NCC Group
NCC Group
Key Info
Summary
Incident ExercisingIncident Response
Penetration Testing
Security Operations CentreVulnerability Assessment
STAR-FS Threat Intelligence
STAR-FS Threat Led Penetration TestingThreat Intelligence for Simulated Attack TI (Formerly STAR TI)Threat Led Penetration Testing (Formerly STAR ILPT)About
NCC Group is a people-powered, tech-enabled global cyber security and software escrow business. Driven by a collective purpose to create a more secure digital future, NCC Group has been at the forefront of testing and providing industry-leading services for over 30 years.
Through continuous innovation, timely audits and assessments, our technical expertise enables us to offer threat-led penetration testing, offensive security, and regulatory assurance. All backed by extensive research, threat intelligence, and real-world experience in handling threat actors.
Our accredited consultants specialise in Penetration Testing, Attack Simulation, Incident Response, and Threat Intelligence, providing compliance testing and audits.
Read lessCybersecurity Focus
Accreditations
Receive immediate and continuous support to proactively protect against security incidents. Get primed to manage them while they’re happening and recover quickly so you can return to business as usual.
Our Incident Response services includes:
Incident Response Investigation
Incident Response Managment
Digital Forensics Investigation
Remediation Support
Reverse Engineering Malware Analysis
First Responder Training Courses
Incident Simulations & Table Tops
eDiscovery Services
IR and Forensic Consultancy
Partner Assured Services
NCC Group’s has a comprehensive cyber incident exercising service. As an Assured Service Provider for the NCSC Cyber Incident Exercising (CIE) scheme, we offer high-quality live-play crisis scenarios that test and enhance your incident response plans.
Other 3rd Party Assured Services
Receive immediate and continuous support to proactively protect against security incidents. Get primed to manage them while they’re happening and recover quickly so you can return to business as usual.
Our Incident Response services includes:
Incident Response Investigation
Incident Response Managment
Digital Forensics Investigation
Remediation Support
Reverse Engineering Malware Analysis
First Responder Training Courses
Incident Simulations & Table Tops
eDiscovery Services
IR and Forensic Consultancy
Specialisms
NCC Group’s Global Threat Intelligence practice specialise in the delivery of Intelligence-Led/Threat-Led Penetration Testing (ILPT/TLPT). With extensive experience in delivering these engagements in collaboration with NCC Group’s Full Spectrum Attack Simulation practice, NCC Group are well-positioned to support you as both Threat Intelligence and Pentest Providers. NCC Group have a long-standing history of delivering ILPT/TLPT engagement as well as supporting regulatory bodies globally in the creation and improvement of their ILPT/TLPT Frameworks. From CBEST, STAR-FS and CREST STAR in the UK, TIBER in the EU, iCAST in Hong Kong, AASE in Singapore, FEER in Saudi Arabia and CORIE in Australia, NCC Group has a fully qualified and experienced team supporting the financial services sector. NCC Group’s team have a vast amount of experience in delivering ILPT/TLPT to non-finance sector organisations through frameworks such as GBEST, TBEST and GCASE. Our years of experience in the regulatory red teaming space, particularly with TIBER, also means that we have an experienced and qualified team able to support organisations through DORA TLPT. NCC Group’s Threat Intelligence services are focussed on providing clients with timely, actionable intelligence focussed on the business implications of both the threat and threat mitigation activities. Our intelligence is developed from a broad spectrum of intelligence sources and underpinned by deep technical understanding. Analysis of threat actors, their intent and capability, is combined with a comprehensive knowledge of threat vectors, target systems and their vulnerabilities. Armed with a comprehensive array of threat intelligence, NCC Group’s Global Threat Intelligence practice can support you with the delivery of a CREST STAR G-Cloud
NCC Group’s Global Threat Intelligence practice specialise in the delivery of Intelligence-Led/Threat-Led Penetration Testing (ILPT/TLPT). With extensive experience in delivering these engagements in collaboration with NCC Group’s Full Spectrum Attack Simulation practice, NCC Group are well-positioned to support you as both Threat Intelligence and Pentest Providers. NCC Group have a long-standing history of delivering ILPT/TLPT engagement as well as supporting regulatory bodies globally in the creation and improvement of their ILPT/TLPT Frameworks. From CBEST, STAR-FS and CREST STAR in the UK, TIBER in the EU, iCAST in Hong Kong, AASE in Singapore, FEER in Saudi Arabia and CORIE in Australia, NCC Group has a fully qualified and experienced team supporting the financial services sector. NCC Group’s team have a vast amount of experience in delivering ILPT/TLPT to