China Mobile Hong Kong Company Limited
China Mobile Hong Kong Company Limited
Company Information
| Year Founded | 1994 |
| Size of Technical Team | 30 |
| Total Company Size | 1904 |
| Website | https://www.hk.chinamobile.com |
| LinkedIn Page | https://www.linkedin.com/company/china-mobile-hong-kong |
| Facebook Page | https://www.facebook.com/ChinaMobileHK |
I want to leave feedback for this company
Company Description
China Mobile Hong Kong Company Limited (CMHK), a wholly-owned subsidiary of China Mobile Limited, ranks 55th on the Fortune Global 500 list. As the largest network operator in Hong Kong, CMHK drives digital and intelligent development through its Cybersecurity Center, offering comprehensive network security solutions and a multi-layered defense system. The center integrates threat detection, data protection, and identity management, while providing tailored security services to meet industry-specific needs.
Supported by an experienced local security team, the Cybersecurity Center specializes in attack-defense simulations, threat analysis, and security operations. With extensive expertise and multiple international certifications, it has become a trusted leader in cybersecurity. Since 2021, CMHK has operated a Security Operations Center (SOC) in Hong Kong, certified under ISO/IEC 27001:2022. In 2023, CMHK earned the "Outstanding Enterprise Impact Award in Cybersecurity," underscoring its excellence and influence in the field.
Featured Solutions
Cybersecurity Awareness Training
CMHK provides cybersecurity awareness training services designed to enhance security risk awareness among all employees and managers, equipping target participants with the knowledge to protect our clients from cyberthreats.
Service Scope:
1. Customized Course Planning: Based on the results of phishing drills (if conducted) and relevant information, we will jointly discuss and determine the course content and implementation arrangements, covering common cybersecurity awareness topics, recommended cyberthreat introductions, course delivery methods, participant lists, and scheduling.
2. Diversified Training Implementation: Customized training can be conducted online or offline, with embedded testing to verify learning outcomes.
3. Comprehensive Delivery: After the training is completed, attendance forms, training and testing materials, visual training and test results, and training recordings* will be provided. A review meeting will also be held to jointly summarize the overall training effectiveness and provide recommendations based on the assessed overall cybersecurity awareness level.
Service Features:
1. Customized and Diversified Training Model: Based on actual customer needs, we offer flexible online and offline teaching options. Training topics are intelligently customized based on different tiers, such as management and frontline employees. We also support monthly and annual ongoing training plans, or offer token-based training services.
2. Targeted, Tiered Training Coverage: Each training session includes at least three sessions tailored to specific personnel. For management, CMHK managers will analyze cybersecurity governance logic from a management perspective and share awareness-raising strategies based on recent hot cybersecurity topics. For frontline employees, we focus on general cybersecurity awareness, supplemented by technical analysis and defense recommendations for traditional attack methods. For those who failed phishing drills, we provide specialized courses on phishing prevention.
CMHK's cybersecurity awareness training service emphasizes "human security capacity building". Through tiered empowerment, we strengthen employees' compliance awareness and cybersecurity literacy, systematically mitigating risks at the source and supporting the company's stable development.
Read Details
Service Scope:
1. Customized Course Planning: Based on the results of phishing drills (if conducted) and relevant information, we will jointly discuss and determine the course content and implementation arrangements, covering common cybersecurity awareness topics, recommended cyberthreat introductions, course delivery methods, participant lists, and scheduling.
2. Diversified Training Implementation: Customized training can be conducted online or offline, with embedded testing to verify learning outcomes.
3. Comprehensive Delivery: After the training is completed, attendance forms, training and testing materials, visual training and test results, and training recordings* will be provided. A review meeting will also be held to jointly summarize the overall training effectiveness and provide recommendations based on the assessed overall cybersecurity awareness level.
Service Features:
1. Customized and Diversified Training Model: Based on actual customer needs, we offer flexible online and offline teaching options. Training topics are intelligently customized based on different tiers, such as management and frontline employees. We also support monthly and annual ongoing training plans, or offer token-based training services.
2. Targeted, Tiered Training Coverage: Each training session includes at least three sessions tailored to specific personnel. For management, CMHK managers will analyze cybersecurity governance logic from a management perspective and share awareness-raising strategies based on recent hot cybersecurity topics. For frontline employees, we focus on general cybersecurity awareness, supplemented by technical analysis and defense recommendations for traditional attack methods. For those who failed phishing drills, we provide specialized courses on phishing prevention.
CMHK's cybersecurity awareness training service emphasizes "human security capacity building". Through tiered empowerment, we strengthen employees' compliance awareness and cybersecurity literacy, systematically mitigating risks at the source and supporting the company's stable development.
