Managed Counter Intelligence Services

We start where
your SOC ends.

CICS provides managed counter-intelligence services for entities operating in contested environments. Engagements are bespoke, long-term, and conducted with a low public profile.

Hunt Expose Deceive Investigate

Our Approach

On-Premises First

Your data never leaves your infrastructure. Full platform deployment on your own systems — zero external data transfer, zero cloud dependencies, zero CLOUD Act exposure.

Swiss Sovereign

Headquartered in Baar, Switzerland. All operations under Swiss jurisdiction. When hosted by us, your data resides at The Rock, Lucerne — not on a hyperscaler.

We Build, Not Resell

Engineers who build security tooling, not vendors selling off-the-shelf products. Custom integrations and dedicated engineering capacity included in every engagement.

No Vendor Lock-In

Audit our platform code. Export playbooks as YAML and Python. Export data in STIX, JSON, CSV — anytime. No proprietary traps. Walk away cleanly if we don't deliver.

Managed Services

Three analyst-driven services. Continuous. Proactive. Delivered on our own platform.

SENTINEL

Preemptive C2 Intelligence & Threat Hunting

Detects command-and-control infrastructure during the staging phase — before it goes operational. We deliver Indicators of Future Compromise: what is about to happen, not what already did.

HARBINGER

Exposure & Identity Intelligence

A leaked credential is a data point. That credential mapped against your AD topology, privilege escalation paths, and external services — that is actionable intelligence showing blast radius.

VANGUARD

Adversary Engagement & Deception

High-fidelity deception environments inside your network. Decoys have no legitimate purpose — any interaction is hostile. Detection is binary, noise is near-zero after tuning.

Bespoke Engagements

Beyond managed services, we conduct tailored engagements scoped to your environment, your threat model, and your operational constraints. We get our hands dirty.

  • Defence Validation — reproduce real adversary behaviour in your environment under controlled conditions. Deliver validated detection rules and the custom tooling used — yours to keep.
  • Detection Engineering — custom detection rules built for your stack, your threat landscape, and your telemetry. Not generic templates — tested against real attack patterns.
  • Custom Intelligence Analysis — deep-dive investigations into specific threats: ransomware leak exposure, supply chain compromise assessment, credential cascade analysis, sector-specific threat actor profiling.

References available on request under NDA. Start a conversation to discuss scope.

Sectors

We operate in regulated and contested environments across Central Europe. Our services align with NIS2, KRITIS, and sector-specific regulatory frameworks.

Energy & Utilities
Government
Aviation
Critical Infrastructure

Who We Are

We do not publish names or photographs. The nature of our work requires discretion. What we can share:

Since 2020 Operating continuously
Swiss Operations & data residency
CTI Core disciplines
Operator-led Practitioners, not consultants

Our analysts and engineers come from backgrounds in national security, military cyber operations, critical infrastructure defence, and threat intelligence.

We welcome security audits of our infrastructure and operations. DPA and NDA available on request.

Get in Touch

Engagements begin with a conversation. No sales decks, no demos on demand — we discuss whether there is a fit.

Your data is processed under Swiss jurisdiction. See our privacy policy.

Direct

Intelligence

Security

Address

Grabenstrasse 15a
6340 Baar, Switzerland