non-finance sector organisations through frameworks such as GBEST, TBEST and GCASE. Our years of experience in the regulatory red teaming space, particularly with TIBER, also means that we have an experienced and qualified team able to support organisations through DORA TLPT. NCC Group’s Threat Intelligence services are focussed on providing clients with timely, actionable intelligence focussed on the business implications of both the threat and threat mitigation activities. Our intelligence is developed from a broad spectrum of intelligence sources and underpinned by deep technical understanding. Analysis of threat actors, their intent and capability, is combined with a comprehensive knowledge of threat vectors, target systems and their vulnerabilities. Armed with a comprehensive array of threat intelligence, NCC Group’s Global Threat Intelligence practice can support you with the delivery of a CREST STAR G-Cloud
Partner Assured Services
NCC Group’s Global Threat Intelligence practice specialise in the delivery of Intelligence-Led/Threat-Led Penetration Testing (ILPT/TLPT). With extensive experience in delivering these engagements in collaboration with NCC Group’s Full Spectrum Attack Simulation practice, NCC Group are well-positioned to support you as both Threat Intelligence and Pentest Providers. NCC Group have a long-standing history of delivering ILPT/TLPT engagement as well as supporting regulatory bodies globally in the creation and improvement of their ILPT/TLPT Frameworks. From CBEST, STAR-FS and CREST STAR in the UK, TIBER in the EU, iCAST in Hong Kong, AASE in Singapore, FEER in Saudi Arabia and CORIE in Australia, NCC Group has a fully qualified and experienced team supporting the financial services sector. NCC Group’s team have a vast amount of experience in delivering ILPT/TLPT to non-finance sector organisations through frameworks such as GBEST, TBEST and GCASE. Our years of experience in the regulatory red teaming space, particularly with TIBER, also means that we have an experienced and qualified team able to support organisations through DORA TLPT. NCC Group’s Threat Intelligence services are focussed on providing clients with timely, actionable intelligence focussed on the business implications of both the threat and threat mitigation activities. Our intelligence is developed from a broad spectrum of intelligence sources and underpinned by deep technical understanding. Analysis of threat actors, their intent and capability, is combined with a comprehensive knowledge of threat vectors, target systems and their vulnerabilities. Armed with a comprehensive array of threat intelligence, NCC Group’s Global Threat Intelligence practice can support you with the delivery of a CREST STAR G-Cloud
Other 3rd Party Aligned Services
NCC Group’s Global Threat Intelligence practice specialise in the delivery of Intelligence-Led/Threat-Led Penetration Testing (ILPT/TLPT). With extensive experience in delivering these engagements in collaboration with NCC Group’s Full Spectrum Attack Simulation practice, NCC Group are well-positioned to support you as both Threat Intelligence and Pentest Providers. NCC Group have a long-standing history of delivering ILPT/TLPT engagement as well as supporting regulatory bodies globally in the creation and improvement of their ILPT/TLPT Frameworks. From CBEST, STAR-FS and CREST STAR in the UK, TIBER in the EU, iCAST in Hong Kong, AASE in Singapore, FEER in Saudi Arabia and CORIE in Australia, NCC Group has a fully qualified and experienced team supporting the financial services sector. NCC Group’s team have a vast amount of experience in delivering ILPT/TLPT to non-finance sector organisations through frameworks such as GBEST, TBEST and GCASE. Our years of experience in the regulatory red teaming space, particularly with TIBER, also means that we have an experienced and qualified team able to support organisations through DORA TLPT. NCC Group’s Threat Intelligence services are focussed on providing clients with timely, actionable intelligence focussed on the business implications of both the threat and threat mitigation activities. Our intelligence is developed from a broad spectrum of intelligence sources and underpinned by deep technical understanding. Analysis of threat actors, their intent and capability, is combined with a comprehensive knowledge of threat vectors, target systems and their vulnerabilities. Armed with a comprehensive array of threat intelligence, NCC Group’s Global Threat Intelligence practice can support you with the delivery of a CREST STAR G-Cloud
Accreditations
NCC Group’s Attack Surface Management services offer comprehensive solutions, including fully managed vulnerability scanning, compliance and bespoke services. These aim to help organizations identify their attack surface and enhance the security of their web applications, and internal and external infrastructure. Through tailored programs of continuous vulnerability scanning and exposure monitoring, we ensure robust protection. Our services are supported by exceptional technical teams and Subject Matter Experts.