Read Details
Attack and Defense Drill Services
CMHK attack and defense drill services simulate real-world cyberattacks for enterprises, helping them identify security vulnerabilities in their network environments, validate their existing cybersecurity capabilities, enhance their emergency response procedures, and meet compliance requirements. Our attack and defense drill services focus on three key areas:
1. Simulated attack: Red Team testing based on real-world attack methods;
2. Defense assessment: Professional blue team testing and defense capability verification;
3. Attack and defense confrontation: Comprehensive testing and drills are conducted through full-process attack and defense drills, including network protection and key security services, to enhance cybersecurity capabilities.
The attack and defense drill services consist of four phases:
1. In the preparation phase, we conduct preliminary research, including network architecture inspection, network environment research, traffic threat analysis, rule and process preparation, and defense organization development.
2. During the remediation phase, CMHK will first test and harden the entire network environment to fully prepare for the subsequent attack and defense phases. Key activities include: internet asset scanning, vulnerability scanning, penetration testing, security baseline/configuration checks, high-risk policy checks, security awareness training, phishing drills, and security device deployment and hardening.
3. During the attack and defense phases, the Red Team will conduct simulated attacks based on real-world scenarios; while the Blue Team will defend the infrastructure, either on-site or remotely. The frontline 24/7 monitoring team and the second-line security analysis team will collaborate to conduct real-time detection, emergency response, protection verification, and threat attribution.
4. During the summary phase, CMHK will review the drill results and provide a detailed report with improvement recommendations. Based on this report, remediation plans and long-term protection strategies will be provided to ensure the continuous optimization and improvement of the enterprise's security capabilities.
Read Details
1. Simulated attack: Red Team testing based on real-world attack methods;
2. Defense assessment: Professional blue team testing and defense capability verification;
3. Attack and defense confrontation: Comprehensive testing and drills are conducted through full-process attack and defense drills, including network protection and key security services, to enhance cybersecurity capabilities.
The attack and defense drill services consist of four phases:
1. In the preparation phase, we conduct preliminary research, including network architecture inspection, network environment research, traffic threat analysis, rule and process preparation, and defense organization development.
2. During the remediation phase, CMHK will first test and harden the entire network environment to fully prepare for the subsequent attack and defense phases. Key activities include: internet asset scanning, vulnerability scanning, penetration testing, security baseline/configuration checks, high-risk policy checks, security awareness training, phishing drills, and security device deployment and hardening.
3. During the attack and defense phases, the Red Team will conduct simulated attacks based on real-world scenarios; while the Blue Team will defend the infrastructure, either on-site or remotely. The frontline 24/7 monitoring team and the second-line security analysis team will collaborate to conduct real-time detection, emergency response, protection verification, and threat attribution.
4. During the summary phase, CMHK will review the drill results and provide a detailed report with improvement recommendations. Based on this report, remediation plans and long-term protection strategies will be provided to ensure the continuous optimization and improvement of the enterprise's security capabilities.
Read Details
Cybersecurity Management Services
Cybersecurity management services aim to provide enterprises with comprehensive, full-lifecycle cybersecurity protection and platform capacity building support.
Service Scope:
1. MDM (Mobile Device Management) Deployment Service
Focusing on the security and compliance of endpoint devices throughout their lifecycle, we provide comprehensive inventory and status tracking for enterprise device assets, and remotely configure and maintain equipment. We integrate security measures such as identity authentication, application whitelisting, and encrypted data transmission to enable personnel in specialized industries to securely and efficiently access critical business data in emergency scenarios.
2. Managed SIEM(Security Information Event Management) and SOC (Security Operations Centre) Service
Build a 24/7 security operations hub, centrally collect enterprise logs, and conduct multi-dimensional data correlation analysis based on threat intelligence. We also establish a 24/7 security monitoring system, providing real-time early warning and automated emergency response, while also supporting attack tracing and tiered response.
3. PAM (Privileged Access Management) Managed Service
Focusing on the security control of high-privileged accounts, we provide centralized management of privileged accounts, optimize access approval processes, and enable dynamic permission allocation. We also assist with the deployment of the PAM platform and generate audit logs and compliance reports.
Service Features:
1. Managed Service: This multi-module managed service eliminates the need for enterprises to invest extensive manpower in establishing an operations and maintenance team. CMHK's professional team will oversee platform deployment, daily operations, and iterative optimization, significantly lowering the threshold and cost of enterprise security operations.
2. Full-Scenario Coverage: From device management and real-time attack detection to internal permission management, we form a closed-loop defense system to meet the complex security needs of multiple industries.
