Ground Floor, 1919 Malvern Road,
Malvern East,
VIC 3145 Australia.
-
What are you looking for?
Triskele Labs provides 24x7x365 Australian-based cybersecurity monitoring, expert guidance, and risk mitigation solutions, including penetration testing. Our collaboration with Triskele Labs ensures robust protection for our financial technology solutions, keeping data and systems secure.
Together, we help our clients defend against emerging threats while maintaining operational resilience. Our partnership is built on shared values of innovation, trust, and a commitment to delivering secure, reliable financial technology.
With over a decade of experience working with the Ultracs core banking platform, Triskele Labs can accurately detect and respond to targeted threats. Their proactive cybersecurity approach helps our clients mitigate the risk of costly breaches, allowing them to focus on strategic initiatives and long-term growth with confidence.
Penetration testing identifies vulnerabilities before threat actors find and exploit them. An essential component of an effective cybersecurity posture, penetration tests are critical in proactively identifying and mitigating security flaws within the Ultracs core banking platform. By simulating real-world attack scenarios, these tests provide clients with actionable insights into potential weaknesses, enabling them to strengthen their security and ensure compliance with regulatory requirements.
Triskele Labs regularly performs penetration testing on Ultracs infrastructure and applications, assessing different versions and unique configurations. Through the accrued experience, the Triskele Labs team has a deep understanding of how these systems function, allowing for effective identification and mitigation of complex and impactful risks.
Triskele Labs monitors its clients' IT environments from their Australian-based Security Operations Centre (SOC). Using a variety of technologies and strategies across multiple systems, the Triskele Labs SOC can identify attacks or unauthorised access as soon as they occur. Should one of these occur, Triskele Labs provides a response service under which the SOC takes appropriate action to mitigate these threats and prevent further harm.
Self-hosting a core banking system introduces a range of critical risk-based considerations and associated security requirements. When self-hosting, the financial institution is solely responsible for the data it holds and processes - and the controls that protect it. As such, robust cybersecurity measures are a critical protection against data breach risks.
In Triskele Labs's annual "State of Cyber" Report, the Triskele Labs Digital Forensics and Incident Response (DFIR) team notes that most major breaches occur outside Australian business hours.
Cyber professionals, industry experts, regulators, and cybersecurity standards all agree that 24/7/365 security monitoring is a cornerstone of a robust cybersecurity program. This is especially critical when the monitoring service aims to detect and prevent unauthorised access to or theft of customers' financial, personal, and sensitive information—where every millisecond matters.
An Australian-based team operating around the clock every day of the year plays a vital role in meeting regulatory requirements and exceeding customer expectations. This approach ensures a strong security framework capable of identifying and mitigating threats before they escalate into significant breaches.
In collaboration with our clients, we work with Triskele Labs to continuously improve the security of our financial technology solutions.
Triskele Labs conducts security testing on components of the Ultracs core banking platform, leveraging their extensive experience and insights from the Security Operations Centre (SOC) to identify common vulnerabilities and potential attack scenarios.
If any weaknesses are detected, Triskele Labs promptly informs the client, prioritising immediate notification for high-risk issues. A formal report is then provided, detailing the identified vulnerabilities and offering a comprehensive set of strategies to address them. Once these mitigation strategies are implemented, Triskele Labs will re-test the findings to ensure that the mitigation effectively addresses the risk.
Collaboration with cybersecurity experts like Triskele Labs strongly supports product quality and diversification, ensuring financial institutions can adhere to the industry-critical 'Secure-by-Design' principles.
Secure-by-Design is an approach to product development that outlines controls for organisations to embed best practice security into the design, development, and deployment of their technology solutions. Following Secure-by-Design principles mitigates risk by ensuring technology solutions are secure out of the box, rather than through additional security controls implemented after the solution (and any vulnerabilities) have gone live. Secure-by-Design is especially important for critical industries where a data breach would be most consequential, such as the financial services sector.
An important aspect of Secure-By-Design compliance is Triskele Labs's Secure Code Reviews. Secure Code Reviews are an independent assessment of the underlying Ultracs code. Their aim is to identify the root of any potential security flaw, before it has the chance to develop into an exploitable vulnerability when code is deployed. Triskele Labs rate risks based on their likelihood of becoming an exploitable vulnerability.
These recommendations facilitate a continuous improvement cycle that enhances the security of the Ultracs core banking environment and the Ultracs ecosystem.
Cybersecurity is an ongoing and continuous activity – it is never complete nor finished. And like every organisation, financial institutions should be aware of the changing threat environment. If current trends continue, the financial services sector can expect further compliance and regulatory obligations to protect organisations against emerging cybersecurity threats.
Furthermore, financial institutions must also consider the cybersecurity implications of updated mandatory requirements. Recent examples of mandates in the financial services sector include the New Payments Platform (NPP) bringing PayID and PayTo to the Australian payments landscape, Confirmation of Payee and the Consumer Data Right (CDR) Open Banking integration requirements.
Organisations must have a mature cybersecurity posture that is agile enough to handle dramatic change whilst being built on a strong foundation of governance, risk management, modern technology and professional expertise. Working with Triskele Labs, our clients can rest assured that their Ultracs environments remain secure.
Jack Rutherford, Chief Technology Officer, Triskele Labs
As Chief Technology Officer (CTO) at Triskele Labs, Jack boasts a wealth of experience in the cybersecurity industry in Australia, coming from a background in both the public and private sectors.
Jack's expertise centres around offensive security, being a CREST Internationally Registered Tester (CRT) and GIAC Exploit Researcher and Advanced Penetration Tester (GXPN). Before becoming CTO, he built and managed the Triskele Labs Offensive Team, starting with a single tester and growing to the largest boutique penetration testing team in Australia. This role also encompassed the execution and management of red teaming.
This perspective has given Jack unique insight into tactics, techniques and procedures utilised by Threat Actors and combined with previous experience in engineering, incident response and security operations, he now holds a wide, detailed and holistic view of cybersecurity. He has the industry experience, management skills and technical knowledge required to manage the daily operations of the Triskele Labs technical teams, including oversight of the Offensive Team, Security Operations Centre (SOC), Engineering and Incident Response.
Jack continues to contribute his cybersecurity expertise to the Triskele Labs and the Ultradata partnership. He and his team assist with penetration testing by promptly communicating with Ultradata and its partners when a major vulnerability is identified and helping to develop the most effective remediation strategies. Through his oversight of the Triskele Labs SOC, he leverages this specialised offensive security information to enhance defensive measures for clients.
This experience has led to Jack being elected to a position on the CREST Australasian Advisory board. He also represents the Australasian chapter on the CREST International Penetration Testing Sub-Committee. From here,
Jack has influence over and can contribute towards the improvement and advancement of cybersecurity in Australasia and internationally.