Predict tomorrow.
Protect today.
Swiss Intelligence · Proactive by Design
Our Approach
Proactive by design
We engage the adversary as early as their operation allows: while infrastructure is still staging (SENTINEL), as the routes form (HARBINGER), and the moment they cross your perimeter (VANGUARD). Your existing stack takes over from there.
Signal, not noise
A leaked credential is a datapoint. A deduplicated, attributed list is information. The one route it opens to your crown jewels is intelligence, and only the last is worth your time.
The adversary's eye view
We map your estate the way an operator reads it, from outside the perimeter and from inside it: which identities they would reuse, which paths they would walk. Not a vulnerability list; the route.
Analysts, not just algorithms
Every finding is read by an analyst and validated against your real environment before it reaches you. Patient, specific, one line you can defend.
Managed Services
SENTINEL
Preemptive Threat Intelligence
Every targeted attack is staged before it lands. SENTINEL finds that infrastructure during the staging phase and flags it before any of it is ever used against you.
Read moreHARBINGER
Managed Attack Path Intelligence
HARBINGER connects what your other tools see separately into the actual path an attacker would walk to your crown jewels: leaked identities, exposed surface, and the routes that link them, validated against your real environment.
Read moreVANGUARD
Sovereign Treuhand Adversary Engagement
VANGUARD plants instrumented terrain along the paths an operator would walk inside your estate. The moment they touch it, CICS reads every step and hands you finished intelligence, operated as your sovereign custodian with nothing for you to staff.
Read moreHELVETIC SHIELD
DACH Perimeter Intelligence Community
Helvetic Shield pools perimeter-threat data across DACH organisations: members host research pods at their edge, CICS operates and curates the pool, and the intelligence flows back to every member.
Read moreBespoke Engagements
Beyond managed services, we conduct tailored engagements scoped to your environment, your threat model, and your operational constraints. We get our hands dirty.
- Defence Validation — reproduce real adversary behaviour in your environment under controlled conditions. Deliver validated detection rules and the custom tooling used — yours to keep.
- Detection Engineering — custom detection rules built for your stack, your threat landscape, and your telemetry. Not generic templates — tested against real attack patterns.
- Custom Intelligence Analysis — deep-dive investigations into specific threats: ransomware leak exposure, supply chain compromise assessment, credential cascade analysis, sector-specific threat actor profiling.
References available on request under NDA. Start a conversation to discuss scope.
Sectors
We operate in regulated and contested environments across Central Europe. Our services align with NIS2, KRITIS, and sector-specific regulatory frameworks.
Who We Are
We do not publish names or photographs. The nature of our work requires discretion. What we can share:
Our analysts and engineers come from backgrounds in national security, military cyber operations, critical infrastructure defence, and threat intelligence.
We welcome security audits of our infrastructure and operations. DPA and NDA available on request.
Get in Touch
Engagements begin with a conversation. No sales decks, no demos on demand — we discuss whether there is a fit.
Direct
Security
Address
Grabenstrasse 15a
6340 Baar, Switzerland