Read Details
Service Scope:
1. MDM (Mobile Device Management) Deployment Service
Focusing on the security and compliance of endpoint devices throughout their lifecycle, we provide comprehensive inventory and status tracking for enterprise device assets, and remotely configure and maintain equipment. We integrate security measures such as identity authentication, application whitelisting, and encrypted data transmission to enable personnel in specialized industries to securely and efficiently access critical business data in emergency scenarios.
2. Managed SIEM(Security Information Event Management) and SOC (Security Operations Centre) Service
Build a 24/7 security operations hub, centrally collect enterprise logs, and conduct multi-dimensional data correlation analysis based on threat intelligence. We also establish a 24/7 security monitoring system, providing real-time early warning and automated emergency response, while also supporting attack tracing and tiered response.
3. PAM (Privileged Access Management) Managed Service
Focusing on the security control of high-privileged accounts, we provide centralized management of privileged accounts, optimize access approval processes, and enable dynamic permission allocation. We also assist with the deployment of the PAM platform and generate audit logs and compliance reports.
Service Features:
1. Managed Service: This multi-module managed service eliminates the need for enterprises to invest extensive manpower in establishing an operations and maintenance team. CMHK's professional team will oversee platform deployment, daily operations, and iterative optimization, significantly lowering the threshold and cost of enterprise security operations.
2. Full-Scenario Coverage: From device management and real-time attack detection to internal permission management, we form a closed-loop defense system to meet the complex security needs of multiple industries.
Read Details
Attack and Defense Drill Services
CMHK attack and defense drill services simulate real-world cyberattacks for enterprises, helping them identify security vulnerabilities in their network environments, validate their existing cybersecurity capabilities, enhance their emergency response procedures, and meet compliance requirements. Our attack and defense drill services focus on three key areas:
1. Simulated attack: Red Team testing based on real-world attack methods;
2. Defense assessment: Professional blue team testing and defense capability verification;
3. Attack and defense confrontation: Comprehensive testing and drills are conducted through full-process attack and defense drills, including network protection and key security services, to enhance cybersecurity capabilities.
The attack and defense drill services consist of four phases:
1. In the preparation phase, we conduct preliminary research, including network architecture inspection, network environment research, traffic threat analysis, rule and process preparation, and defense organization development.
2. During the remediation phase, CMHK will first test and harden the entire network environment to fully prepare for the subsequent attack and defense phases. Key activities include: internet asset scanning, vulnerability scanning, penetration testing, security baseline/configuration checks, high-risk policy checks, security awareness training, phishing drills, and security device deployment and hardening.
3. During the attack and defense phases, the Red Team will conduct simulated attacks based on real-world scenarios; while the Blue Team will defend the infrastructure, either on-site or remotely. The frontline 24/7 monitoring team and the second-line security analysis team will collaborate to conduct real-time detection, emergency response, protection verification, and threat attribution.
4. During the summary phase, CMHK will review the drill results and provide a detailed report with improvement recommendations. Based on this report, remediation plans and long-term protection strategies will be provided to ensure the continuous optimization and improvement of the enterprise's security capabilities.
Read Details
1. Simulated attack: Red Team testing based on real-world attack methods;
2. Defense assessment: Professional blue team testing and defense capability verification;
3. Attack and defense confrontation: Comprehensive testing and drills are conducted through full-process attack and defense drills, including network protection and key security services, to enhance cybersecurity capabilities.
The attack and defense drill services consist of four phases:
1. In the preparation phase, we conduct preliminary research, including network architecture inspection, network environment research, traffic threat analysis, rule and process preparation, and defense organization development.
2. During the remediation phase, CMHK will first test and harden the entire network environment to fully prepare for the subsequent attack and defense phases. Key activities include: internet asset scanning, vulnerability scanning, penetration testing, security baseline/configuration checks, high-risk policy checks, security awareness training, phishing drills, and security device deployment and hardening.
3. During the attack and defense phases, the Red Team will conduct simulated attacks based on real-world scenarios; while the Blue Team will defend the infrastructure, either on-site or remotely. The frontline 24/7 monitoring team and the second-line security analysis team will collaborate to conduct real-time detection, emergency response, protection verification, and threat attribution.
4. During the summary phase, CMHK will review the drill results and provide a detailed report with improvement recommendations. Based on this report, remediation plans and long-term protection strategies will be provided to ensure the continuous optimization and improvement of the enterprise's security capabilities.
Read Details
Cybersecurity Assessment Services
CMHK provides security assessment services, conducting comprehensive security checks on enterprise systems, networks, and applications to identify potential cybersecurity risks. Our security assessments cover internal network vulnerabilities, server/operating system vulnerabilities, wireless network vulnerabilities, source code vulnerabilities, web/mobile application vulnerabilities, security risk assessments, and audits/privacy impact assessments.