NCC Group’s world-class security consultants and certified ethical hackers conduct real-world exercises to emulate cyber-attacks your networks, systems, and applications could face.
NCC Group help businesses understand their exposure to potential risks, counter threats to critical assets, and protect their reputation. By identifying both your cyber security strengths and weaknesses, pen testing allows you to address technical risks across your entire attack surface. This proactive approach provides the insights needed to prevent attackers from exploiting vulnerabilities and causing damage.
We can offer:
Infrastructure penetration testing
Application security testing
Network security testing
Remote access security testing
Wireless security testing
Mobile security testing
Through the application of rigorous methodologies, the use of automated scanning tools, customised proprietary scripts and manual techniques, we test for exploitable vulnerabilities that could allow unauthorised access to key information assets.
Our reports detail the security vulnerabilities within your infrastructure that could potentially be exploited in an attack. They also recommend the best methods to secure the environment based on your unique internal business requirements and industry best practices.
Other 3rd Party Assured Services
NCC Group fields the UK’s largest CHECK team, drawing upon a rich twenty-year heritage dedicated to supporting the NCSC’s CHECK scheme. Our team is primarily composed of highly skilled CHECK Team Leaders (CTLs) whose deep-rooted expertise spans both the Infrastructure and Application disciplines This foundational strength is significantly enhanced by extensive experience and certifications in advanced domains such as Red Teaming, Cloud Security, and other emerging technologies, equipping consultants the ability to assess both traditional implementations or the complexities of modern solutions.
Partner Assured Services
NCC Group’s regulatory and compliance specialists, and aviation sector experts help our clients demystify, implement and assess compliance to Government requirements as set out in the CAA ASSURE scheme. Our team can identify the gaps in your controls and provide pragmatic and realistic recommendations to both deliver and support remediation and achieve your compliance requirements. We have ASSURE Cyber Professionals accredited to conduct audits in all three of the following specialisms: Cyber Audit & Risk Management, Technical Cyber Security, and Industrial Control System.
Accreditations
NCC Group’s Security Operations Center (SOC) integrates with their Managed Extended Detection and Response (MXDR) to deliver comprehensive threat protection.
Operating continuously, the SOC promptly addresses suspicious activities using proprietary threat intelligence and custom detections tailored to each organization’s risk profile.
This SOC-MXDR integration enables rapid threat containment through MFA verification and swift asset isolation. By combining automation with human expertise, the system reduces false positives, allowing security teams to focus on genuine threats. Providing enhanced visibility across multi-cloud, data security, DevOps, OT, and IoT environments, giving organizations a clear understanding of their security posture for effective incident response.
