CREST Marketplace

LRQA is a CREST STAR approved Threat Intelligence (TI) and Penetration Testing (PT) provider, delivering in-depth assessments for clients across the globe. STAR engagements commence with a comprehensive Threat Intelligence assessment of the likely threats that are relevant to an organisation, including a view on your digital attack surface. This is then followed by an in-depth Penetration Test/Red Team assessment against the credible scenarios and likely threats posed in the TI report to stress test your organisations controls and cyber resilience.

LRQA delivers intelligence led penetration testing through bespoke engagements that are tailored to our client’s individual requirements. In additional to providing assurance around both defence and response capability, our services enable our clients to have confidence in their ability to respond to the evolving threat landscape.

We understand that cyber transcends people, process and technology. As a consequence, our consultants all have strong communication skills and are comfortable presenting to technologists and the board alike.

LRQA is one of only a handful of CBEST approved service providers to be accredited by both CREST and the Bank of England as CBEST Penetration Testing and CBEST Threat Intelligence providers. This unique capability allows us to provide our clients with end-to-end CBEST services.

LRQA is fully experienced and seasoned to guide you on your TIBER cyber security journey, catering for the scale and complexity of a multi stakeholder testing engagement, delivering a fully collaborative, risk managed engagement where there is cross border acceptance of testing results.

A key differentiator for LRQA is our dedicated Research and Innovation team who are at the forefront of the industry, creating new tools and techniques to further our capability. This team proactively gathers CTI and has implemented a global honeypot network with over 200 nodes distributed around the world, including strategically placed devices in key global services hubs.

“A defined and managed approach when responding to a breach or attack of an information asset which affects the confidentiality, integrity or availability of the data.”

LRQA provides a customised approach to Incident Response helping our customers understand and identify any potential gaps within their environment, adopt suitable policies and procedures and schedule response to security breaches or attacks.

LRQA proudly announces its status as an Assured Service Provider in the newly launched National Cyber Security Centre (NCSC) Cyber Incident Exercising (CIE) scheme. In collaboration with CREST and IASME, this scheme provides organisations with access to trusted cybersecurity providers that can test the effectiveness of cyber incident response plans and strengthen incident management processes.

As a recognised Assured Service Provider, LRQA offers tailored tabletop and live-play cyber incident exercises. These exercises, designed for a single client organisation, allow participants to discuss and practice their roles and responsibilities in a controlled environment.

LRQA has become a Standard Level NCSC Cyber Incident Response (CIR) Assured Service Provider after proving its incident response capabilities, competence, and experience against the NCSC CIR Standard Level Technical Standards.

The NCSC Cyber Incident Response scheme is well established and helps organisations experiencing a cyber attack quickly and easily identify trusted providers of commercial incident response services. These assured companies support organisations to investigate and recover from a cyber attack and advise on how they can prevent future attacks.

The CIR Standard Level scheme has been introduced to complement the original CIR scheme, which will now be re-designated as CIR Enhanced Level. CIR Standard Level aims to assure providers against a different standard, which calls for a more widely attainable level of technical experience to widen the supply of assured CIR providers.

The requirements of the CIR Standard Level standards are designed to support target organisations which are at risk of common cyber attacks. Such organisations are likely to include most private sector organisations, charities, Local Authorities and smaller public sector organisations and organisations which operate predominantly in the UK.

LRQA is the trusted provider to many of the largest financial services organizations in the world and regularly engages with critical national infrastructure to deliver assurance across their cyber security landscape. In November 2018, LRQA and Lloyds Register entered in to a formal teaming agreement with Thales to develop sophisticated assurance services focused on the transportation industry. This is focused on Maritime, Aviation and Automotive cyber security.

Alongside a highly capable team of technical assurance testers, LRQA also provides a team of cyber security consultants experienced in defining cyber strategy, performing assessments against a wide range of compliance standards and regulations and advising and offering pragmatic security best practice guidance. This includes a broad range of disciplines including risk assessments, security awareness training, technical design and architecture, threat intelligence and detect and respond maturity.

ASSURE Membership No: 20S001040

Our Cyber Threat Intelligence services can be accessed through four different products:

Targeted Attack & Response Scenario Planning – inc. Threat Actor discover/attack surface analysis
Technical Threat Intelligence Data Feeds – Consumed within our SOC Managed services
Incident Response Investigations – Using our Intelligence Platforms and Analysts to trace threat actor intents, motivations and sources
Bespoke CTI Products and Services – Service tailored to events, geographies or your specific needs

LRQA is one of only a handful of CBEST approved service providers to be accredited by both CREST and the Bank of England as CBEST Penetration Testing and CBEST Threat Intelligence providers. This unique capability allows us to provide our clients with end-to-end CBEST services.

As an independent, global provider of penetration testing services, LRQA carries out Cyber Security Assurance, Security Auditing, and Risk Management services in some of the most high profile organisations across the world. Our depth and breadth of experience enable us to deliver focused engagements that address vulnerabilities in web and mobile applications, infrastructure, and cloud, in addition to physical security and social engineering.

LRQA’s Managed Vulnerability Scanning (MVS) service provides the most highly accredited expertise combined with Gartner Magic Quadrant leading security technology to deliver industry-leading protection for your organisation. Our approach is proactive and threat led; informed by our offensive and threat intelligence teams to shape our defensive stance and protect against the latest threats, providing in-depth unrivalled detection and alerting capability where it is needed most.

There are many benefits of having MVS capabilities in place to help protect your environment and provide a proactive stance against threats to your organisation:

Improved security and control
Fast identification of vulnerabilities before external threats can take advantage of them
Continuous threat visibility and reporting across your environment – all of the time
Eliminate blind spots across your environment
Contributes to meeting compliance, governance, and data protection requirements
Operational efficiencies – scanning is repeatable, automated, and efficient meaning you get repeatable results
Vulnerability prioritisation – know what to remediate first
Patch management – vulnerability scanning can enhance and evolve your existing patch management program

We are proud to be one of a handful of companies worldwide that are certified by CREST across all their key disciplines. Our team of consultants have achieved the highest accreditations for Penetration Testing, Red Teaming, Incident Response, Threat Intelligence, and now Application Security due to our ability to deliver against OVS Penetration Tests. In parallel, we were the first organisation to be accredited for our Security Operation Centre (SOC) services.

We are proud to be one of a handful of companies worldwide that are certified by CREST across all their key disciplines. Our team of consultants have achieved the highest accreditations for Penetration Testing, Red Teaming, Incident Response, Threat Intelligence, and now Application Security due to our ability to deliver against OVS Penetration Tests. In parallel, we were the first organisation to be accredited for our Security Operation Centre (SOC) services.

LRQA’s Security Operations Centre (SOC) Service offerings are built around advanced detection and response tooling supported by automation and orchestration capabilities. These are combined with our expert award-winning SOC Operations team who have the right tools to protect your environment, no matter where it is.

LRQA’s SOC-as-a-Service provides coverage where it’s needed most.

SOC-as-a-Service includes:

– 24/7 x 365 expert analysts
– Choose one or all of our managed Service components that allows you to tailor the security service based on the security requirements of your environment and business:
– SIEM: Log ingestion, event correlation, and alerting
– EDR: Next-generation endpoint detection and response
– EPP: Endpoint protection platform, Next generation and market-leading protection
– Deception Technology: Advanced adversary detection across enterprise environments using deception technology.