Security assessment services include vulnerability scanning and penetration testing:
1. Vulnerability scanning, based on the open CVSS (Common Vulnerability Scoring System), accurately assesses vulnerability risk levels, focuses on critical assets, prioritizes and mitigates high-risk threats, and comprehensively safeguards the security of core systems.
2. Penetration testing employs specialized techniques to uncover vulnerabilities that traditional automated scanning fails to detect, accurately identifying potential security risks and effectively preventing them before they can be exploited. We also provide detailed analysis reports and targeted remediation recommendations to comprehensively enhance system security.
Our complete service lifecycle includes six steps: defining the assessment scope, information collection, vulnerability scanning, penetration testing, risk assessment, and audit reporting. Our comprehensive security assessment services effectively identify potential risks, ensure system security, and build a more robust security protection system for enterprises.
Read Details
Security assessment services include vulnerability scanning and penetration testing:
1. Vulnerability scanning, based on the open CVSS (Common Vulnerability Scoring System), accurately assesses vulnerability risk levels, focuses on critical assets, prioritizes and mitigates high-risk threats, and comprehensively safeguards the security of core systems.
2. Penetration testing employs specialized techniques to uncover vulnerabilities that traditional automated scanning fails to detect, accurately identifying potential security risks and effectively preventing them before they can be exploited. We also provide detailed analysis reports and targeted remediation recommendations to comprehensively enhance system security.
Our complete service lifecycle includes six steps: defining the assessment scope, information collection, vulnerability scanning, penetration testing, risk assessment, and audit reporting. Our comprehensive security assessment services effectively identify potential risks, ensure system security, and build a more robust security protection system for enterprises.
Read Details
Attack and Defense Drill Services
CMHK attack and defense drill services simulate real-world cyberattacks for enterprises, helping them identify security vulnerabilities in their network environments, validate their existing cybersecurity capabilities, enhance their emergency response procedures, and meet compliance requirements. Our attack and defense drill services focus on three key areas:
1. Simulated attack: Red Team testing based on real-world attack methods;
2. Defense assessment: Professional blue team testing and defense capability verification;
3. Attack and defense confrontation: Comprehensive testing and drills are conducted through full-process attack and defense drills, including network protection and key security services, to enhance cybersecurity capabilities.
The attack and defense drill services consist of four phases:
1. In the preparation phase, we conduct preliminary research, including network architecture inspection, network environment research, traffic threat analysis, rule and process preparation, and defense organization development.
2. During the remediation phase, CMHK will first test and harden the entire network environment to fully prepare for the subsequent attack and defense phases. Key activities include: internet asset scanning, vulnerability scanning, penetration testing, security baseline/configuration checks, high-risk policy checks, security awareness training, phishing drills, and security device deployment and hardening.
3. During the attack and defense phases, the Red Team will conduct simulated attacks based on real-world scenarios; while the Blue Team will defend the infrastructure, either on-site or remotely. The frontline 24/7 monitoring team and the second-line security analysis team will collaborate to conduct real-time detection, emergency response, protection verification, and threat attribution.
4. During the summary phase, CMHK will review the drill results and provide a detailed report with improvement recommendations. Based on this report, remediation plans and long-term protection strategies will be provided to ensure the continuous optimization and improvement of the enterprise's security capabilities.
Read Details
1. Simulated attack: Red Team testing based on real-world attack methods;
2. Defense assessment: Professional blue team testing and defense capability verification;
3. Attack and defense confrontation: Comprehensive testing and drills are conducted through full-process attack and defense drills, including network protection and key security services, to enhance cybersecurity capabilities.
The attack and defense drill services consist of four phases:
1. In the preparation phase, we conduct preliminary research, including network architecture inspection, network environment research, traffic threat analysis, rule and process preparation, and defense organization development.
2. During the remediation phase, CMHK will first test and harden the entire network environment to fully prepare for the subsequent attack and defense phases. Key activities include: internet asset scanning, vulnerability scanning, penetration testing, security baseline/configuration checks, high-risk policy checks, security awareness training, phishing drills, and security device deployment and hardening.
3. During the attack and defense phases, the Red Team will conduct simulated attacks based on real-world scenarios; while the Blue Team will defend the infrastructure, either on-site or remotely. The frontline 24/7 monitoring team and the second-line security analysis team will collaborate to conduct real-time detection, emergency response, protection verification, and threat attribution.
4. During the summary phase, CMHK will review the drill results and provide a detailed report with improvement recommendations. Based on this report, remediation plans and long-term protection strategies will be provided to ensure the continuous optimization and improvement of the enterprise's security capabilities.
