order to bring the risk down to an acceptable level. The advancements in collaboration tools between businesses, use of cloud services, the borderless nature of our mobile work environments, and a reliance on 3rd parties - providing this secure ‘wall’ around your data can be very difficult. Modern cyber-attacks utilising readily available advanced threat intelligence, sophisticated malware and spear phishing techniques can penetrate traditional defences in a few steps. But as our data increases, keeping track of where it is and when it leaves our organisation becomes harder. One of the first challenges for many companies is knowing what data they need to protect, where it actually resides and who has access to it. In the last 6-12 months there has been a real shift in security thought leadership from simply preventing it from happening, to knowing when it does. When you do get hacked, how do you respond, contain the problem and recover? Stopping it from happening is no longer a realistic expectation. ‘Security in Depth’ is the starting point, but without a strategy around ‘Response in Depth’ organisations will only know a problem exists after it is too late. Current solutions attempt to secure the environment, but if the data gets out, how do you know where it has gone? Or when it went? Nettitude aim to address these issues through the development of a Data Loss Intelligence (DLI) prototype tool. This builds significantly on existing Data Loss Prevention (DLP) tools by tagging real data and providing control over this data to its owners after it has left their organisation. The control and intelligence gathered by the data itself on its journey will provide a unique approach to enhance incident response services based around log data collection and analysis. This additional capability will allow you to know and control your data.

This project will research and develop a continuous, AI assisted cyber assurance penetration testing platform for web and mobile applications. The outputs will also consider wider applications of AI/ML within other cyber domains.

The Nettitude ThreatReceivers (Cyber Deception Technology) project is designed to develop a cutting edge solution in detecting threat actors seeking to compromise critical assets and systems within financial services organisations and high threat environments. Deploying technology that will act as a decoy away from critical assets and systems and provide credible simulated environments for attackers to focus their time and effort on, whilst giving up valuable intelligence about their capabilities and methods.