GRC Viewpoint

Diagon Consulting: A Proactive and Visionary Approach to Penetration Testing

CHAD RAMIREZ

Director

Geographical expansion has always been a critical focus area for the firm. Diagon’s expansion plans into the U.S. and Canada were fruitful.

In the present cyber world, penetration testing has turned out to be something that enterprises cannot overlook. In a scenario marked by ever-altering cyberspace, penetration testing is expected to remain critical, at least in the imminent years and beyond. The most effective way to reduce security risks for companies and their end users is to utilize the appropriate tools (technology, people and process) in combination with regular and thorough vulnerability and penetration testing. Penetration testing experts are encountering new challenges. In simple words, more and more companies are relying on penetration testing less as a compliance “must-have”, but as a direct response to ever-increasing cyber security incidents. Boards, Audit Committees and Executive management alike are asking more questions of their IT and security team around their cyber posture and maturity. What the pen testing industry requires the most is an outside-of-the-box approach. Diagon Consulting, with presence in both North America and the Caribbean understands the scenario perfectly.

Diagon was born as an IT consulting company specializing in emerging and disruptive technologies such as blockchain, Internet of Things (IoT), robotics etc. Later, they created a cyber-security vertical with a Security Operations Centre erected to provide a full suite of cyber services including 24x7x365 Monitoring, Detection and Incident Response. These services span both diagnostic as well as solution implementation services. It is this ability to operate on both ends of the spectrum (providing assessments as well as implementing fixes and closing cyber gaps) that uniquely positions and differentiates Diagon. In the cyber penetration testing world, Diagon’s services are equally varied and vast. It includes not only the traditional external (including web application) and internal penetration testing services, but also wireless, social engineering including phishing, SAP/Oracle application testing, blockchain and IoT, cloud, application code review (white box review) etc. Furthermore, the team helped design bug bounty programmes, breach and attack simulations as an alternative to pen testing.

THE SOLUTIONS

Diagon Consulting employs a combination of solutions to ensure efficient and effective pen testing. Chad Ramirez, Director stated: “At Diagon, we have two arms of the business – cybersecurity and automation through emerging technology. A case in point re the latter is our blockchain and Internet of Things (IoT) offering – with this implementation expertise drawn from our technology consultants, our cyber teams including pen testers are better equipped to provide deep insight into the cyber risk related to these technologies.” Pen testing is generally considered a diagnostic exercise, an assessment – it is a point-in-time cyber review providing insight into the robustness of the technology being assessed – network (internal or external), application etc. Diagon’s cyber services go way beyond assessments to implementations.

After vulnerabilities are identified as part of a vulnerability or penetration tests, Diagon cyber experts work with their clients to implement fixes including solution implementations – data loss, Network Artificial Intelligence (AI), Secure Access Service Edge (SASE) to name just a few. Additionally, their Security Operational Centre (SOC) provides Monitoring, Detection and Incident Response 24x7x365, including darknet and external asset monitoring. Embedded is incident management such as ransomware attacks to determine dwell time (how long the bad actors had access to a client’s network and data), point of entry and threat actor profiling and negotiation. The firm derives its strength from the team of experts with years of experience across cyber security domains. This goes beyond the technical to the softer, but equally critical, aspects of cyber including user awareness training, cyber posture management, ISO, CIS, NIST and other certifications.

THE FUTURE PLANS

Geographical expansion has always been a critical focus area for the firm. Diagon’s expansion plans into the U.S. and Canada were fruitful. Currently, there are plans to explore the European region as well. Additionally, the team of experts at the firm has always believed in innovation. Every year, there are efforts toward introducing something new for their clients with the hope of not only keeping pace with the cyber criminals but staying ahead of them.