Read Details
| Year Founded | 1994 |
| Size of Technical Team | 30 |
| Total Company Size | 1904 |
| Website | https://www.hk.chinamobile.com |
| LinkedIn Page | https://www.linkedin.com/company/china-mobile-hong-kong |
| Facebook Page | https://www.facebook.com/ChinaMobileHK |
China Mobile Hong Kong Company Limited (CMHK), a wholly-owned subsidiary of China Mobile Limited, ranks 55th on the Fortune Global 500 list. As the largest network operator in Hong Kong, CMHK drives digital and intelligent development through its Cybersecurity Center, offering comprehensive network security solutions and a multi-layered defense system. The center integrates threat detection, data protection, and identity management, while providing tailored security services to meet industry-specific needs.
Supported by an experienced local security team, the Cybersecurity Center specializes in attack-defense simulations, threat analysis, and security operations. With extensive expertise and multiple international certifications, it has become a trusted leader in cybersecurity. Since 2021, CMHK has operated a Security Operations Center (SOC) in Hong Kong, certified under ISO/IEC 27001:2022. In 2023, CMHK earned the "Outstanding Enterprise Impact Award in Cybersecurity," underscoring its excellence and influence in the field.
Cybersecurity Awareness Training
CMHK provides cybersecurity awareness training services designed to enhance security risk awareness among all employees and managers, equipping target participants with the knowledge to protect our clients from cyberthreats.
Service Scope:
1. Customized Course Planning: Based on the results of phishing drills (if conducted) and relevant information, we will jointly discuss and determine the course content and implementation arrangements, covering common cybersecurity awareness topics, recommended cyberthreat introductions, course delivery methods, participant lists, and scheduling.
2. Diversified Training Implementation: Customized training can be conducted online or offline, with embedded testing to verify learning outcomes.
3. Comprehensive Delivery: After the training is completed, attendance forms, training and testing materials, visual training and test results, and training recordings* will be provided. A review meeting will also be held to jointly summarize the overall training effectiveness and provide recommendations based on the assessed overall cybersecurity awareness level.
Service Features:
1. Customized and Diversified Training Model: Based on actual customer needs, we offer flexible online and offline teaching options. Training topics are intelligently customized based on different tiers, such as management and frontline employees. We also support monthly and annual ongoing training plans, or offer token-based training services.
2. Targeted, Tiered Training Coverage: Each training session includes at least three sessions tailored to specific personnel. For management, CMHK managers will analyze cybersecurity governance logic from a management perspective and share awareness-raising strategies based on recent hot cybersecurity topics. For frontline employees, we focus on general cybersecurity awareness, supplemented by technical analysis and defense recommendations for traditional attack methods. For those who failed phishing drills, we provide specialized courses on phishing prevention.
CMHK's cybersecurity awareness training service emphasizes "human security capacity building". Through tiered empowerment, we strengthen employees' compliance awareness and cybersecurity literacy, systematically mitigating risks at the source and supporting the company's stable development.
Read Details
Service Scope:
1. Customized Course Planning: Based on the results of phishing drills (if conducted) and relevant information, we will jointly discuss and determine the course content and implementation arrangements, covering common cybersecurity awareness topics, recommended cyberthreat introductions, course delivery methods, participant lists, and scheduling.
2. Diversified Training Implementation: Customized training can be conducted online or offline, with embedded testing to verify learning outcomes.
3. Comprehensive Delivery: After the training is completed, attendance forms, training and testing materials, visual training and test results, and training recordings* will be provided. A review meeting will also be held to jointly summarize the overall training effectiveness and provide recommendations based on the assessed overall cybersecurity awareness level.
Service Features:
1. Customized and Diversified Training Model: Based on actual customer needs, we offer flexible online and offline teaching options. Training topics are intelligently customized based on different tiers, such as management and frontline employees. We also support monthly and annual ongoing training plans, or offer token-based training services.
2. Targeted, Tiered Training Coverage: Each training session includes at least three sessions tailored to specific personnel. For management, CMHK managers will analyze cybersecurity governance logic from a management perspective and share awareness-raising strategies based on recent hot cybersecurity topics. For frontline employees, we focus on general cybersecurity awareness, supplemented by technical analysis and defense recommendations for traditional attack methods. For those who failed phishing drills, we provide specialized courses on phishing prevention.
CMHK's cybersecurity awareness training service emphasizes "human security capacity building". Through tiered empowerment, we strengthen employees' compliance awareness and cybersecurity literacy, systematically mitigating risks at the source and supporting the company's stable development.
