Explore our offensive security services:

Helping you reduce cyber risk and prevent attacks, the Security Testing & Incident Response Team (STIRT) cybersecurity advisory services review, analyze and recommend proactive measures to improve your security posture.

Red team

During red team engagements, our STIRT hackers simulate real, adaptive threat actors. Our goal is to assess your cyber maturity and security processes by tailoring our approach to your unique defensive setup. We focus on your most critical assets – the 'crown jewels' – rather than providing broad coverage. These engagements are discreet, ensuring our tests represent a genuine evaluation of your ability to detect and respond to cyber threats without prior notification. Our tailored access approach considers your unique defensive technologies, replicating the evolving threat landscape you face. This provides actionable insights to enhance your cybersecurity.

Purple team

Bell’s purple team tests the response capacity of your Security Operation Center (SOC) or third-party defensive assets. The testing scenarios measure the detection capabilities of the blue team when confronted with malicious actions, such as an attempt to pivot or escalate privileges. We work hand in hand with your security personnel to ensure comprehension and knowledge transfer, with a focus on improving countermeasures and defensive processes. These operations involve continuous, real-time communication between our attackers and your defenders.

Penetration testing

Bell penetration tests are methodical, systematic and provide a high level of confidence as we discover your vulnerabilities and their specific business or technical impact. Whether you want an ad hoc assessment or an annual penetration test program, we tailor our services to your specific needs. We take pride in each customer’s security, helping to create a clear action plan for resolving vulnerabilities to bolster your defenses, achieve compliance, and protect your users and data.

Additional Bell testing team services:

• Web application security testing
• Mobile application security testing
• Network infrastructure security testing
• Phishing, vishing and smishing tests
• Cyber threat intelligence gathering powered by AI
• Cloud penetration tests

Bell SIST services:

• Security integration: Bell will lead a collaborative process to understand your needs and develop a security program that suits your business.
• Network security architecture & implementation: the Bell integration team will implement and deploy the security solution. Bell works in lock step with your team to find and fix exposures across all attack surfaces. We are your partner from installation, configuration of any security device to cut-over and knowledge transfer for all integration projects.
• Complete security architecture assessment: Bell collaborates with your team to find architecture security exposures and propose new innovative and integrated solutions. We are your partner from review, analysis, proposal and roadmapping of best-of-breed security solutions customized to your specific threat landscape and context.
• Complete security architecture design: Bell security experts work with your team to review, assess and recommend the most appropriate security program for your business. Services include ensuring that SRTM is completed, ensuring that the artifacts validating controls have been saved, and validating that the requirements have been met (security requirements, traceability matrix, etc.)
• Firewall implementation & remediation
• Mobile & endpoint protection

Services offered:

• GRC Advisory Services (alternatively called Virtual CISO Services)
• Cybersecurity Maturity Assessments (framework or standard based)
• • Center for Internet Security - CIS v8.0
  • NIST Cyber Security Framework - CSF v1.1
  • Cloud Security Alliance Controls Matrix - CSA CCM v4.0
  • ISO 27001 (including Internal Audit services by ISO 27001 certified Lead Auditors)
  • Cybersecurity Maturity Model Certification CMMC based on NIST SP 800-171
  • Federal and provincial government assessments based on:
  • • ITSG-33, SA&A
    • Direction on the Secure Use of Cloud Services: Security Policy Implementation Notice (SPIN)
    • GoC Security Control Profiles PBMM and PBMM for Cloud-based services
    • TRA, HTRA
    • TBS Directive on Security Management
• CCCS - Cloud cybersecurity posture assessment and guidance
• Cybersecurity program or roadmap development
• Guidance on new privacy regulations and data governance
• Policies, directives and guidelines development
• Cybersecurity awareness

PCI services

• Bell has been an official QSA company since July 2009. We offer services that include:

• • PCI-DSS v4.0 advisory services
  • OnSite assessments and Report on Compliance (ROC)
  • QSA signed self-assessment questionnaires
  • Gap analysis and recommendations
  • Scope definition and validation document
  • Scope reduction strategies
  • PCI advisory services and compliance support for Bell clients
  • Acquirer relationship management
  • PCI-DSS policies and procedures development
  • PCI awareness training