NCC Group Award Write-Up

2016 European Red TeamBased Penetration TestingProduct Leadership Award

2016

BEST PRACTICES RESEARCH

© Frost & Sullivan2016 2 “We Accelerate Growth”

Contents

Background and Company Performance ........................................................................ 3

Industry Challenges .............................................................................................. 3

Product Family Attributes and Business Impact ........................................................ 3

Business Impact ................................................................................................... 4

Conclusion........................................................................................................... 5

Significance of Product Leadership ................................................................................ 6

Understanding Product Leadership ................................................................................ 6

Key Benchmarking Criteria .................................................................................... 7

Best Practice Award Analysis for NCC Group .................................................................. 7

Decision Support Scorecard ................................................................................... 7

Product Family Attributes ...................................................................................... 8

Business Impact ................................................................................................... 8

Decision Support Matrix ........................................................................................ 9

Research Methodology ........................................................................................ 10

Best Practices Recognition: 10 Steps to Researching, Identifying, and Recognizing Best Practices ................................................................................................................. 11

About Frost & Sullivan .............................................................................................. 12



Background and Company Performance

Industry Challenges

In the digital world today, technology has made organizations more and more efficient in

their functioning through interconnectivity and other interventions. However, businesses

all over the world and across every industry face a number of cyber security challenges in

securing their processes, communications and data. The versatility and covertness of the

cyber threat makes the cyber security challenge a very daunting one. Organizations are

deploying many countermeasures to ensure cyber security. But simply deploying such

measures is oftentimes not enough.

When it comes to cyber security, no countermeasure is impenetrable. Frost & Sullivan

notes that newer cyber threats are generated at an alarming rate, which leads to rapid

obsolescence of the countermeasures previously installed. Organizations and even cyber

security vendors are sometimes unaware of vulnerabilities in their cyber security

architecture, which is susceptible to zero-day attacks. Frost & Sullivan points out that one

way to achieve cyber resilience is through continual testing of a firm’s cyber security

framework. The effectiveness of the test depends on how closely the simulation matches a

well-planned real world attack as well as its ability to identify chinks in the organization’s

cyber resilience architecture.

Frost & Sullivan firmly believes that NCC Group clearly stays ahead of its other

competitors in red team based penetration testing services; this is due its ability to

emulate real word threat actors and create advanced and realistic attack scenarios after

careful and systematic assessments of the industry, organization and operational

processes. Today, NCC Group is widely chosen by companies spanning industries -

including Oil & Gas, Banking & Finance and Pharmaceuticals - to evaluate their cyber

resilience and recommend to senior management specific strategies to enhance the cyber

security of their organizations.

Product Family Attributes and Business Impact

Match to Needs

Frost & Sullivan appreciates how NCC Group does not adopt a “one-size-fits-all” approach

towards evaluating cyber resilience. Every exercise is tailored after evaluating the

industry, nature and working practices of the organization and its business processes. The

Group’s services have the versatility of being able to scale up and down according to the

complexity of the challenge and the diversity of the client’s institutional framework.

The cyber security exercise starts off only after detailed consultations with the clients,

where they highlight pain points and concerns which require evaluation. Considering NCC

Group’s substantial investment in R&D, the firm is able to successfully replicate real world

attacks involving both physical and cyber aspects of subterfuge to gauge the client’s cyber

resilience concerning systems, human capital, processes, software and hardware. The



company's approach and adaptability enable it to transcend routine audits and penetration

checks and deliver a service that creates superior customer value.

Reliability and Quality

NCC Group is able to provide quality assessments and deliverables to clients through the

application of rigorous, tried and tested methodologies, , the use of automated

reconnaissance tools customized proprietary scripts, and manual techniques which test for

exploitable vulnerabilities. The deliverable details security vulnerabilities and

countermeasures and recommends a mitigation strategy which is in line with the client

organization’s internal operational and business practices. Through the use of highly

skilled penetration testing specialists with diverse backgrounds and IT disciplines, NCC

Group guarantees accurate vulnerability identification and risk mitigation measures.

