Our Research

We are proud of our research heritage and consistently perform independent, cutting-edge security research across all technologies and in all sectors.

Internally we invest around 2,000 people days a year on research; the outcomes of which result in our vulnerability advisories, whitepapers, open source tools and knowledge-sharing presentations delivered all over the world at security and industry-specific conferences.

We employ some of the most talented security consultants and researchers on the planet, serving 15,000 clients worldwide and discovering tens or hundreds of thousands of vulnerabilities per year. We are a research-driven firm where every researcher on our team is also an active consultant.

With hundreds of specialized consultants, our research areas extend into almost every area of security.

Our technical capabilities extend beyond our public-facing work, to include our internal-only research and development including our Exploit Development Group, Threat Intelligence Fusion Center, Full Spectrum Attack Simulation group, as well as unpublished proprietary tooling.

You can find samples of some of our recent public-facing work on our Research Blog and you’ll find us at all the key security events around the world as well as read our work in the trade and consumer media.

Our research allows us to understand and quantify risk for our clients with regards to the technologies they use and the threats to the sectors and industries in which they operate. What we mean by research at NCC Group typically falls under one or more of six core categories:

  • Offensive – we perform deep technical vulnerability research to understand the complexities involved in attacking different technologies and systems and the true impact of any successes that attackers might derive with similar capabilities.
  • Defensive – outputs from our offensive research inform our defensive research – this is where we research methods, tooling and solutions to mitigate the issues that we identify across technologies.
  • Capability – we are constantly innovating and developing new technical testing capabilities and methodologies to keep pace with the rapid change in technology and threat landscapes. This ensures when we assess client systems and networks, our techniques are at least as good as those of adversaries when seeking to uncover and exploit vulnerability to assess risk.
  • Future Looking / Horizon Scanning – we routinely research emerging technologies to understand the potential security impact of those technologies on the sectors in which our clients operate.
  • Client-Driven – we regularly perform on-request research for clients; helping them to answer any uncertainties they might have on technology risk, such as understanding security capabilities of specific technologies or emerging technological security impact on an industry or sector.
  • Collaborative – we are open to research collaboration and regularly work with academia through joint research and PhD sponsorships. We also contribute many of our research outputs to various international security standards bodies and we are open to B2B and consortia-based research collaborations.

Access our Research Blog