Cyber Due Diligence
Thomas Murray’s cyber due diligence services help companies make better-informed investment decisions through a range of services:
Pre-transaction M&A due diligence
Thomas Murray can perform light-touch due diligence without the permission or participation of target companies, using a combination of proprietary, open source and premium third-party threat intelligence.
Post-transaction M&A due diligence
In-depth evaluation of target companies’ cyber security posture, combining output from interviews with IT security questionnaires against industry standards, such as NIST.
Private equity portfolio monitoring
Cyber risks are a leading threat to private equity portfolios, where an incident at a portfolio company can turn into a material investment risk. We provide ongoing monitoring of PE houses’ investments, implementing frameworks to monitor, flag and escalate potentially high-risk companies, with regular reporting and the ability to escalate to provide penetration testing and other services.
Proactive threat hunting
Thomas Murray’s threat hunting service provides a safeguard to your digital assets and sensitive information. Our team employs cutting edge technologies and thoroughly tested methodologies to actively neutralise potential threats before they have a chance to compromise your organisation’s security. By using Thomas Murray’s threat intelligence, along with behavioural analysis and anomaly detection, hidden threats that may evade traditional defences can be more readily detected.
Technical systems testing
Knowing where the weaknesses are in your infrastructure is half the battle. Our technical testing team has a great depth of experience in testing all types of infrastructure and applications, as well as providing strategic recommendations of where to expend effort and capital to best protect your estate against threats.
We use our extensive threat intelligence to direct our assessments to ensure the most appropriate recommendations and advice for your business.
Testing can include:
Penetration testing on infrastructure
Including internal and external assessments. Vulnerability assessments can provide a rapid assessment of key misconfigurations
Application assessments
Including but not limited to assessment of web applications, mobile applications, APIs, desktop applications
Social engineering exercises
Phishing and vishing campaigns to test employee resilience to potential threats
Cloud platform assessments
Reviewing the configuration and implementation of cloud platforms such as AWS, GCP, Azure, M365, etc
Device configuration security review
Assessment of firewalls, routers, switches, WAPs and more against known standards
Build reviews
Assess the configuration and deployment of a system to determine compliance with industry frameworks, best practices, and business requirements
Thomas Murray cyber alerts
Subscribe to stay up to date with developing threats in the cyber landscape
External attack surface monitoring
The cyber landscape is constantly shifting. Your external estate is the castle wall that provides the first line of defence against the threats that exist on the internet. Our external attack surface monitoring service provides a continuous assessment of your perimeter, identifying misconfigurations, exposed assets, and potential entry points.
Having a proactive approach to monitoring ensures that you can swiftly address and remediate issues before they can be exploited.
Threat intelligence
Industry vertical threat reporting
Orbit Security enrichment
Custom threat analysis and reporting
Incident response support
Detection support and IOC feeds
Deep and dark web monitoring
All our services are underpinned by our own threat intelligence. Thomas Murray collates, processes and analyses all our own incident response data to develop an enhanced understanding of current threats. This also allows Thomas Murray to track trends in malware development and knowledge of active threat actors. In turn, this analysis provides understanding of the associated threats to the findings of Orbit Security, allowing for the prioritisation of remediation activities.
We safeguard clients and their communities
Petroleum Development Oman Pension Fund
“Thomas Murray has been a very valuable partner in the selection process of our new custodian for Petroleum Development Oman Pension Fund.”
ATHEX
"Thomas Murray now plays a key role in helping us to detect and remediate issues in our security posture, and to quantify ATHEX's security performance to our directors and customers."
Northern Trust
“Thomas Murray provides Northern Trust with a range of RFP products, services and technology, delivering an efficient and cost-effective solution that frees our network managers up to focus on higher Value activities.”
Insights
Thomas Murray Partners with Socura to offer Managed Detection and Response to clients that need support to stop cyber threats 24/7.
The collaboration will see Thomas Murray offer Socura MDR to help its clients proactively identify and respond to threats.
Thomas Murray and Crimson7 Announce Strategic Partnership to Modernise Threat Informed Security
Thomas Murray and Crimson7 are partnering to combine their expertise and create innovative solutions for tackling key cyber security challenges.
Thomas Murray and askblue partner to support financial institutions in meeting the Digital Operational Resilience Act (DORA) requirements
Thomas Murray and askblue are collaborating to provide services that help financial institutions comply with DORA requirements.
Threat Intelligence for Law Firms: Protecting clients in the digital age
As a law firm, protecting your clients' data and reputation is more critical than ever in today’s digital-first world.
Thomas Murray is a proud member of the North West Cyber Security ClusterThe North West Cyber Security Cluster (NWCSC) is a collaboration of cyber security professionals and experts in the North West region. The NWCSC aims to promote innovation, support skills growth, and develop a robust cyber security ecosystem. |