A unique option that NCC Group presents clients is the possibility to embed a senior audit/

risk operative from the client company in the red-teaming process - so that he or she truly

understands the level of risk the client company is exposed to. The client representative

can also understand the company’s preparedness to deal with a cyberattack. The optimum

combination of knowledgeable human capital, advanced processes, and clear ability to

understand client requirements all enable NCC Group to deliver a reliable and quality

output solution.

Positioning

NCC Group has been able to carve out an impressive niche for itself by offering realistic

threat simulation and testing services; the company demonstrates the proper ability to

seamlessly converge physical and cyber threat factors into the red teaming exercise.

Cyberattacks are becoming increasingly complex and well-orchestrated with tactical

precision. The adversary today takes many forms and features different complexities. It

can be an individual with malicious intentions and coding super-capabilities, nation states,

or well established groups combining reconnaissance, active due diligence, and protracted

analysis of the target before commencing the attack. NCC Group adopts a tactical

approach by involving protracted intelligence gathering, physical research and scenario-

modeling to create a red teaming exercise which closely matches real world scenarios.

Frost & Sullivan’s exhaustive analysis confirms that the company is well differentiated

from its competitors.

Business Impact

Operational efficiency

NCC Group’s Operatives have expertise in a wide set of skills - including Infrastructure

Testing, Application Security Testing, Social Engineering, DDoS Testing, Remote Access

Security Testing, Wireless Security Testing, and Mobile Security Testing. The company

operatives are able to build their capabilities into a red teaming exercise quite efficiently,



as the company has tested methodologies and procedures in place. Red Team operations

are overseen by an attack-manager and an attack specialist, thus enabling NCC Group to

liaise with the client throughout the exercise. Well-entrenched protocols overseen by

highly experienced staff result in streamlined and productive exercises.

Growth Potential

Regional instability, the emergence of new nation states, and the proliferation of cyber

terrorism will require CNI, governments and private organizations to build up their cyber

resilience capability. Frost & Sullivan monitors how the demand for red teaming based

penetration testing services is on the rise. NCC Group anticipated the surge in demand

and has made several well-planned acquisitions to enlarge its footprint in Europe and its

cyber security capabilities. NCC Group has made seven acquisitions in the past three years

while maintaining good bottom lines. The acquisitions have expanded markets and

broadened the firm’s client base, and NCC Group has placed itself on a growth trajectory.

Customizable red team testing offerings with high quality deliverables enable the company

to retain its customers' loyalty.

Human Capital

Red Teaming exercises and tests at NCC Group are carried out by experienced penetration

testing professionals with diverse IT backgrounds (including policy, design and

development) and this enables it to undertake complex projects at short notice and under

challenging timelines. Testing specialists are closely supported by an expert R&D team,

which helps testing professionals recreate the most realistic attacks. The organization has

been able to make astute investments and acquisitions, which have gained NCC Group

lucrative new markets and enabled the company to stay ahead of its other competitors.

Frost & Sullivan agrees that retaining the best talent and nurturing a select workforce has

made NCC Group one of the most reliable and quality-oriented players in the redteam

based penetration testing space.

Conclusion

No business today can afford to be complacent, as the cyber threat is always looming.

NCC Group has been helping organizations raise their preparedness by demonstrating

well-orchestrated cyberattacks after taking into account the nature of the industry,

organization, and its human capital. The feedback and remedies suggested by NCC Group

has allowed many businesses to put in place effective cyber security mechanisms. NCC

Group has proved itself a superior competitor in the redteam based penetration testing

space.



Significance of Product Leadership Ultimately, growth in any organization depends upon customers purchasing from a

company, and then making the decision to return time and again. A comprehensive

product line, filled with high-quality, value-driven options, is the key to building an

engaged customer base. To achieve and maintain product excellence, an organization

must strive to be best-in-class in three key areas: understanding demand, nurturing the

brand, and differentiating from the competition.

Understanding Product Leadership Demand forecasting, branding, and differentiation all play a critical role in finding growth

opportunities for a leading product line. This three-fold focus, however, must be

complemented by an equally rigorous focus on pursuing those opportunities to a best-in-

class standard. Customer communications, customer feedback, pricing, and competitor

actions must all be managed and monitored for ongoing success. If an organization can

successfully parlay product excellence into positive business impact, increased market

share will inevitably follow over time.



