Security Tools

Comprehensive incident readiness platform. Tiered assessment across 8 domains and 40 controls with sector overlays for 10 regulated industries, threat profiling, live maturity radar with peer benchmarking, evidence status tracking, improvement plan with owner and due date fields, retest tracking, 8 tabletop exercise scenarios with inject-based facilitation, AI-assisted gap narrative, and full PDF report generation. Saves and loads state in-browser.

Step-by-step triage tool for active cyber incidents. Determines severity (P0–P4), when to assemble an IMT, when to engage external DFIR, and who to notify. Every decision point includes an "unknown" path for honest triage under uncertainty. Actionable initial steps sized for large enterprise environments.

Visual guide to the cyber incident lifecycle phases — from initial detection through containment, eradication, recovery and lessons learned. Reference tool for incident responders and SOC teams.

Full interactive assessment tool covering all 41 Contributing Outcomes across 4 objectives and 14 principles of the NCSC Cyber Assessment Framework v4.0 (August 2025). Includes risk matrix, improvement plan, maturity radar and exportable report.

Map and visualise your organisation's cyber security maturity across key capability domains. Score capabilities against a defined maturity model to identify gaps, track improvement over time and produce a prioritised development roadmap.

Assess and visualise the effectiveness of security controls mapped across threat categories. Rate controls by coverage and effectiveness to identify gaps and optimise your defensive posture.

Interactive reference tool for Cyber Security Requirements tiering. Classify organisations or systems by tier based on criticality, data sensitivity and threat exposure, with mapped control expectations per tier.

Structured evaluation tool based on the CREST Cyber Incident Simulation Review (CISR) maturity model. Assesses IR capability across 8 domains — Governance, Detection & Alerting, IR Capability, Regulatory Reporting, People & Skills, Technical Tooling, Recovery & BCP, and Continuous Improvement. Scored 0–4 per question with evidence prompts, per-domain radar, and auto-generated engagement timeline, budget band and resourcing plan.

Interactive cyber risk matrix for plotting and managing risks by likelihood and impact. Supports custom risk entries, risk scoring, and visual risk appetite overlay to prioritise treatment decisions.

Reference profiles for key threat actor groups — covering motivations, typical TTPs, targeted sectors and geographic focus. Useful for threat modelling, risk assessments and briefing stakeholders.

End-to-end threat intelligence workflow covering the full intelligence lifecycle — from requirements and collection through processing, analysis, dissemination and feedback. Covers CVE/zero-day prioritisation, infrastructure intelligence, email security (DMARC/DKIM/SPF), credential exposure, TLP framework, STIX/TAXII, and feed targets across SIEM, EDR, firewall, vuln management and executive briefing.

Comprehensive cyber threat intelligence reference covering the full intelligence lifecycle, source taxonomy, intelligence types beyond IOCs, DMARC/DKIM/SPF email security intelligence, TLP framework, STIX 2.1 / TAXII 2.1 structured sharing, and dissemination targets. Reference companion to the TI Workflow tool.

Interactive reference covering the primary cyber regulations, frameworks, and incident notification obligations across 10 UK industry sectors. UK-primary with EU, US, and global overlays for international organisations. Expandable regulation cards with core obligations, notification windows, regulatory contacts, and maximum penalty exposure per sector.

Browser-based Digital Forensics and Incident Response analysis dashboard. Upload and parse triage artefacts, visualise event timelines, surface ransomware and threat indicators, and track investigation findings — all client-side with no data leaving the browser.

Step-by-step investigation checklist for Windows endpoints in a networked environment. Covers 8 investigation phases: scoping & initial response, log source collection (Windows event logs, Sysmon, EDR, network, cloud), key event ID reference, filesystem artefacts (MFT, USN Journal, Prefetch, AmCache, Shellbags), registry forensics, memory forensics (Volatility 3 workflow), network forensics, and threat actor TTPs & LOLBin abuse. Includes per-item notes, progress tracking, and report export.

Demonstration client portal for managed security services — showcasing how security findings, incident updates, reports and risk posture can be presented to clients in a clean, professional interface.