Welcome to Castleforce

Castleforce help companies with IT Security compliance and risk management by offering products and services to help enforce policies.

Castleforce are experienced in assisting organisations with managing the security aspects of corporate / enterprise Information and Communications Technology (ICT), Industrial Control System (ICS), Supervisory control and data acquisition (SCADA), Operational Technology (OT) and hybrid environments. 

Legacy AppSec Tools That Leave Enterprises Exposed

A recent study of application security by Positive Technologies found an incredible 91% of enterprise systems tested had enough vulnerabilities to grant Internet-based attackers access to internal systems (up from 74% in 2011-12).

But the majority of these vulnerabilities can be detected and fixed before attackers exploit them, especially with source code analysis which can reveal up to ten times as many weaknesses as other assessments. In fact, the latest regulatory standards for payment apps, personal data and government information such as PCI DSS and the European Union’s Data Protection Directive compel organizations to detect and fix application vulnerabilities before putting the applications into production.

So why are so many large enterprises still doing such a bad job of application security? Typically, it is because of the inherent weaknesses in existing automated solutions:
  • Many rely on Static Application Security Testing (SAST) methods, which reveal programming errors instead of specific security problems, resulting in a large number of false positives that drive up the cost of AppSec processes and mean real threats can get missed
  • SAST techniques cannot detect vulnerabilities that only appear when a program is running
  • Dynamic Application Security Testing (DAST) solutions typically cover as little as 30% of the application code and cannot be used during software development. They may also cause running apps to fail, affecting business continuity.

Why Positive Technologies Application inspector (PT AI)

PT Application Inspector (PT AI) solves many of these challenges by employing a unique combination of static, dynamic and interactive testing methods.

PT AI is the result of over a decade of practical security research. Our experts have analyzed thousands of web, mobile, ERP and ICS/SCADA applications, so we understand the real-life challenges associated with finding and fixing application vulnerabilities. PT AI gives your development team immediate access to our research knowledge, providing instant visibility of the flaws in your code and the risks they represent.

For more details on PT Application Inspector

Castleforce Protective Monitoring / Log Management / SIEM partners

Assuria CESG CCTM accredited cyber security solutions CCTM-CESG-Claim-Tested-Mark Assuria Log Manager (ALM) has achieved CESG CCTM approval and securely collects and manages audit logs to comply with regulations. The small footprint ALM agents are available for Windows, UNIX and Linux servers, databases, applications, network devices, firewalls, routers, access control systems and many more. Collection from new log sources can be added via agent plug-ins. Collected logs are stored in their original format in a standard file / folder structure with log data integrity ensured through digital signatures and cryptographic hashes.  

Assuria offer a GPG13 compliant protective monitoring In Premise or Cloud based managed solution that is listed in G-Cloud.  Assuria have customers using their ALM up to the highest impact levels and their flexible deployment strategy, attention to details and commercial advantage are key to their success.

Cloud Security Solution of the Year 2014Cloud Security Solution of the Year 2014

NHS Information Governance Toolkit Fastrack

Castleforce NHS Information Governance (IG) Toolkit submission service aims to assist NHS providers, Commercial third parties and NHS partners in complying with the complex and rapidly changing landscape of IGT.

Service Overview

  • Assess/review current practices.
  • Identify IG 'gaps'.
  • Create IG improvement plan.
  • Implement improvements.
  • Assemble body of evidence.
  • File IGT submission with supporting evidence.
  • IGT Expertises

The project will be fully managed and led by our experienced IG specialists, who have proven NHS background in assisting organisations complying with IGT and Information Security. 

We can provide customer recommendations from NHS Commercial Third Party organisations, GP's and Pharmaceuticals.

Compliance Fast track service

An instant leap towards your complete Information Management System

Our methodology alone will ensure you meet level one IMS assessments. In addition it will give you all the knowledge and tools required to quickly fulfil your compliance goals. The methodology is fully aligned with the achievement of:

  • ISO 27001:2013 – Information Security Management System
  • ISO 22301:2012 – Business Continuity Management System
  • ISO 14001:2004 – Environmental Management System
  • ISO 9001:2008 – Quality Management System
  • OHSAS 18001:2007 – Occupational Health & Safety Management System

The IMS methodology affords you complete control over your IMS implementation and supports the development of your internal knowledge and capabilities. After obtaining the IMS methodology, you can literally implement your complete system.  Contact us to find out more on how we can add a timeframe and cost to your compliance projects.

We also offer our integrated IMS in a cloud based delivery that also helps manage risk and provides a security awareness training platform

“The market for application security testing is changing rapidly. Technology trends, such as mobile applications, advanced Web applications and dynamic languages, are forcing the need to combine dynamic and static testing capabilities, which is reshaping the overall market.”

Gartner, Magic Quadrant for Application Security Testing, July 2013

DDoS Mitigation Service

Does your security infrastructure protect you from DDoS and blended and sophisticated IPS threats?

Our fully managed DDoS and Intrusion Prevention Solution (IPS) prevents targeted malicious attacks from reaching your network or E-commerce trading infrastructure. The integrated three dimensional technological design, stops exploits of critical vulnerabilities and advanced hybrid and application level attacks from reaching your network. We offer a breadth of solutions, services and technologies and a wealth of experience that helps your business, underpinned by robust and accountable Service Level Agreements.

Learn more about our DDoS Mitigation Service

SAP Security Health Checks

MaxPatrol helps automate vulnerability and compliance management across all layers of your SAP infrastructure.


MaxPatrol’s certified integration with SAP NetWeaver® 7.0, gives you control of SAP system parameters, services, vulnerabilities, SAP router configurations, segregation of duties and so much more.

Positive Research 2015


Logfiller measures the complete Windows User Experience
Assuria protective monitoring and configuration assurance solutions galaxkey secure email and document encryption    Positive Technologies ptsecurity maxpatrol
Checkmarx - static code analysis - source code review
Copyright 2015 Castleforce   Terms Of Use  Privacy Statement Register  Login