NCC Group Award Write-Up
Transcript of NCC Group Award Write-Up
2016 European Red TeamBased Penetration TestingProduct Leadership Award
2016
BEST PRACTICES RESEARCH
© Frost & Sullivan2016 2 “We Accelerate Growth”
Contents
Background and Company Performance ........................................................................ 3
Industry Challenges .............................................................................................. 3
Product Family Attributes and Business Impact ........................................................ 3
Business Impact ................................................................................................... 4
Conclusion........................................................................................................... 5
Significance of Product Leadership ................................................................................ 6
Understanding Product Leadership ................................................................................ 6
Key Benchmarking Criteria .................................................................................... 7
Best Practice Award Analysis for NCC Group .................................................................. 7
Decision Support Scorecard ................................................................................... 7
Product Family Attributes ...................................................................................... 8
Business Impact ................................................................................................... 8
Decision Support Matrix ........................................................................................ 9
Research Methodology ........................................................................................ 10
Best Practices Recognition: 10 Steps to Researching, Identifying, and Recognizing Best Practices ................................................................................................................. 11
About Frost & Sullivan .............................................................................................. 12
BEST PRACTICES RESEARCH
© Frost & Sullivan2016 3 “We Accelerate Growth”
Background and Company Performance
Industry Challenges
In the digital world today, technology has made organizations more and more efficient in
their functioning through interconnectivity and other interventions. However, businesses
all over the world and across every industry face a number of cyber security challenges in
securing their processes, communications and data. The versatility and covertness of the
cyber threat makes the cyber security challenge a very daunting one. Organizations are
deploying many countermeasures to ensure cyber security. But simply deploying such
measures is oftentimes not enough.
When it comes to cyber security, no countermeasure is impenetrable. Frost & Sullivan
notes that newer cyber threats are generated at an alarming rate, which leads to rapid
obsolescence of the countermeasures previously installed. Organizations and even cyber
security vendors are sometimes unaware of vulnerabilities in their cyber security
architecture, which is susceptible to zero-day attacks. Frost & Sullivan points out that one
way to achieve cyber resilience is through continual testing of a firm’s cyber security
framework. The effectiveness of the test depends on how closely the simulation matches a
well-planned real world attack as well as its ability to identify chinks in the organization’s
cyber resilience architecture.
Frost & Sullivan firmly believes that NCC Group clearly stays ahead of its other
competitors in red team based penetration testing services; this is due its ability to
emulate real word threat actors and create advanced and realistic attack scenarios after
careful and systematic assessments of the industry, organization and operational
processes. Today, NCC Group is widely chosen by companies spanning industries -
including Oil & Gas, Banking & Finance and Pharmaceuticals - to evaluate their cyber
resilience and recommend to senior management specific strategies to enhance the cyber
security of their organizations.
Product Family Attributes and Business Impact
Match to Needs
Frost & Sullivan appreciates how NCC Group does not adopt a “one-size-fits-all” approach
towards evaluating cyber resilience. Every exercise is tailored after evaluating the
industry, nature and working practices of the organization and its business processes. The
Group’s services have the versatility of being able to scale up and down according to the
complexity of the challenge and the diversity of the client’s institutional framework.
The cyber security exercise starts off only after detailed consultations with the clients,
where they highlight pain points and concerns which require evaluation. Considering NCC
Group’s substantial investment in R&D, the firm is able to successfully replicate real world
attacks involving both physical and cyber aspects of subterfuge to gauge the client’s cyber
resilience concerning systems, human capital, processes, software and hardware. The
BEST PRACTICES RESEARCH
© Frost & Sullivan2016 4 “We Accelerate Growth”
company's approach and adaptability enable it to transcend routine audits and penetration
checks and deliver a service that creates superior customer value.
Reliability and Quality
NCC Group is able to provide quality assessments and deliverables to clients through the
application of rigorous, tried and tested methodologies, , the use of automated
reconnaissance tools customized proprietary scripts, and manual techniques which test for
exploitable vulnerabilities. The deliverable details security vulnerabilities and
countermeasures and recommends a mitigation strategy which is in line with the client
organization’s internal operational and business practices. Through the use of highly
skilled penetration testing specialists with diverse backgrounds and IT disciplines, NCC
Group guarantees accurate vulnerability identification and risk mitigation measures.