Read Details
Attack and Defense Drill Services
CMHK attack and defense drill services simulate real-world cyberattacks for enterprises, helping them identify security vulnerabilities in their network environments, validate their existing cybersecurity capabilities, enhance their emergency response procedures, and meet compliance requirements. Our attack and defense drill services focus on three key areas:
1. Simulated attack: Red Team testing based on real-world attack methods;
2. Defense assessment: Professional blue team testing and defense capability verification;
3. Attack and defense confrontation: Comprehensive testing and drills are conducted through full-process attack and defense drills, including network protection and key security services, to enhance cybersecurity capabilities.
The attack and defense drill services consist of four phases:
1. In the preparation phase, we conduct preliminary research, including network architecture inspection, network environment research, traffic threat analysis, rule and process preparation, and defense organization development.
2. During the remediation phase, CMHK will first test and harden the entire network environment to fully prepare for the subsequent attack and defense phases. Key activities include: internet asset scanning, vulnerability scanning, penetration testing, security baseline/configuration checks, high-risk policy checks, security awareness training, phishing drills, and security device deployment and hardening.
3. During the attack and defense phases, the Red Team will conduct simulated attacks based on real-world scenarios; while the Blue Team will defend the infrastructure, either on-site or remotely. The frontline 24/7 monitoring team and the second-line security analysis team will collaborate to conduct real-time detection, emergency response, protection verification, and threat attribution.
4. During the summary phase, CMHK will review the drill results and provide a detailed report with improvement recommendations. Based on this report, remediation plans and long-term protection strategies will be provided to ensure the continuous optimization and improvement of the enterprise's security capabilities.
Read Details
1. Simulated attack: Red Team testing based on real-world attack methods;
2. Defense assessment: Professional blue team testing and defense capability verification;
3. Attack and defense confrontation: Comprehensive testing and drills are conducted through full-process attack and defense drills, including network protection and key security services, to enhance cybersecurity capabilities.
The attack and defense drill services consist of four phases:
1. In the preparation phase, we conduct preliminary research, including network architecture inspection, network environment research, traffic threat analysis, rule and process preparation, and defense organization development.
2. During the remediation phase, CMHK will first test and harden the entire network environment to fully prepare for the subsequent attack and defense phases. Key activities include: internet asset scanning, vulnerability scanning, penetration testing, security baseline/configuration checks, high-risk policy checks, security awareness training, phishing drills, and security device deployment and hardening.
3. During the attack and defense phases, the Red Team will conduct simulated attacks based on real-world scenarios; while the Blue Team will defend the infrastructure, either on-site or remotely. The frontline 24/7 monitoring team and the second-line security analysis team will collaborate to conduct real-time detection, emergency response, protection verification, and threat attribution.
4. During the summary phase, CMHK will review the drill results and provide a detailed report with improvement recommendations. Based on this report, remediation plans and long-term protection strategies will be provided to ensure the continuous optimization and improvement of the enterprise's security capabilities.
Read Details
Cybersecurity Management Services
Cybersecurity management services aim to provide enterprises with comprehensive, full-lifecycle cybersecurity protection and platform capacity building support.
Service Scope:
1. MDM (Mobile Device Management) Deployment Service
Focusing on the security and compliance of endpoint devices throughout their lifecycle, we provide comprehensive inventory and status tracking for enterprise device assets, and remotely configure and maintain equipment. We integrate security measures such as identity authentication, application whitelisting, and encrypted data transmission to enable personnel in specialized industries to securely and efficiently access critical business data in emergency scenarios.
2. Managed SIEM(Security Information Event Management) and SOC (Security Operations Centre) Service
Build a 24/7 security operations hub, centrally collect enterprise logs, and conduct multi-dimensional data correlation analysis based on threat intelligence. We also establish a 24/7 security monitoring system, providing real-time early warning and automated emergency response, while also supporting attack tracing and tiered response.
3. PAM (Privileged Access Management) Managed Service
Focusing on the security control of high-privileged accounts, we provide centralized management of privileged accounts, optimize access approval processes, and enable dynamic permission allocation. We also assist with the deployment of the PAM platform and generate audit logs and compliance reports.
Service Features:
1. Managed Service: This multi-module managed service eliminates the need for enterprises to invest extensive manpower in establishing an operations and maintenance team. CMHK's professional team will oversee platform deployment, daily operations, and iterative optimization, significantly lowering the threshold and cost of enterprise security operations.
2. Full-Scenario Coverage: From device management and real-time attack detection to internal permission management, we form a closed-loop defense system to meet the complex security needs of multiple industries.
