International Money Flow
SERVICES

Four services, in detail

We do four things, deliberately. Each is described below in the same shape: scope, deliverables, cadence, and engagement model. If a piece of work falls outside these four, we will say so and refer you on.

01 / 04

Threat intelligence

Curated threat intelligence for vulnerabilities and active campaigns affecting payment, settlement, and treasury infrastructure. Sourced, graded, and timestamped — not branded reports.

Service detail
Cadence
Same-day for new validated indicators; weekly digest
Deliverables
Curated advisory feed, indicators of compromise, Sigma + YARA rules, scoped briefings
Scope
Vulnerabilities and operations affecting financial-sector technology stacks
Engagement
Annual subscription with quarterly review
Channels
Signed RSS, encrypted email digest, on-platform export to STIX 2.1
Confidence
Stated in IC analytic terms (low / moderate / high / not assessed)
02 / 04

Detection engineering

Detections written to your stack, tuned against your telemetry, validated with adversary emulation. We ship one shippable detection per sprint with the runbook your analysts will actually use.

Service detail
Cadence
Two- to six-week sprints
Deliverables
Detection content (SIEM, XDR, EDR), telemetry source mapping, validation harness, analyst runbook
Scope
Existing telemetry by default; new sources by agreement
Engagement model
Discovery → scope → build → validate → handover
Validation
Atomic Red Team-style emulation against the detection before handover
Quality bar
False-positive rate quoted up front; alert volume sized to the team that will triage it
03 / 04

Incident response

Retainer-based incident response for financial institutions. We work the technical containment and the regulatory clock in parallel, because a breach inside a regulated institution is two crises sharing one phone line.

Service detail
Acknowledgement
30 minutes during retainer hours; 60 minutes outside
First analyst
On the bridge within 2 hours
Coverage
24 / 7, including coordinated-disclosure escalations
Deliverables
Forensic timeline, containment plan, regulator briefing, post-incident review
Engagement
Annual retainer (banked hours) or ad-hoc with priority-queue placement for retainer customers
Scope
Active incidents; tabletop exercises and runbook reviews drawn from retainer hours
04 / 04

Security engineering

Architecture review, control implementation, and infrastructure-as-code contributions for the systems your customers depend on. We build to your stack and your repository, not ours.

Service detail
Cadence
Four- to twelve-week project engagements
Deliverables
Architecture review, IaC pull requests, secure-by-default templates, on-call runbooks, ADRs
Scope
Specified systems and integrations, agreed in writing before the engagement starts
Engagement model
Discovery → scope → engagement → reporting → remediation
Pricing
Time and materials, weekly burn-down report
Code quality
PRs against your repos; review process is whatever you already use
WORKING WITH US

How an engagement runs

Engagements move through five phases. The same shape applies to subscriptions, retainers, and project work. The phases are not calendar-fixed; they are gates, and we do not advance to the next one without the work of the previous one being done.

  1. 01

    Discovery

    A short series of conversations with the people who own the systems we will work on. Output: a problem statement we can both sign.

  2. 02

    Scope

    A written statement of work — systems in scope, systems explicitly out of scope, deliverables, timeline, named engineers, and the price.

  3. 03

    Engagement

    Work runs against the agreed scope. Daily progress notes; weekly burn-down. Material findings escalate to a working bridge inside an hour, not a week.

  4. 04

    Reporting

    A single document, written for the people who will act on it. We default to plain prose with embedded code, not slide decks. Auditors and engineers should both find it useful.

  5. 05

    Remediation

    Time-boxed support after delivery for follow-up questions, regression checks, and one round of revisions to deliverables based on real operational use.