Secure your company email with Xione's Secure Mail technology

CEO Fraud using social engineering and phishing techniques is a rapidly growing scam that can be highly effective in certain instances - and no company is too small or too large to target. The techniques have become so sophisticated that long-term spam fighter Neil Schwartzman, Executive Director of, stated at the World Hosting Day in Singapore recently: "User training cannot be expected to prepare staff to detect phishing emails".

Xione is now able to offer a technology-based solution using industry scanners and proprietary SmartRules® that allow full oversight and control of inbound and outbound mail.

SmartRules® provides you with the tools to block, identify and isolate spurious emails that appear to originate from high level executives - emails that have been carefully engineered to convince staff they have been sent by company executives to authorise payments or the release of confidential information and data. In 2015 one Singapore Company received two such "spear-phishing" attacks every month for nine consecutive months.

Phishing is a term that describes sending email to a wide group of users, with the purpose of tricking them into clicking on a link, or revealing personal information. Spear-phishing and Whaling are forms of targeted email phishing attacks, whereby a combination of social engineering and email spoofing techniques are used to steal money or confidential information from businesses - deception that is becoming increasingly prevalent. What is critical to understand about spear-phishing and whaling is that it does not typically involve hacking into an organisation's email network or require insider knowledge. Nor does it typically involve viruses and thus cannot be prevented by email virus filters. People are being duped by spear-phishing every day.

Xione SmartRules® allow

1. The creation of rules for both ingoing and outgoing mail, customised to your business needs
2. Confidential company information to be blocked in text or attachments
3. The creation of customised rules specifically to prevent spear-phishing and whaling attacks
4. Identification of the age of a domain; email from new domains can be quarantined
5. Identification of abnormalities through comparison between an individual's normal email receiving profile and incoming email patterns
6. Specific rules to protect potential phishing targets within the company
7. Use of allowed email lists that can be used exclusively by phishing targets

The Secure Mail whaling module relies heavily on email header inspection. This feature of SmartRules® allows customers to restrict the number of addresses from which senior executives (i.e. whales) are able to send email. The SmartRules® whaling module looks for emails that are spoofing (forging) nominated executive names and if the reply-to or from headers donít originate from allowed addresses it sidelines or rejects the email.

If you'd like more information on Xione's Secure Mail and how it can protect your business, please call us on +65 6610-3488

Cyber Security Assessment

A critical review and understanding of your Information Communication Technology (ICT) management to improve security, reduce congestion and limit the effects of a compromised internal network. Technical and physical search of selected offices to identify issues.

Digital Computer Forensics (CF)

Computer Forensics - Collection - Qualified trained staff to collect and preserve data - Processing - De-duplicating, culling, De-NIST - Searching - Extraction of internet evidence / email / social networks / logical data - Production - Export of searches / responsive data in a readable format - Hosting Review - Document review platform, Xione Document Review Platform (X-DRP) - Tools - EnCase, X-Ways, FTK, Processing through NUIX and Intella.

eDiscovery Services & Paper Discovery

E-Discovery Services - Collection - Structured or un-structured data - Processing - De-duplicating, culling, De-NIST - Hosting and Review - Xione Document Review Platform (X-DRP)

Document collection - Onsite or offsite digitization and evidence coding/indexing of documents. The process includes document scanning, document delimiting/unitization, Optical Character Recognition (OCR, includes CJK) and bibliographic coding.

Governance, Risk and Compliance Consulting (GRC)

Governance, Risk and Compliance Consulting - Manage - Control compliance with a variety of industry, regulatory and other compliance requirements - Control - Wide range of corporate and technical risks. Establishment of Information Security Management System - Establishment of IT Service Management System - Revamp of Security Incident Management - Privacy Impact Assessment.

Investigations - Corporate and Social Networks

Internal Investigations - Preparation and investigative steps in fraud examination / Legal elements and requirements / Collecting and managing documents paper and electronic / Social network investigations / Conducting interviews witnesses and suspects / Concluding the investigation.

Advanced Social Network Investigations: Identify social networks, Identify personal vulnerabilities and profiles. Collection of background information and evidence from social networks about individuals.

Business Intelligence Services (BIS)

Protection - securing company assets. Screening - employee and company due diligence; surveillance and operation; data privacy protection; surveys and market research. Xione acts as the preferred investigator for several leading US Corporations in the protection of IPR. For many years we have been retained by US and European partners, governmental departments and global investment companies to handle FCPA compliance and investigative due diligence checks.

We focus on Hong Kong and China, Vietnam, Malaysia and Singapore.

For more information go to our BIS page

Technical Surveillance Counter Measures (TSCM)

Xione is the Registered Audiotel International Dealer Distributor for Singapore, Hong Kong and Macau. Audiotel International is Europe's leading manufacturer of Technical Surveillance Counter Measures equipment. Xione employs UK government trained personnel and is fully licensed to operate as a Registered Security Service Provider. Licenses are current and issued by the Security Industry Regulatory Department (SIRD) of the Singapore Police Force and iDA Telecommunication Authority for the supply of TSCM services and equipment sales in Singapore and Hong Kong. Xione provides a comprehensive assessment of your threat level and offers a discreet, proportional and customised service. Xione provides a full report of findings and insights into any security breaches with recommendations to improve or enhance your privacy and security.    TRAINING on REQUEST !

Physical Security or Personal Protection

Option 1 - Physical office premises and or private residence. Physical security checks of: access control - entrance and exit doors, windows - floor plan - identification of blind areas - monitoring options for areas of concern - secure access to safe, restricted or high value areas - review of any standing operational procedures. Option 2 - Personal protection. Physical security checks of: premises - access control to entrance and exit doors and windows - travel schedules - vehicle safety - family safety - counter surveillance options - review of any standing operational procedures.

Technology and Security Management Consulting

Technology and Security Management Consulting - Technology support - Risk, IT, audit and vulnerability assessments - Security - Safeguarding of organisations' information technology assets, data, communication networks and supporting infrastructure.
Secure IT Services: On-going and Secure day-to-day IT Support making sure your infrastructure and information is protected. Our contract and ad-hoc rates.
IT Rescue Services: Exiting IT Managers and Directors carry with them a large amount of confidential information and knowledge of your company's infrastructure. Worse still, if they leave the company under a cloud and/or at short notice, your infrastructure could be under a very real threat.

Intellectual Property Protection Services

Advisory - Advice and services to clients who feel their products or services are suffering from counterfeiting, passing off or parallel trading, Delivery - Scientific methods to substantiate or challenge allegations of intellectual property theft.

i2 Link Analysis - Mapping your Investigation

Understanding complex investigations and making sense of the information: Quick analysis and visualisation of transactions showing date/time with entities, making things easy for a court to follow.

Case Map - Understanding your Investigation

Case analysis tools for your investigations: managing facts, documents, issues, research, persons, organisations, events, places, pleadings and discovery.