Key Benchmarking Criteria

For the Product Leadership Award, Frost & Sullivan analysts independently evaluated two

key factors — Product Family Attributes and Business Impact — according to the criteria

identified below.

Product Family Attributes

Criterion 1: Match to Needs

Criterion 2: Reliability and Quality

Criterion 3: Product/Service Value

Criterion 4: Positioning

Criterion 5: Design

Business Impact

Criterion 1: Financial Performance

Criterion 2: Customer Acquisition

Criterion 3: Operational Efficiency

Criterion 4: Growth Potential

Criterion 5: Human Capital

Best Practice Award Analysis for NCC Group

Decision Support Scorecard

To support its evaluation of best practices across multiple business performance

categories, Frost & Sullivan employs a customized Decision Support Scorecard. This tool

allows our research and consulting teams to objectively analyze performance, according to

the key benchmarking criteria listed in the previous section, and to assign ratings on that

basis. The tool follows a 10-point scale that allows for nuances in performance evaluation;

ratings guidelines are illustrated below.

RATINGS GUIDELINES

The Decision Support Scorecard is organized by Product Family Attributes and Business

Impact (i.e., the overarching categories for all 10 benchmarking criteria; the definitions

for each criteria are provided beneath the scorecard). The research team confirms the

veracity of this weighted scorecard through sensitivity analysis, which confirms that small

changes to the ratings for a specific criterion do not lead to a significant change in the

overall relative rankings of the companies.



The results of this analysis are shown below. To remain unbiased and to protect the

interests of all organizations reviewed, we have chosen to refer to the other key players

as Competitor2 and Competitor3.

DECISION SUPPORTSCORECARDFOR PRODUCT LEADERSHIP AWARD

Measurement of 1–10 (1 = poor; 10 = excellent)

Product Leadership

Product Family

Attributes

Business

Impact Average Rating

NCC Group 8.5 9.5 9.0

Competitor2 7.0 7.0 7.0

Competitor3 6.0 7.0 6.5


Criterion 1: Match to Needs

Requirement: Customer needs directly influence and inspire the design and positioning of

the product family

Criterion 2: Reliability and Quality

Requirement: Products consistently meet or exceed customer expectations for

performance and length of service

Criterion 3: Product/Service Value

Requirement: Products or services offer the best value for the price, compared to similar

offerings in the market

Criterion 4: Positioning

Requirement: Products or services unique, unmet need that competitors cannot easily

replicate or replace

Criterion 5: Design

Requirement: The product features an innovative design, enhancing both visual appeal

and ease of use

Business Impact

Criterion 1: Financial Performance

Requirement: Strong overall financial performance in terms of revenues, revenue growth,

operating margin and other key financial metrics

Criterion 2: Customer Acquisition

Requirement: Product strength enables acquisition of new customers, even as it enhances

retention of current customers

Criterion 3: Operational Efficiency

Requirement: Staff is able to perform assigned tasks productively, quickly, and to a high

quality standard



Criterion 4: Growth Potential

Requirements: Product quality strengthens brand, reinforces customer loyalty and

enhances growth potential

Criterion 5: Human Capital

Requirement: Company culture is characterized by a strong commitment to product

quality and customer impact, which in turn enhances employee morale and retention

Decision Support Matrix

Once all companies have been evaluated according to the Decision Support Scorecard,

analysts can then position the candidates on the matrix shown below, enabling them to

visualize which companies are truly breakthrough and which ones are not yet operating at

best-in-class levels.

DECISION SUPPORTMATRIX FOR PRODUCT LEADERSHIP AWARD

High

Low

Low High

Business Impact


Competitor2

Competitor3

NCC

Group



The Intersection between 360-Degree Research and Best

Practices Awards

Research Methodology

Frost & Sullivan’s 360-degree research

methodology represents the analytical

rigor of our research process. It offers a

360-degree-view of industry challenges,

trends, and issues by integrating all 7 of

Frost & Sullivan's research methodologies.

