Managed Counter Intelligence Services
Predict tomorrow.
Protect today.
CICS provides managed counter-intelligence services for entities operating in contested environments. Engagements are bespoke, long-term, and conducted with a low public profile.
Swiss Intelligence · Proactive by Design
Our Approach
On-Premises First
Your data never leaves your infrastructure. Full platform deployment on your own systems — zero external data transfer, zero cloud dependencies, zero CLOUD Act exposure.
Swiss Sovereign
Headquartered in Baar, Switzerland. All operations under Swiss jurisdiction. When hosted by us, your data resides at The Rock, Lucerne — not on a hyperscaler.
We Build, Not Resell
Engineers who build security tooling, not vendors selling off-the-shelf products. Custom integrations and dedicated engineering capacity included in every engagement.
No Vendor Lock-In
Audit our platform code. Export playbooks as YAML and Python. Export data in STIX, JSON, CSV — anytime. No proprietary traps. Walk away cleanly if we don't deliver.
Managed Services
Three managed counter-intelligence services across the adversary's preparation and engagement lifecycle, plus one DACH perimeter-intelligence community.
SENTINEL
Preemptive Threat Intelligence
Pre-disclosure records of adversary staging infrastructure — command-and-control, phishing, payload, access-broker — delivered via SENTINEL Edge inside your environment. Three delivery shapes, three deployment modes including fully-offline Sovereign.
Read moreHARBINGER
Managed Attack Path Intelligence
Identity, Exposure and Spectre. Underground collection, continuous external evaluation, and on-site attack-path mapping — condensed into finished intelligence, analyst-validated against your real environment.
Read moreVANGUARD
Sovereign Treuhand Adversary Engagement
A sensor network CICS deploys and operates inside your estate, placed against the attack paths the engagement maps. Briefings with attached detection content — Sigma, YARA, SIEM, IDS — built from what an adversary actually did.
Read moreHELVETIC SHIELD
DACH Perimeter Intelligence Community
Members host research pods at their internet edge, CICS operates the platform and curates the pool, intelligence flows back to every Member. Sibling to VANGUARD — same Sovereign Treuhand operating philosophy, applied at the perimeter.
Read moreBespoke Engagements
Beyond managed services, we conduct tailored engagements scoped to your environment, your threat model, and your operational constraints. We get our hands dirty.
- Defence Validation — reproduce real adversary behaviour in your environment under controlled conditions. Deliver validated detection rules and the custom tooling used — yours to keep.
- Detection Engineering — custom detection rules built for your stack, your threat landscape, and your telemetry. Not generic templates — tested against real attack patterns.
- Custom Intelligence Analysis — deep-dive investigations into specific threats: ransomware leak exposure, supply chain compromise assessment, credential cascade analysis, sector-specific threat actor profiling.
References available on request under NDA. Start a conversation to discuss scope.
Sectors
We operate in regulated and contested environments across Central Europe. Our services align with NIS2, KRITIS, and sector-specific regulatory frameworks.
Who We Are
We do not publish names or photographs. The nature of our work requires discretion. What we can share:
Our analysts and engineers come from backgrounds in national security, military cyber operations, critical infrastructure defence, and threat intelligence.
We welcome security audits of our infrastructure and operations. DPA and NDA available on request.
Get in Touch
Engagements begin with a conversation. No sales decks, no demos on demand — we discuss whether there is a fit.
Direct
Intelligence
Security
Address
Grabenstrasse 15a
6340 Baar, Switzerland