NCC Group has the most CHECK and CREST qualified testers in the UK.
We are the largest independent provider of expert penetration and security testing in Europe, with over 1,500 clients worldwide.
Through our Secure Test and NGS operations, we provide high quality security testing services, whilst advancing the understanding of security vulnerabilities throughout the IT industry and amongst our clients.
Via the biggest security testing team in Europe (100 Testers, including 60 CHECK & CREST accredited) we provide our clients with the reassurance that their systems, networks and web sites are secure from the threat of attack from unauthorised sources, both externally and from within the organisation.
Widely recognised as experts for the provision of security testing, software security and research our consultants are able to draw on the experience of a wide variety of projects for clients including government bodies, online retailers, software vendors and financial services organisations.
Our clients benefit from this wealth of experience and our custom-designed tools, as well as our expertise in delivering jargon-free management reports which explain results and recommendations in clear, non-technical language.
Our Penetration and Security Testing services include: Penetration Testing
We offer a range of Penetration Testing to identify all areas of vulnerability. Employing the up-to-date techniques, technologies and information sources exploited by genuine hackers, our services involve far more than simply ‘scanning’ the network for weaknesses.
Our tests are performed ‘hands-on’ by experienced senior consultants. Our ‘responsible disclosure policy’ results in major vulnerabilities being identified and resolved with vendors.
Key areas of our penetration testing expertise include: - Network security testing: We analyse the security of networks, considering thepotential for both internal and external attacks. This is essential for high profile or Internet businesses where breaches of customer confi dentiality or fraud could result in bad publicity, loss of reputation and business
- Application security testing: We rigorously test applications to ensure they are secure.
- Social engineering: We address the ‘human element’ associated with risk and how threats such as unauthorised physical entry into buildings, impersonation & deception can be addressed.
Remote access and remote worker security: We ensure organisations are equipped to manage the security risks that arise from flexible working. Issues such as laptop security, VPN security and access to remote servers and use of portable
devices are considered.
We also offer bespoke testing services to meet clients’ unique requirements. Utilising our experienced testing consultants, tools and scripts leaves clients free to get on with the day to day running and development of their business.
Minerva Managed Security Monitoring
Our managed security monitoring service gives you daily assurance & confidence that your networks and applications remain secure through the provision of more frequent scanning and tailored alerting services. Our team deploys powerful infrastructure and application vulnerability scanning tools across your network. The results of these frequent in depth scans are then reviewed by our team and any potential issues together with standard remediation advice are reported to you through pre-agreed channels.
Learn more about our
Minerva Managed Security Monitoring Service.
PCI DSS
If your organisation electronically holds, transmits or processes credit card information, regardless of how that information was acquired, then it is required by the Payment Card Industry (PCI) to comply with its Data Security Standard (DSS).
As a leading independent provider of information security consultancy and security testing services, accredited by the Payment Card Industry as a Qualified Security Assessor (QSA) and as a PCI Approved Scanning Vendor (ASV), NCC Group is ideally placed to help you to become compliant and stay compliant.
Forensics
If your systems have been attacked or if you require forensically sound investigation of suspected computer abuse, our Computer Forensic Incident Response & Investigation team delivers a professional service based on real technical expertise & experience.
Visit the
Forensic Investigation section to learn more.
Software Security
As the value of information increases in modern business, so the risk posed by its loss or compromise rises accordingly. Companies use the data they hold in many different ways – but one thing they have in common is where they store their business–critical information. Auditing and protecting databases to allow companies to gain leverage from the data they hold is one of our key missions, as can be seen from the range of software solutions we’ve developed in this area.
Research
Our research department is, quite simply, among the finest in the world. We’ve issued more advisories regarding security issues we have discovered than any other comparable organisation. What’s more, our Research department maintains greater awareness of potentially catastrophic “zero day” threats than any other organisation. Maybe that’s why two of our security specialists regularly rank in the world’s top ten.
Training
Our consultants have provided training to some of the world’s most-security conscious organisations. From general courses for IT department staff, to highly specialised one-to-one training for key personnel. Our courses include: Web Application (In)Security, Advanced Database Security Assessment and Network and Infrastructure Security.
Learn more about our
IT Security Training Services.
Our Accreditations 
Having held the
sought after CESG CHECK Green certifi cation continuously since 2001 and
as two of only three companies to provide the CESG Tailored Assurance
Service (CTAS), we are qualifi ed and security cleared to undertake
security testing, security infrastructure design and audit services for
the UK government’s networks and those of critical national
infrastructures.
We hold the ISO 27001 accreditation for information security and our
testing consultants are certified to other relevant industry standards
such as CREST and CLAS.
We are also a Payment Card Industry Data Security Standard (PCI DSS)
Approved Scanning Vendor (ASV) and Qualified Security Assessor (QSA).
Call +44 (0)161 209 5111 today for more information.