A unique option that NCC Group presents clients is the possibility to embed a senior audit/
risk operative from the client company in the red-teaming process - so that he or she truly
understands the level of risk the client company is exposed to. The client representative
can also understand the company’s preparedness to deal with a cyberattack. The optimum
combination of knowledgeable human capital, advanced processes, and clear ability to
understand client requirements all enable NCC Group to deliver a reliable and quality
output solution.
Positioning
NCC Group has been able to carve out an impressive niche for itself by offering realistic
threat simulation and testing services; the company demonstrates the proper ability to
seamlessly converge physical and cyber threat factors into the red teaming exercise.
Cyberattacks are becoming increasingly complex and well-orchestrated with tactical
precision. The adversary today takes many forms and features different complexities. It
can be an individual with malicious intentions and coding super-capabilities, nation states,
or well established groups combining reconnaissance, active due diligence, and protracted
analysis of the target before commencing the attack. NCC Group adopts a tactical
approach by involving protracted intelligence gathering, physical research and scenario-
modeling to create a red teaming exercise which closely matches real world scenarios.
Frost & Sullivan’s exhaustive analysis confirms that the company is well differentiated
from its competitors.
Business Impact
Operational efficiency
NCC Group’s Operatives have expertise in a wide set of skills - including Infrastructure
Testing, Application Security Testing, Social Engineering, DDoS Testing, Remote Access
Security Testing, Wireless Security Testing, and Mobile Security Testing. The company
operatives are able to build their capabilities into a red teaming exercise quite efficiently,
BEST PRACTICES RESEARCH
© Frost & Sullivan2016 5 “We Accelerate Growth”
as the company has tested methodologies and procedures in place. Red Team operations
are overseen by an attack-manager and an attack specialist, thus enabling NCC Group to
liaise with the client throughout the exercise. Well-entrenched protocols overseen by
highly experienced staff result in streamlined and productive exercises.
Growth Potential
Regional instability, the emergence of new nation states, and the proliferation of cyber
terrorism will require CNI, governments and private organizations to build up their cyber
resilience capability. Frost & Sullivan monitors how the demand for red teaming based
penetration testing services is on the rise. NCC Group anticipated the surge in demand
and has made several well-planned acquisitions to enlarge its footprint in Europe and its
cyber security capabilities. NCC Group has made seven acquisitions in the past three years
while maintaining good bottom lines. The acquisitions have expanded markets and
broadened the firm’s client base, and NCC Group has placed itself on a growth trajectory.
Customizable red team testing offerings with high quality deliverables enable the company
to retain its customers' loyalty.
Human Capital
Red Teaming exercises and tests at NCC Group are carried out by experienced penetration
testing professionals with diverse IT backgrounds (including policy, design and
development) and this enables it to undertake complex projects at short notice and under
challenging timelines. Testing specialists are closely supported by an expert R&D team,
which helps testing professionals recreate the most realistic attacks. The organization has
been able to make astute investments and acquisitions, which have gained NCC Group
lucrative new markets and enabled the company to stay ahead of its other competitors.
Frost & Sullivan agrees that retaining the best talent and nurturing a select workforce has
made NCC Group one of the most reliable and quality-oriented players in the redteam
based penetration testing space.
Conclusion
No business today can afford to be complacent, as the cyber threat is always looming.
NCC Group has been helping organizations raise their preparedness by demonstrating
well-orchestrated cyberattacks after taking into account the nature of the industry,
organization, and its human capital. The feedback and remedies suggested by NCC Group
has allowed many businesses to put in place effective cyber security mechanisms. NCC
Group has proved itself a superior competitor in the redteam based penetration testing
space.
BEST PRACTICES RESEARCH
© Frost & Sullivan2016 6 “We Accelerate Growth”
Significance of Product Leadership Ultimately, growth in any organization depends upon customers purchasing from a
company, and then making the decision to return time and again. A comprehensive
product line, filled with high-quality, value-driven options, is the key to building an
engaged customer base. To achieve and maintain product excellence, an organization
must strive to be best-in-class in three key areas: understanding demand, nurturing the
brand, and differentiating from the competition.
Understanding Product Leadership Demand forecasting, branding, and differentiation all play a critical role in finding growth
opportunities for a leading product line. This three-fold focus, however, must be
complemented by an equally rigorous focus on pursuing those opportunities to a best-in-
class standard. Customer communications, customer feedback, pricing, and competitor
actions must all be managed and monitored for ongoing success. If an organization can
successfully parlay product excellence into positive business impact, increased market
share will inevitably follow over time.