Read Details
Service Scope:
1. MDM (Mobile Device Management) Deployment Service
Focusing on the security and compliance of endpoint devices throughout their lifecycle, we provide comprehensive inventory and status tracking for enterprise device assets, and remotely configure and maintain equipment. We integrate security measures such as identity authentication, application whitelisting, and encrypted data transmission to enable personnel in specialized industries to securely and efficiently access critical business data in emergency scenarios.
2. Managed SIEM(Security Information Event Management) and SOC (Security Operations Centre) Service
Build a 24/7 security operations hub, centrally collect enterprise logs, and conduct multi-dimensional data correlation analysis based on threat intelligence. We also establish a 24/7 security monitoring system, providing real-time early warning and automated emergency response, while also supporting attack tracing and tiered response.
3. PAM (Privileged Access Management) Managed Service
Focusing on the security control of high-privileged accounts, we provide centralized management of privileged accounts, optimize access approval processes, and enable dynamic permission allocation. We also assist with the deployment of the PAM platform and generate audit logs and compliance reports.
Service Features:
1. Managed Service: This multi-module managed service eliminates the need for enterprises to invest extensive manpower in establishing an operations and maintenance team. CMHK's professional team will oversee platform deployment, daily operations, and iterative optimization, significantly lowering the threshold and cost of enterprise security operations.
2. Full-Scenario Coverage: From device management and real-time attack detection to internal permission management, we form a closed-loop defense system to meet the complex security needs of multiple industries.
Read Details
Attack and Defense Drill Services
CMHK attack and defense drill services simulate real-world cyberattacks for enterprises, helping them identify security vulnerabilities in their network environments, validate their existing cybersecurity capabilities, enhance their emergency response procedures, and meet compliance requirements. Our attack and defense drill services focus on three key areas:
1. Simulated attack: Red Team testing based on real-world attack methods;
2. Defense assessment: Professional blue team testing and defense capability verification;
3. Attack and defense confrontation: Comprehensive testing and drills are conducted through full-process attack and defense drills, including network protection and key security services, to enhance cybersecurity capabilities.
The attack and defense drill services consist of four phases:
1. In the preparation phase, we conduct preliminary research, including network architecture inspection, network environment research, traffic threat analysis, rule and process preparation, and defense organization development.
2. During the remediation phase, CMHK will first test and harden the entire network environment to fully prepare for the subsequent attack and defense phases. Key activities include: internet asset scanning, vulnerability scanning, penetration testing, security baseline/configuration checks, high-risk policy checks, security awareness training, phishing drills, and security device deployment and hardening.
3. During the attack and defense phases, the Red Team will conduct simulated attacks based on real-world scenarios; while the Blue Team will defend the infrastructure, either on-site or remotely. The frontline 24/7 monitoring team and the second-line security analysis team will collaborate to conduct real-time detection, emergency response, protection verification, and threat attribution.
4. During the summary phase, CMHK will review the drill results and provide a detailed report with improvement recommendations. Based on this report, remediation plans and long-term protection strategies will be provided to ensure the continuous optimization and improvement of the enterprise's security capabilities.
Read Details
1. Simulated attack: Red Team testing based on real-world attack methods;
2. Defense assessment: Professional blue team testing and defense capability verification;
3. Attack and defense confrontation: Comprehensive testing and drills are conducted through full-process attack and defense drills, including network protection and key security services, to enhance cybersecurity capabilities.
The attack and defense drill services consist of four phases:
1. In the preparation phase, we conduct preliminary research, including network architecture inspection, network environment research, traffic threat analysis, rule and process preparation, and defense organization development.
2. During the remediation phase, CMHK will first test and harden the entire network environment to fully prepare for the subsequent attack and defense phases. Key activities include: internet asset scanning, vulnerability scanning, penetration testing, security baseline/configuration checks, high-risk policy checks, security awareness training, phishing drills, and security device deployment and hardening.
3. During the attack and defense phases, the Red Team will conduct simulated attacks based on real-world scenarios; while the Blue Team will defend the infrastructure, either on-site or remotely. The frontline 24/7 monitoring team and the second-line security analysis team will collaborate to conduct real-time detection, emergency response, protection verification, and threat attribution.
4. During the summary phase, CMHK will review the drill results and provide a detailed report with improvement recommendations. Based on this report, remediation plans and long-term protection strategies will be provided to ensure the continuous optimization and improvement of the enterprise's security capabilities.
Read Details
Cybersecurity Assessment Services
CMHK provides security assessment services, conducting comprehensive security checks on enterprise systems, networks, and applications to identify potential cybersecurity risks. Our security assessments cover internal network vulnerabilities, server/operating system vulnerabilities, wireless network vulnerabilities, source code vulnerabilities, web/mobile application vulnerabilities, security risk assessments, and audits/privacy impact assessments.
