Assess your cyber security
Discover and test your attack surfaces, whether online or internal
Microsoft 365 Security Audit
We have custom tools to perform security tests and audit of all parts of a Microsoft 365 tenant, including key areas such as user management and account security, the configuration of security protections, SharePoint sites, and application integrations.
Google Workspace Security Audit
We conduct detailed security audits of Google Workspace tenants, to help customers identify potential security and compliance issues with the current configuration. Common areas for improvement are user management and account security, the configuration of available security protections, email security configuration, Google Drive sharing, and third-party application integrations.
Online Risk Assessment
To help understand this attack surface, Red Maple will complete an enumeration task to identify all internet-facing assets belonging to the Client. This is completed using our own attack surface management product [FractalScan Surface](https://fractalscan.com/), as well as other established tools and techniques. It includes an automated assessment of the status and configuration of all registered domain names and certificates, IP address ranges, and DNS records, including email records (MX, SPF, DKIM and DMARC).
Network Security Survey
We perform surveys of internal networks, to enumerate internal IT assets, running network services and their versions, and identify publicly known security vulnerabilities and potential issues with those assets. This process will also test the separation of different networks, and the visibility of devices on all networks
Cloud Infrastructure Test
We offer holistic and focused cloud security reviews. We use GCP and IONOS ourselves for our own and our customers' solutions, but are also experienced in both AWS and Azure. These tests typically uses a combination of automated tools and manual checks to identify potential security and compliance issues with the target infrastructure. Common areas of concert include Identity and Access Management (IAM), networking and firewalls, compute and storage resources.
Endpoint Security Test
Whether Windows, macOS or mobile devices, we can complete technical testing on user devices, to properly evaluate the installed protections and defences against common threats. These tests are based around five key initial stages of the Mitre Att&ck Framework
Web and Mobile Application Tests
After agreeing the scope and coverage with a customer, we combine our development and security expertise to test everything an attacker would. These tests typically focus on the primary security threats and risks to the application using a combination of manual and automated testing.
Improve your cyber resilience
Security is never finished, and wherever you currently are we can help get you to the next level. We're more than just a testing shop; we can help you to prioritise security findings and improvements, we can fix issues for you, and even help you build the next version.
Microsoft 365 Configuration and Monitoring
If you don't have time to implement a report full of recommendations, we can work with you to improve the security of your Microsoft 365 tenant. We can deploy bespoke monitoring tools to help you keep on top of your tenant.
GDPR Reviews
Almost every organisation processes and stores Personally Identifiable Information on their staff and customers. Organisations with data from European citizens must protect that data in accordance with GDPR. Our high-level GDPR reviews help organisations enumerate and understand their different data stores, and understand where their processes need updating.
Respond to potential incidents
You cannot prevent every attack, but we can help you in the event of any incident, with digital forensics, internal and technical investigations.
Technical Investigations
Whether it's a compromised server or a stolen email account, we can help get to the bottom of what happened and how. Most importantly, we can help you make sure it won't happen again.
Network Investigation
We can deploy our custom monitored VPN to any device, to allow us to monitor its network traffic for signs of compromise.