SECARMA LIMITED

Objective Led Testing and Red Team/Purple Team Services

Red Teaming involves a comprehensive and methodical cybersecurity assessment where expert teams simulate real-world cyberattacks on an organisation’s systems, networks, and personnel to uncover vulnerabilities, weaknesses, and security gaps. This proactive approach aims to enhance the organisation’s defences and preparedness against actual threats.

Features

• Mimics the TTPs of real attackers to provide authentic testing
• Carefully planned scoping specifically addresses the client’s security objectives
• Evaluates social engineering, network security, applications and endpoint security capabilities
• Utilises bespoke infrastructure and malware to test against complex threats
• Define bespoke capture the flag format objectives
• Aligned to the MITRE ATT&CK framework
• Reporting and recommendations available for various stakeholders
• Can be approached as Red Team or Purple Team engagement

Benefits

• Helps discover and mitigate vulnerabilities that regular security tests overlook
• Provides insights which fortify defences and enhance organisational security posture
• Evaluates an organisation’s detection and response capabilities
• Offers practical learning experiences for security teams enhancing defensive capabilities
• Includes assessments of third-party and supply chain risks
• Measure effectiveness of SOC & SIEM offerings
• Designed to simulate real-world attack scenarios
• Dedicated Principal Consultant, Service Delivery Manager and Account Manager assigned

£900 to £1,200 a unit a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at accounts@secarma.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

469814750338181

Contact

Megan Evans
0161 513 0960
accounts@secarma.com

Planning

• Planning service: No

Training

• Training service provided: No

Setup and migration

• Setup or migration service available: No

Quality assurance and performance testing

• Quality assurance and performance testing service: No

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Cyber security consultancy
  • Security testing
  • Security audit services
  • Other
• Other security services:
  • Internal Infrastructure Penetration Testing
  • Social Engineering Assessments
  • Physical Security Assessments
  • Defanged Ransomware Assessments
  • Phishing Assessments
• Certified security testers: Yes
• Security testing certifications:
  • CREST
  • Tigerscheme
  • Other
• Other security testing certifications:
  • CRTO
  • CRTL
  • OSCE
  • OSCP

Ongoing support

• Ongoing support service: No

Service scope

• Service constraints: Red Team activities consume highly experienced technical resources and as such attached consultants to this type of project work carry a longer lead-time between order and delivery. Lead times often vary and should be considered during the planning phase.; ; Where systems require testing outside of Secarma’s office hours (9am-5:30pm), this is considered chargeable at a higher rate and can be subject to longer lead times to accommodate this type of request.; ; Although Red Team engagements are positioned and seen as real-world attack simulation, Secarma will always be bound by the appropriate laws and other scope limitations agreed with the customer.

User support

• Email or online ticketing support: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: Secarma provides comprehensive support during the full service delivery process for our Objective Led Testing, Red Team or Purple Team exercises.; ; From pre-test scoping assistance (such as helping the organisation to select the appropriate level of simulated threat actor intelligence and in-scope tactics, techniques and procedures), providing guidance on the most efficient levels of access and attack footholds provided for attack simulations as well as training and advice following completion of the testing window on how to interpret and benchmark the provided results and recommendations.; ; Support services outside of the proposed engagement are priced based upon the technical resource it requires and is calculated based upon the subject matter experts associated daily rate for penetration testing.; ; All engagements are assigned a principal consultant technical resource and a dedicated account manager for aiding with project management, commercial negotiations and resource scheduling.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 23/04/2022
• What the ISO/IEC 27001 doesn’t cover: Nothing- full portfolio of services included within scope
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  During the delivery of any customer contracts, Secarma are always looking for ways to reduce our carbon footprint. Our management team have approved our commitment to halve our overall carbon emissions by 2030.; ; To support this, we have developed processes to allow for remote delivery of the majority of our testing and audit services which has drastically reduced our carbon footprint through the reduce need for consultants to travel to site. Unless expressly requested by a customer during delivery of our contractual services. Secarma will always look to deliver engagements remotely to minimise our carbon footprint and impact.; ; Outside of this we have implented the following processes to improve our commitment to help fight climate change:; ; We separate our waste to reduce the amount sent to landfill.; We promote a paperless office approach but use 100% recycled paper where necessary.; We are committed to reducing our environmental impact by using collaborative tools to reduce travel needs.; Our ‘Cycle to Work’ scheme provides vouchers to encourage better ways to travel to the office.; We encourage the use of public transport and car sharing and have schemes in place. Travel card loans are available to encourage use of public transport.; Staff members have access to our Electric Vehicle leasing scheme with Octopus.; We promote a high level of recycling activities and encourage our staff to reduce single use plastic.

