Nº Services Four pillars

A practice in four parts.

From advisory to deployment to long-running managed services to a small, hand-picked roster of software partners.

Pick the one that fits where you are. We won't try to sell you the others until you ask.

i. / iv.

Consulting

Strategy, programme design, governance. Senior practitioners who've sat in your seat.

  • Vulnerability programme design
  • Patch governance models
  • CMDB & asset strategy
  • Tooling selection & rationalisation
  • Audit & regulatory readiness
  • Board & CISO advisory

Strategy work tends to start with a tool. We start with the operating model (who owns what, which metric they share, where the exception process sits) and then identify the tool that fits. The order matters.

Engagements are short, typically two to eight weeks, and senior-led throughout. The output is something your team can act on without us; most clients choose to keep us on for the implementation.

Questions worth asking of your current programme

  • How do you group vulnerabilities for ease of resolution before handing them to IT?
  • Do IT and Security share at least one KPI that appears on both the CISO's report and the head of IT's?
  • Is your patch backlog smaller this quarter than last?
  • How many devices patch with manual input because they're "too complex", and is that taken on face value or has it been challenged?

ii. / iv.

Professional Services

Deployment, integration, optimisation. Practical implementation work, led by people who have done it before.

  • Tanium · zero-to-managed in 90 days
  • ServiceNow CMDB & SecOps integration
  • Cross-tool reconciliation
  • Patch automation pipelines
  • Drift & configuration baselining
  • Knowledge transfer to internal teams

Where consulting writes the operating model, professional services makes it real: agent rollouts, sensor tuning, patch ring design, ServiceNow CMDB integrations, and exception workflows.

Our preferred go-live shape is phased rather than big-bang, with reporting in place before remediation begins and the first cycle treated conservatively before the second moves at pace. We bring the playbook from previous engagements; you bring the operational and regulatory constraints specific to your estate.

Questions worth asking of your current programme

  • Did the rollout meet the operating model, or did the operating model adjust to fit the rollout?
  • Is the agent rolled out to 95%+ of the known estate, with the remainder explained rather than ignored?
  • Has the integration with the CMDB run continuously, without manual reconciliation, for the last thirty days?
  • Could your in-house team run the next patch cycle without us, if needed?

iii. / iv.

Managed Services

We run the ongoing programme on your behalf. The unglamorous, automated maintenance you'd rather not staff in-house.

  • Continuous vulnerability management
  • OS & third-party patch automation
  • Asset discovery & CMDB reconciliation
  • Configuration drift remediation
  • Our own dashboard, included
  • Quarterly funnel review with CISO

Most of the work in vulnerability management is best done unattended. We provide the tooling (Tanium and supporting platforms) and run the ongoing programme automatically every cycle, against your estate, with the governance you have specified. The reporting comes to you; the operational work and exception triage stays with us.

Every managed engagement runs on our own dashboard as a single source of truth. Numbers go to your CISO weekly. Anomalies surface within the cycle that produced them. Exception workflows are documented and audit-ready, and do not depend on a single individual being available.

Questions worth asking of your current programme

  • Is the 30-day vulnerability churn ratio below 1.0 (that is, are you closing more than you open)?
  • Do high/critical findings reach resolution inside the Cyber Essentials Plus 14-day window?
  • Is your mean time-to-resolve for CISA KEV-listed vulnerabilities trending down?
  • Does your CISO have reporting and dashboards they would trust to take to the board?

iv. / iv.

Software Partners

Nine platforms, hand-picked. Long-running relationships with each.

A consultancy that supports thirty platforms tends not to know any of them well. We chose these nine deliberately, and have run each on production estates long enough to know its edges. Each appears below with how we use it, and why we picked it.

The platform we deploy more often than any other. Endpoint truth at scale, with a query engine that holds up at fleets of six figures. Most of our managed-service muscle memory is built on it.

Where the workload lives in AWS, Azure or GCP, Wiz is our partner. Agentless, fast to deploy, with a prioritisation model we've found works in practice, particularly across multi-account and multi-cloud estates.

Privileged access management is its own discipline. CyberArk has the rigour we look for in regulated environments, where governance has to take priority over convenience.

Defender, Intune, Entra. For Microsoft-heavy and Microsoft-licensed estates, the question is usually how to configure and operate the tools effectively, not whether to adopt them. That is the work we do here.

Where vulnerabilities meet workflow. Most clients have ServiceNow already; fewer have its CMDB or SecOps modules fully integrated with their security telemetry. We connect Tanium and Wiz data into both.

Discovery, MDM, AD, EDR and CMDB rarely agree on the size of the estate. Axonius is how we reconcile those sources to a single number.

For the un-agentable: industrial estates, OT environments, and IoT estates that have grown organically. Forescout covers what agent-based tools cannot reach.

Identity and SaaS exposure observed in the browser, where it actually happens. Push covers the OAuth grants, account takeovers and shadow accounts that endpoint and email tooling cannot reach.

Vulnerability management, device hardening, compliance and AI governance, consolidated into a single platform. We use Remedio where customers want one coherent surface across those areas rather than separate tools for each.

→ Next Engage

Not sure which of these fits your situation? Tell us about it.

Talk to us