Specialisms
NCC Group’s Full Spectrum Attack Simulation practice specialise in the delivery of Intelligence-Led/Threat-Led Penetration Testing (ILPT/TLPT). With extensive experience in delivering these engagements in collaboration with NCC Group’s Global Threat Intelligence practice, NCC Group are well-positioned to support you as both Threat Intelligence and Pentest Providers. NCC Group have a long-standing history of delivering ILPT/TLPT engagement as well as supporting regulatory bodies globally in the creation and improvement of their ILPT/TLPT Frameworks. From CBEST, STAR FS and CREST STAR in the UK, TIBER in the EU, iCAST in Hong Kong, AASE in Singapore, FEER in Saudi Arabia and CORIE in Australia NCC Group has a fully qualified and experienced team supporting the financial services sector. Our team have a vast amount of experience in delivering ILPT/TLPT to non-finance sector organisations through frameworks such as GBEST, TBEST and GCASE. Our years of experience in the regulatory red teaming space, particularly with TIBER, also means that we have an experienced and qualified team able to support organisations through DORA TLPT. NCC Group’s Attack Simulation services are focussed on the delivery of threat intelligence-led red team scenarios, delivered by our world-class red team, to replicate real world threats. We help organisations to understand if they are susceptible to and can Prevent, Detect or Respond to real-world threats by demonstrating what a threat actor could achieve and the potential impact this may have. Supported by NCC Group’s exploit development and research group, our red team is comprised of dedicated and experienced operators capable of providing advance attack simulations. Armed with a combination of commercially available, open-source and proprietary tooling and tradecraft, NCC Group’s Full Spectrum Attack Simulation practice can support you with the delivery of a CREST STAR G-Cloud
NCC Group’s Full Spectrum Attack Simulation practice specialise in the delivery of Intelligence-Led/Threat-Led Penetration Testing (ILPT/TLPT). With extensive experience in delivering these engagements in collaboration with NCC Group’s Global Threat Intelligence practice, NCC Group are well-positioned to support you as both Threat Intelligence and Pentest Providers. NCC Group have a long-standing history of delivering ILPT/TLPT engagement as well as supporting regulatory bodies globally in the creation and improvement of their ILPT/TLPT Frameworks. From CBEST, STAR FS and CREST STAR in the UK, TIBER in the EU, iCAST in Hong Kong, AASE in Singapore, FEER in Saudi Arabia and CORIE in Australia NCC Group has a fully qualified and experienced team supporting the financial services sector. Our team have a vast amount of experience in delivering ILPT/TLPT to non-finance sector organisations through frameworks such as GBEST, TBEST and GCASE. Our years of experience in the regulatory red teaming space, particularly with TIBER, also means that we have an experienced and qualified team able to support organisations through DORA TLPT. NCC Group’s Attack Simulation services are focussed on the delivery of threat intelligence-led red team scenarios, delivered by our world-class red team, to replicate real world threats. We help organisations to understand if they are susceptible to and can Prevent, Detect or Respond to real-world threats by demonstrating what a threat actor could achieve and the potential impact this may have. Supported by NCC Group’s exploit development and research group, our red team is comprised of dedicated and experienced operators capable of providing advance attack simulations. Armed with a combination of commercially available, open-source and proprietary tooling and tradecraft, NCC Group’s Full Spectrum Attack Simulation practice can support you with the delivery of a CREST STAR G-Cloud
Partner Assured Services
NCC Group’s Full Spectrum Attack Simulation practice specialise in the delivery of Intelligence-Led/Threat-Led Penetration Testing (ILPT/TLPT). With extensive experience in delivering these engagements in collaboration with NCC Group’s Global Threat Intelligence practice, NCC Group are well-positioned to support you as both Threat Intelligence and Pentest Providers. NCC Group have a long-standing history of delivering ILPT/TLPT engagement as well as supporting regulatory bodies globally in the creation and improvement of their ILPT/TLPT Frameworks. From CBEST, STAR FS and CREST STAR in the UK, TIBER in the EU, iCAST in Hong Kong, AASE in Singapore, FEER in Saudi Arabia and CORIE in Australia NCC Group has a fully qualified and experienced team supporting the financial services sector. Our team have a vast amount of experience in delivering ILPT/TLPT to non-finance sector organisations through frameworks such as GBEST, TBEST and GCASE. Our years of