  Covid-19 recovery

  During COVID-19 Secarma transitioned to a remote working model immediately with our employees having the immediate ability to work from home as they had personal work laptops and mobile phones. We have also invested in remote working and webinar tools such as Microsoft Teams which enables us to communicate and collaborate effectively internally and with customers whilst working from home and reduces the need to travel for onsite meetings. This resulted in a efficient period of transition and supported our teams to continue delivering services without customer impact to the same high standard.; ; On any contracted service Secarma will endeavour to support organisations and businesses to manage and recover from the impacts of COVID-19, including the remote delivery of services where appropriate to limit the risk of COVID-19 transmission and any financial costs for our customer such as expenses.

  Tackling economic inequality

  Throughout Secarma’s growth and expansion, we as a business have created new jobs and developed skills to tackle economic equality and through our security assurance and consultancy offerings. Help our customers to identify gaps within their information security teams which could be filled via recruitment activities or staff training and development.; ; Secarma have tackled this challenge by rethinking our corporate social responsibility and recruitment policies and requirements. Allowing us to explore conversations with candidates who have been unsuccessful or unlucky in previous recruitment opportunities, designed collaborative initiatives with universities and school leavers, implement more flexible hybrid working policies, put a greater emphasis on investment in skills and career development for internal staff members and ensuring all staff members earn a living wage.; ; By doing this we also add value to our customer engagements by reviewing risks within their own supply chains which may not have been considered such as legacy, unauthorised or vetted subcontractors or suppliers, excessive working hours that could lead to a disgruntled employee becoming an insider threat, deviations from social media or branding best practices that could lead to potential defamation risks alongside many others.

  Equal opportunity

  Secarma have defined ‘Equal Opportunity’ and ‘Equality and Diversity’ policies in line with our ISO policies and management systems. Which outline our commitment to providing equal opportunities to all employees. These are taken into consideration across the delivery of all customer engagements within the scope of a proposed customer contract and when looking to recruit new staff members or explore career progression opportunities for staff members.

  Wellbeing

  To ensure Secarma staff are happy, healthy and feel like they have a safe environment they can succeed and excel in even when non office based and working remotely. ; ; We set ourselves the aim of creating an open door culture that promoted openness to remove stigma around mental health concerns and honesty on tackling mental and physical health challenges. We implemented several mental and physical wellbeing initiatives that are available to all staff members. These include:; Dedicated Mental Health First Aiders- Our MHFA team members play a key role in supporting colleagues across the company.; External access to trained specialist counsellors where required; AXA Doctor at Hand - providing a private online GP service, available 24x7 for all staff members.; Access to AXA Private Medical Insurance; Quarterly Team Building Events, Socials and our Annual Snowdon Hiking Trip and Skills School; Saved links to commonly used external support and mental health services - including Samaritans, Mind, CALM, Anxiety UK, Mind Out and several smaller community charities.; ; Additionally, all members of the Secarma Leadership and Management Team have an Open Door Policy and are available if employees need someone to talk to without having to go through their line manager.

Pricing

• Price: £900 to £1,200 a unit a day
• Discount for educational organisations: Yes

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at accounts@secarma.com. Tell them what format you need. It will help if you say what assistive technology you use.