Pasar al contenido principal

Cyber Due Diligence

Thomas Murray’s cyber due diligence services help companies make better-informed investment decisions through a range of services: 

Due Diligence

Pre-transaction M&A due diligence

Thomas Murray can perform light-touch due diligence without the permission or participation of target companies, using a combination of proprietary, open source and premium third-party threat intelligence.

Due Diligence

Post-transaction M&A due diligence

In-depth evaluation of target companies’ cyber security posture, combining output from interviews with IT security questionnaires against industry standards, such as NIST.

Due Diligence

Private equity portfolio monitoring

Cyber risks are a leading threat to private equity portfolios, where an incident at a portfolio company can turn into a material investment risk. We provide ongoing monitoring of PE houses’ investments, implementing frameworks to monitor, flag and escalate potentially high-risk companies, with regular reporting and the ability to escalate to provide penetration testing and other services.

Quantify

Proactive threat hunting

Thomas Murray’s threat hunting service provides a safeguard to your digital assets and sensitive information. Our team employs cutting edge technologies and thoroughly tested methodologies to actively neutralise potential threats before they have a chance to compromise your organisation’s security. By using Thomas Murray’s threat intelligence, along with behavioural analysis and anomaly detection, hidden threats that may evade traditional defences can be more readily detected.

Technical systems testing

Knowing where the weaknesses are in your infrastructure is half the battle. Our technical testing team has a great depth of experience in testing all types of infrastructure and applications, as well as providing strategic recommendations of where to expend effort and capital to best protect your estate against threats.

We use our extensive threat intelligence to direct our assessments to ensure the most appropriate recommendations and advice for your business.

Technical systems testing

Testing can include:

Penetration testing on infrastructure

Penetration testing on infrastructure

Penetration testing on infrastructure

Including internal and external assessments. Vulnerability assessments can provide a rapid assessment of key misconfigurations

Application assessments

Application assessments

Application assessments

Including but not limited to assessment of web applications, mobile applications, APIs, desktop applications

Social engineering exercises

Social engineering exercises

Social engineering exercises

Phishing and vishing campaigns to test employee resilience to potential threats

Cloud platform assessments

Cloud platform assessments

Cloud platform assessments

Reviewing the configuration and implementation of cloud platforms such as AWS, GCP, Azure, M365, etc

Device configuration security review

Device configuration security review

Device configuration security review

Assessment of firewalls, routers, switches, WAPs and more against known standards

Build reviews

Build reviews

Build reviews

Assess the configuration and deployment of a system to determine compliance with industry frameworks, best practices, and business requirements

Thomas Murray cyber alerts

Thomas Murray cyber alerts

Subscribe to stay up to date with developing threats in the cyber landscape

External attack surface monitoring

External attack surface monitoring

The cyber landscape is constantly shifting. Your external estate is the castle wall that provides the first line of defence against the threats that exist on the internet. Our external attack surface monitoring service provides a continuous assessment of your perimeter, identifying misconfigurations, exposed assets, and potential entry points.

Having a proactive approach to monitoring ensures that you can swiftly address and remediate issues before they can be exploited.

Threat intelligence

Industry vertical threat reporting

Industry vertical threat reporting

Orbit Security enrichment

Orbit Security enrichment

Orbit Security enrichment

Custom threat analysis and reporting

Incident response support

Incident response support

Detection support and IOC feeds

Detection support and IOC feeds

Detection support and IOC feeds

Deep and dark web monitoring 

All our services are underpinned by our own threat intelligence. Thomas Murray collates, processes and analyses all our own incident response data to develop an enhanced understanding of current threats. This also allows Thomas Murray to track trends in malware development and knowledge of active threat actors. In turn, this analysis provides understanding of the associated threats to the findings of Orbit Security, allowing for the prioritisation of remediation activities.

Protegemos a los clientes y sus comunidades

Communities Logo 02

Northern Trust

“Thomas Murray proporciona a Northern Trust una variedad de productos, servicios y tecnología de solicitud de propuesta para la recolección de propuestas, lo que brinda una solución eficiente y rentable que libera a nuestros gerentes bancarios para que se concentren en actividades de mayor valor.”

Petroleum Development Oman Pension Fund

Petroleum Development Oman Pension Fund

“Thomas Murray ha sido un aliado valioso en el proceso de selección de nuestro custodio para Petroleum Development Oman Pension Fund.”

ATHEX

ATHEX

“Thomas Murray ahora juega un papel clave para ayudarnos a detectar y remediar problemas en nuestra postura de seguridad, de la misma manera que a cuantificar, para nuestros directores y clientes, el rendimiento de seguridad de ATHEX.”

Thomas Murray is a proud member of the North West Cyber Security Cluster

The North West Cyber Security Cluster (NWCSC) is a collaboration of cyber security professionals and experts in the North West region. The NWCSC aims to promote innovation, support skills growth, and develop a robust cyber security ecosystem.

NWCSC Members Badge