Too often, companies make important

growth decisions based on a narrow

understanding of their environment,

leading to errors of both omission and

commission. Successful growth strategies

are founded on a thorough understanding

of market, technical, economic, financial,

customer, best practices, and demographic

analyses. The integration of these research

disciplines into the 360-degreeresearch

methodology provides an evaluation

platform for benchmarking industry players and for identifying those performing at best-

in-class levels.

360-DEGREE RESEARCH: SEEING ORDER IN

THE CHAOS

Technology

Obsolescence

Disruptive

Technologies

New

Applications

CEO

Demographics

Needs

and

PerceptionsSegmentation

Buying

Behavior

Branding

and

Positioning

Competitive

Benchmarking

Emerging

Competition

Competitive

Strategy

Capital

Investments

Availability

of

Capital

Country

Risk

Economic

Trends

Crowd

Sourcing

Growth

Strategies

Career

Development

Growth

Implementation

Industry

Evolution

New Vertical

Markets

Industry

Expansion

Industry

Convergence

Emerging

Technologies

Smart Cities

Sustainability

New Business

Cultures

GeoPolitical

Stability



Best Practices Recognition: 10 Steps to Researching, Identifying, and Recognizing Best Practices

Frost & Sullivan Awards follow a 10-step process to evaluate Award candidates and assess

their fit with select best practice criteria. The reputation and integrity of the Awards are

based on close adherence to this process.

STEP OBJECTIVE KEY ACTIVITIES OUTPUT

1 Monitor, target, and screen

Identify Award recipient candidates from around the globe

• Conduct in-depth industry research

• Identify emerging sectors • Scan multiple geographies

Pipeline of candidates who potentially meet all best-practice criteria

2 Perform 360-degree research

Perform comprehensive, 360-degree research on all candidates in the pipeline

• Interview thought leaders and industry practitioners

• Assess candidates’ fit with best-practice criteria

• Rank all candidates

Matrix positioning all candidates’ performance relative to one another

3

Invite thought leadership in best practices

Perform in-depth examination of all candidates

• Confirm best-practice criteria • Examine eligibility of all candidates

• Identify any information gaps

Detailed profiles of all ranked candidates

4

Initiate research director review

Conduct an unbiased evaluation of all candidate profiles

• Brainstorm ranking options • Invite multiple perspectives on candidates’ performance

• Update candidate profiles

Final prioritization of all eligible candidates and companion best-practice positioning paper

5

Assemble panel of industry experts

Present findings to an expert panel of industry thought leaders

• Share findings • Strengthen cases for candidate eligibility

• Prioritize candidates

Refined list of prioritized Award candidates

6

Conduct global industry review

Build consensus on Award candidates’ eligibility

• Hold global team meeting to review all candidates

• Pressure-test fit with criteria • Confirm inclusion of all eligible candidates

Final list of eligible Award candidates, representing success stories worldwide

7 Perform quality check

Develop official Award consideration materials

• Perform final performance benchmarking activities

• Write nominations • Perform quality review

High-quality, accurate, and creative presentation of nominees’ successes

8

Reconnect with panel of industry experts

Finalize the selection of the best-practice Award recipient

• Review analysis with panel • Build consensus • Select winner

Decision on which company performs best against all best-practice criteria

9 Communicate recognition

Inform Award recipient of Award recognition

• Present Award to the CEO • Inspire the organization for continued success

• Celebrate the recipient’s performance

Announcement of Award and plan for how recipient can use the Award to enhance the brand

10 Take strategic action

Upon licensing, company may share Award news with stakeholders and customers

• Coordinate media outreach • Design a marketing plan • Assess Award’s role in future strategic planning

Widespread awareness of recipient’s Award status among investors, media personnel, and employees



About Frost & Sullivan

Frost & Sullivan, the Growth Partnership Company, enables clients to accelerate growth

and achieve best in class positions in growth, innovation and leadership. The company's

Growth Partnership Service provides the CEO and the CEO's Growth Team with disciplined

research and best practice models to drive the generation, evaluation and implementation

of powerful growth strategies. Frost & Sullivan leverages almost 50 years of experience in

partnering with Global 1000 companies, emerging businesses and the investment

community from 31 offices on six continents. To join our Growth Partnership, please visit

http://www.frost.com.

NCC Group Award Write-Up

Documents

Transcript of NCC Group Award Write-Up