experience in the regulatory red teaming space, particularly with TIBER, also means that we have an experienced and qualified team able to support organisations through DORA TLPT. NCC Group’s Attack Simulation services are focussed on the delivery of threat intelligence-led red team scenarios, delivered by our world-class red team, to replicate real world threats. We help organisations to understand if they are susceptible to and can Prevent, Detect or Respond to real-world threats by demonstrating what a threat actor could achieve and the potential impact this may have. Supported by NCC Group’s exploit development and research group, our red team is comprised of dedicated and experienced operators capable of providing advance attack simulations. Armed with a combination of commercially available, open-source and proprietary tooling and tradecraft, NCC Group’s Full Spectrum Attack Simulation practice can support you with the delivery of a CREST STAR G-Cloud
Other 3rd Party Aligned Services
NCC Group’s Full Spectrum Attack Simulation practice specialise in the delivery of Intelligence-Led/Threat-Led Penetration Testing (ILPT/TLPT). With extensive experience in delivering these engagements in collaboration with NCC Group’s Global Threat Intelligence practice, NCC Group are well-positioned to support you as both Threat Intelligence and Pentest Providers. NCC Group have a long-standing history of delivering ILPT/TLPT engagement as well as supporting regulatory bodies globally in the creation and improvement of their ILPT/TLPT Frameworks. From CBEST, STAR FS and CREST STAR in the UK, TIBER in the EU, iCAST in Hong Kong, AASE in Singapore, FEER in Saudi Arabia and CORIE in Australia NCC Group has a fully qualified and experienced team supporting the financial services sector. Our team have a vast amount of experience in delivering ILPT/TLPT to non-finance sector organisations through frameworks such as GBEST, TBEST and GCASE. Our years of experience in the regulatory red teaming space, particularly with TIBER, also means that we have an experienced and qualified team able to support organisations through DORA TLPT. NCC Group’s Attack Simulation services are focussed on the delivery of threat intelligence-led red team scenarios, delivered by our world-class red team, to replicate real world threats. We help organisations to understand if they are susceptible to and can Prevent, Detect or Respond to real-world threats by demonstrating what a threat actor could achieve and the potential impact this may have. Supported by NCC Group’s exploit development and research group, our red team is comprised of dedicated and experienced operators capable of providing advance attack simulations. Armed with a combination of commercially available, open-source and proprietary tooling and tradecraft, NCC Group’s Full Spectrum Attack Simulation practice can support you with the delivery of a CREST STAR G-Cloud
NCC Group’s Full Spectrum Attack Simulation practice specialise in the delivery of Intelligence-Led/Threat-Led Penetration Testing (ILPT/TLPT). With extensive experience in delivering these engagements in collaboration with NCC Group’s Global Threat Intelligence practice, NCC Group are well-positioned to support you as both Threat Intelligence and Pentest Providers. NCC Group have a long-standing history of delivering ILPT/TLPT engagement as well as supporting regulatory bodies globally in the creation and improvement of their ILPT/TLPT Frameworks. From CBEST, STAR FS and CREST STAR in the UK, TIBER in the EU, iCAST in Hong Kong, AASE in Singapore, FEER in Saudi Arabia and CORIE in Australia NCC Group has a fully qualified and experienced team supporting the financial services sector. Our team have a vast amount of experience in delivering ILPT/TLPT to non-finance sector organisations through frameworks such as GBEST, TBEST and GCASE. Our years of experience in the regulatory red teaming space, particularly with TIBER, also means that we have an experienced and qualified team able to support organisations through DORA TLPT. NCC Group’s Attack Simulation services are focussed on the delivery of threat intelligence-led red team scenarios, delivered by our world-class red team, to replicate real world threats. We help organisations to understand if they are susceptible to and can Prevent, Detect or Respond to real-world threats by demonstrating what a threat actor could achieve and the potential impact this may have. Supported by NCC Group’s exploit development and research group, our red team is comprised of dedicated and experienced operators capable of providing advance attack simulations. Armed with a combination of commercially available, open-source and proprietary tooling and tradecraft, NCC Group’s Full Spectrum Attack Simulation practice can support you with the delivery of a CREST STAR G-Cloud