BEST PRACTICES RESEARCH
© Frost & Sullivan2016 7 “We Accelerate Growth”
Key Benchmarking Criteria
For the Product Leadership Award, Frost & Sullivan analysts independently evaluated two
key factors — Product Family Attributes and Business Impact — according to the criteria
identified below.
Product Family Attributes
Criterion 1: Match to Needs
Criterion 2: Reliability and Quality
Criterion 3: Product/Service Value
Criterion 4: Positioning
Criterion 5: Design
Business Impact
Criterion 1: Financial Performance
Criterion 2: Customer Acquisition
Criterion 3: Operational Efficiency
Criterion 4: Growth Potential
Criterion 5: Human Capital
Best Practice Award Analysis for NCC Group
Decision Support Scorecard
To support its evaluation of best practices across multiple business performance
categories, Frost & Sullivan employs a customized Decision Support Scorecard. This tool
allows our research and consulting teams to objectively analyze performance, according to
the key benchmarking criteria listed in the previous section, and to assign ratings on that
basis. The tool follows a 10-point scale that allows for nuances in performance evaluation;
ratings guidelines are illustrated below.
RATINGS GUIDELINES
The Decision Support Scorecard is organized by Product Family Attributes and Business
Impact (i.e., the overarching categories for all 10 benchmarking criteria; the definitions
for each criteria are provided beneath the scorecard). The research team confirms the
veracity of this weighted scorecard through sensitivity analysis, which confirms that small
changes to the ratings for a specific criterion do not lead to a significant change in the
overall relative rankings of the companies.
BEST PRACTICES RESEARCH
© Frost & Sullivan2016 8 “We Accelerate Growth”
The results of this analysis are shown below. To remain unbiased and to protect the
interests of all organizations reviewed, we have chosen to refer to the other key players
as Competitor2 and Competitor3.
DECISION SUPPORTSCORECARDFOR PRODUCT LEADERSHIP AWARD
Measurement of 1–10 (1 = poor; 10 = excellent)
Product Leadership
Product Family
Attributes
Business
Impact Average Rating
NCC Group 8.5 9.5 9.0
Competitor2 7.0 7.0 7.0
Competitor3 6.0 7.0 6.5
Product Family Attributes
Criterion 1: Match to Needs
Requirement: Customer needs directly influence and inspire the design and positioning of
the product family
Criterion 2: Reliability and Quality
Requirement: Products consistently meet or exceed customer expectations for
performance and length of service
Criterion 3: Product/Service Value
Requirement: Products or services offer the best value for the price, compared to similar
offerings in the market
Criterion 4: Positioning
Requirement: Products or services unique, unmet need that competitors cannot easily
replicate or replace
Criterion 5: Design
Requirement: The product features an innovative design, enhancing both visual appeal
and ease of use
Business Impact
Criterion 1: Financial Performance
Requirement: Strong overall financial performance in terms of revenues, revenue growth,
operating margin and other key financial metrics
Criterion 2: Customer Acquisition
Requirement: Product strength enables acquisition of new customers, even as it enhances
retention of current customers
Criterion 3: Operational Efficiency
Requirement: Staff is able to perform assigned tasks productively, quickly, and to a high
quality standard
BEST PRACTICES RESEARCH
© Frost & Sullivan2016 9 “We Accelerate Growth”
Criterion 4: Growth Potential
Requirements: Product quality strengthens brand, reinforces customer loyalty and
enhances growth potential
Criterion 5: Human Capital
Requirement: Company culture is characterized by a strong commitment to product
quality and customer impact, which in turn enhances employee morale and retention
Decision Support Matrix
Once all companies have been evaluated according to the Decision Support Scorecard,
analysts can then position the candidates on the matrix shown below, enabling them to
visualize which companies are truly breakthrough and which ones are not yet operating at
best-in-class levels.
DECISION SUPPORTMATRIX FOR PRODUCT LEADERSHIP AWARD
High
Low
Low High
Business Impact
Product Family Attributes
Competitor2
Competitor3
NCC
Group
BEST PRACTICES RESEARCH
© Frost & Sullivan2016 10 “We Accelerate Growth”
The Intersection between 360-Degree Research and Best
Practices Awards
Research Methodology
Frost & Sullivan’s 360-degree research
methodology represents the analytical
rigor of our research process. It offers a
360-degree-view of industry challenges,
trends, and issues by integrating all 7 of
Frost & Sullivan's research methodologies.
