Cyber Network Defense


Sophisticated cyber threats and stealthy assaults perpetrated by attackers today exploit the immaturity of the fractured nature of security solutions currently in use by many organizations. DarkMatter’s Cyber Network Defense division provides sophisticated active Cyber Threat Hunting and Incident Readiness and Response services tailored to each client’s unique needs.

Threat Hunting and Assessment

Our elite, highly trained and experienced teams of engineers, mathematicians, software experts, digital defenders and hackers bring a Special Forces-like capability to our assessment and testing operations. Through a holistic and comprehensive approach, we deliver a full-stack security review that’s tailored to each client’s unique needs.

Designed to enable sophisticated defense-in-depth solutions, our assessments and active testing approach helps you prepare for today’s sophisticated, persistent cyber threats and stealthy assault exploits. Our services ensure you are not left vulnerable by immature and fractured security solutions that are so common in many organizations.

Incident Readiness and Response

For us, incident response is not a question of ‘if’, but rather of ‘when’. This means your response must be as robust as your defense. And when a breach does occur, your response must be as rapid and effective as possible to mitigate an attack’s impact. We work extensively across all levels of your organization to ensure you are ready for an attack.

Technical Testing Services

Our Security Assessment teams offer a range of services to help identify and manage threats and vulnerabilities inside your environment. This includes prioritization and mitigation planning and implementation.



Our full breadth of service includes:


Threat Hunting and Assessment


Compromise Assessment

We offer threat hunting engagement through a compromise assessments to help you understand your organization’s full cyber security posture. This includes Network Compromise Assessments that look for signs that network traffic between the client network and the internet are being intercepted. Host compromise assessment reviews systems supported within a host-based enterprise, while behavioral analysis of network traffic looks for outliers that indicate the presence of malicious activity. We also provide an in-depth technical breakdown that details all malicious artefacts and compromised systems and suggests remediation actions.

This assessment can include a threat actor activity summary that details who is behind any malicious activity identified within your organization, in situations where attribution and assessment of the threat can be measured with high confidence.

We proactively and iteratively search your networks and endpoints for the latest known threats based on indicators of compromise (IoCs) and the detection of malicious behavior. These sweeps move beyond traditional rule- or signature-based security solutions to more advanced indicators or artefacts of compromise.

We deploy both manual and machine-assisted techniques that help identify the tactics, techniques and procedures of advanced adversaries and cyber criminals.

Threat Intelligence & Malware Analysis

Drawing on intelligence from local and international Computer Emergency Response Teams (CERTS), leading research and academic institutions, Internet Storm Centres, and Incident of Threat notification platforms around the world, we analyze and consolidate emerging trends and developments in cybercrime to help us understand threat vectors, attack scenarios and attack geolocations.

We analyze attack types and the cybercriminals behind them, using this intelligence to shape short-term remedial responses and build long-term network resilience for our clients.

Key features:

– Advanced Threat Intelligence – We provide high value, enriched, contextualized real-time visibility of threats and threat actors specifically for unique targets, assets or identities.

– Malware and Reverse Engineering – We unravel the most advanced persistent and human morphed threats by deconstructing payloads line by line, whether delivered to desktops, servers or mobile devices.


Cyber Incident Response


We offer two models of support to organizations experiencing an ongoing breach.

Full-Service Emergency Critical Response Team 

Offering end-to-end management and crisis communication, our analysts, malware specialists and forensic experts triage issues and take immediate action.

Consulting Team 

Our experts support your in-house team to augment incident response capabilities, ranging from threat identification to remediation.

Cyber Incident Readiness Planning

Our Readiness Planning service helps you prepare to respond to a cyber-attack by building a tailored response programme that is realistically implementable, based on your people, processes and technologies. We offer table-top exercises and incident scenarios and exercises to test your response plans, as well as comprehensive audits of your baseline response capabilities and plans.


Technical Testing Services


Vulnerability Assessment

Through a sweeping assessment of your organization’s technological environments, we reveal cyber security gaps and weaknesses in wired and wireless infrastructures, network devices, security devices, operating systems, and applications.

Key features:

  • Technical assessment with results prioritized according to the Common Vulnerability Scoring System (CVSS)
  • Testing methodology based on a combination of the Open Source Security Testing Manual (OSSTMM) standard and tailored customer requirements

Penetration Testing

The Penetration Testing service evaluates the robustness of your organization’s current security posture by defining and implementing real-world attack scenarios against the technological target. Specific rules of engagement are established with the organization to protect business continuity during testing.

We provide risk evaluations for the chained exploitation paths related to detected vulnerabilities.

Categories of our Penetration Testing service include:

  • External: attempted breaches from outside an organization’s perimeter security
  • Internal: attacks perpetrated by internal threat adversaries
  • Wireless: attacks directed at wireless technologies and networks
  • Web and Mobile Applications: malicious acts leveraging technological or logical weaknesses or flaws in web and mobile software

Project Zero Red Teaming

DarkMatter’s Project Zero Red Teaming service provides the most robust, real-world challenge available to test the strength of an organization’s end-to-end information security programme. Mimicking the behavior of malicious actors, our specialized strike teams conduct exercises involving goal-oriented attacks designed to target all components of an organization’s security programme.

Cyber-attack goals and markers of success are not provided to you ahead of time, thereby simulating real-world advanced threats that seek to breach your security measures and gain unauthorized access to critical assets.

Like a real attacker, our team seek out weaknesses across your technologies, business processes and security protocols, personnel, and the physical security of an organization, for example, RFI card cloning and unauthorized physical entry.

Industrial Control Systems (ICS) Security Assessment

Designed for the most critical and sensitive Industrial Control Systems (ICS) environments, our security assessment combines proprietary methodologies and technologies and both machine and manual tools to deliver advanced technical testing of networks, field buses, systems, applications, and additional ICS elements.

Key features:

  • Detailed threat modelling and scoping to cover peripheral attack vectors against ICS
  • Security assessment of ICS components (DCS, PLCs, RTUs, HMIs, Data Diodes, Data Historians)
  • State-of-the-art fuzzing and reverse engineering techniques to identify vulnerabilities
  • Assessment of relevant physical security