Security assessment services include vulnerability scanning and penetration testing:
1. Vulnerability scanning, based on the open CVSS (Common Vulnerability Scoring System), accurately assesses vulnerability risk levels, focuses on critical assets, prioritizes and mitigates high-risk threats, and comprehensively safeguards the security of core systems.
2. Penetration testing employs specialized techniques to uncover vulnerabilities that traditional automated scanning fails to detect, accurately identifying potential security risks and effectively preventing them before they can be exploited. We also provide detailed analysis reports and targeted remediation recommendations to comprehensively enhance system security.
Our complete service lifecycle includes six steps: defining the assessment scope, information collection, vulnerability scanning, penetration testing, risk assessment, and audit reporting. Our comprehensive security assessment services effectively identify potential risks, ensure system security, and build a more robust security protection system for enterprises.
Read Details
Security assessment services include vulnerability scanning and penetration testing:
1. Vulnerability scanning, based on the open CVSS (Common Vulnerability Scoring System), accurately assesses vulnerability risk levels, focuses on critical assets, prioritizes and mitigates high-risk threats, and comprehensively safeguards the security of core systems.
2. Penetration testing employs specialized techniques to uncover vulnerabilities that traditional automated scanning fails to detect, accurately identifying potential security risks and effectively preventing them before they can be exploited. We also provide detailed analysis reports and targeted remediation recommendations to comprehensively enhance system security.
Our complete service lifecycle includes six steps: defining the assessment scope, information collection, vulnerability scanning, penetration testing, risk assessment, and audit reporting. Our comprehensive security assessment services effectively identify potential risks, ensure system security, and build a more robust security protection system for enterprises.
Read Details
Attack and Defense Drill Services
CMHK attack and defense drill services simulate real-world cyberattacks for enterprises, helping them identify security vulnerabilities in their network environments, validate their existing cybersecurity capabilities, enhance their emergency response procedures, and meet compliance requirements. Our attack and defense drill services focus on three key areas:
1. Simulated attack: Red Team testing based on real-world attack methods;
2. Defense assessment: Professional blue team testing and defense capability verification;
3. Attack and defense confrontation: Comprehensive testing and drills are conducted through full-process attack and defense drills, including network protection and key security services, to enhance cybersecurity capabilities.
The attack and defense drill services consist of four phases:
1. In the preparation phase, we conduct preliminary research, including network architecture inspection, network environment research, traffic threat analysis, rule and process preparation, and defense organization development.
2. During the remediation phase, CMHK will first test and harden the entire network environment to fully prepare for the subsequent attack and defense phases. Key activities include: internet asset scanning, vulnerability scanning, penetration testing, security baseline/configuration checks, high-risk policy checks, security awareness training, phishing drills, and security device deployment and hardening.
3. During the attack and defense phases, the Red Team will conduct simulated attacks based on real-world scenarios; while the Blue Team will defend the infrastructure, either on-site or remotely. The frontline 24/7 monitoring team and the second-line security analysis team will collaborate to conduct real-time detection, emergency response, protection verification, and threat attribution.
4. During the summary phase, CMHK will review the drill results and provide a detailed report with improvement recommendations. Based on this report, remediation plans and long-term protection strategies will be provided to ensure the continuous optimization and improvement of the enterprise's security capabilities.
Read Details
1. Simulated attack: Red Team testing based on real-world attack methods;
2. Defense assessment: Professional blue team testing and defense capability verification;
3. Attack and defense confrontation: Comprehensive testing and drills are conducted through full-process attack and defense drills, including network protection and key security services, to enhance cybersecurity capabilities.
The attack and defense drill services consist of four phases:
1. In the preparation phase, we conduct preliminary research, including network architecture inspection, network environment research, traffic threat analysis, rule and process preparation, and defense organization development.
2. During the remediation phase, CMHK will first test and harden the entire network environment to fully prepare for the subsequent attack and defense phases. Key activities include: internet asset scanning, vulnerability scanning, penetration testing, security baseline/configuration checks, high-risk policy checks, security awareness training, phishing drills, and security device deployment and hardening.
3. During the attack and defense phases, the Red Team will conduct simulated attacks based on real-world scenarios; while the Blue Team will defend the infrastructure, either on-site or remotely. The frontline 24/7 monitoring team and the second-line security analysis team will collaborate to conduct real-time detection, emergency response, protection verification, and threat attribution.
4. During the summary phase, CMHK will review the drill results and provide a detailed report with improvement recommendations. Based on this report, remediation plans and long-term protection strategies will be provided to ensure the continuous optimization and improvement of the enterprise's security capabilities.
Read Details
I want to leave feedback for this company