Too often, companies make important
growth decisions based on a narrow
understanding of their environment,
leading to errors of both omission and
commission. Successful growth strategies
are founded on a thorough understanding
of market, technical, economic, financial,
customer, best practices, and demographic
analyses. The integration of these research
disciplines into the 360-degreeresearch
methodology provides an evaluation
platform for benchmarking industry players and for identifying those performing at best-
in-class levels.
360-DEGREE RESEARCH: SEEING ORDER IN
THE CHAOS
Technology
Obsolescence
Disruptive
Technologies
New
Applications
CEO
Demographics
Needs
and
PerceptionsSegmentation
Buying
Behavior
Branding
and
Positioning
Competitive
Benchmarking
Emerging
Competition
Competitive
Strategy
Capital
Investments
Availability
of
Capital
Country
Risk
Economic
Trends
Crowd
Sourcing
Growth
Strategies
Career
Development
Growth
Implementation
Industry
Evolution
New Vertical
Markets
Industry
Expansion
Industry
Convergence
Emerging
Technologies
Smart Cities
Sustainability
New Business
Cultures
GeoPolitical
Stability
BEST PRACTICES RESEARCH
© Frost & Sullivan2016 11 “We Accelerate Growth”
Best Practices Recognition: 10 Steps to Researching, Identifying, and Recognizing Best Practices
Frost & Sullivan Awards follow a 10-step process to evaluate Award candidates and assess
their fit with select best practice criteria. The reputation and integrity of the Awards are
based on close adherence to this process.
STEP OBJECTIVE KEY ACTIVITIES OUTPUT
1 Monitor, target, and screen
Identify Award recipient candidates from around the globe
• Conduct in-depth industry research
• Identify emerging sectors • Scan multiple geographies
Pipeline of candidates who potentially meet all best-practice criteria
2 Perform 360-degree research
Perform comprehensive, 360-degree research on all candidates in the pipeline
• Interview thought leaders and industry practitioners
• Assess candidates’ fit with best-practice criteria
• Rank all candidates
Matrix positioning all candidates’ performance relative to one another
3
Invite thought leadership in best practices
Perform in-depth examination of all candidates
• Confirm best-practice criteria • Examine eligibility of all candidates
• Identify any information gaps
Detailed profiles of all ranked candidates
4
Initiate research director review
Conduct an unbiased evaluation of all candidate profiles
• Brainstorm ranking options • Invite multiple perspectives on candidates’ performance
• Update candidate profiles
Final prioritization of all eligible candidates and companion best-practice positioning paper
5
Assemble panel of industry experts
Present findings to an expert panel of industry thought leaders
• Share findings • Strengthen cases for candidate eligibility
• Prioritize candidates
Refined list of prioritized Award candidates
6
Conduct global industry review
Build consensus on Award candidates’ eligibility
• Hold global team meeting to review all candidates
• Pressure-test fit with criteria • Confirm inclusion of all eligible candidates
Final list of eligible Award candidates, representing success stories worldwide
7 Perform quality check
Develop official Award consideration materials
• Perform final performance benchmarking activities
• Write nominations • Perform quality review
High-quality, accurate, and creative presentation of nominees’ successes
8
Reconnect with panel of industry experts
Finalize the selection of the best-practice Award recipient
• Review analysis with panel • Build consensus • Select winner
Decision on which company performs best against all best-practice criteria
9 Communicate recognition
Inform Award recipient of Award recognition
• Present Award to the CEO • Inspire the organization for continued success
• Celebrate the recipient’s performance
Announcement of Award and plan for how recipient can use the Award to enhance the brand
10 Take strategic action
Upon licensing, company may share Award news with stakeholders and customers
• Coordinate media outreach • Design a marketing plan • Assess Award’s role in future strategic planning
Widespread awareness of recipient’s Award status among investors, media personnel, and employees
BEST PRACTICES RESEARCH
© Frost & Sullivan2016 12 “We Accelerate Growth”
About Frost & Sullivan
Frost & Sullivan, the Growth Partnership Company, enables clients to accelerate growth
and achieve best in class positions in growth, innovation and leadership. The company's
Growth Partnership Service provides the CEO and the CEO's Growth Team with disciplined
research and best practice models to drive the generation, evaluation and implementation
of powerful growth strategies. Frost & Sullivan leverages almost 50 years of experience in
partnering with Global 1000 companies, emerging businesses and the investment
community from 31 offices on six continents. To join our Growth Partnership, please visit
http://www.frost.com.