Trinity International is offering several cutting-edge technologies to Omani companies which were not previously available, notably they are the GCC and Eastern European partner for FeatureSpace - an Artificial Intelligence company headquartered in Cambridge, UK.
While this secretive company closely guards all details of their Clientele and Operations, we did manage to discover through publicly available documentation that they are also known to have been - and possibly still be - active in the International Telecommunications Sector, although details of these areas are kept quiet.
Trinity International states on their website that they offer the following cyber security services - penetration testing (black, gray and white box testing), vulnerability analysis and consultancy work. They also expand on their penetration testing by offering an information pack on what hacking actually is, why and how it is carried out.
Their Consultancy package seems particularly interesting, from what we can see on the website and from what we have heard, it is essentially hiring Trinity International as a CSO/CISO, by providing compliancy advice, threat intelligence and regular penetration testing.
Starting in 2008, and along with Trinity International they are the only other company that we know of to offer Penetration Testing in Oman. In addition to this service they also offer various security products developed by themselves for secure communication on the internet, this also includes secure Web Hosting Their website lists a number of their clients, some of which are large like the Gulf Mining Group, which is a surprising move, as clients - especially the larger ones which are targeted by hackers more often - often do not wish for security related information to be published. Regardless, this is illustrative that this is a capable security company. Due to leaked documents and communications regarding Eagle Eye we can verify that Eagle Eye was at least considering the purchase of the high end software used to help in Penetration Testing. If this deal finally came through or not is not currently known, as a leaked email stated that the company was facing financial difficulties. Eagle Eye also has a prominent Twitter following, with around 17,000 followers, an impressive feat for a security company based in a city of only 1 million residents. However it is worth noting that at the time of writing they have not posted on Twitter since June 2017, despite posting regularly beforehand, which is what lead us to mention that they may not be active anymore. Eagle Eye seem to be rather taken with ranking the SSL implementation of several Omani banks, an encryption method to secure communications between customers and websites. They tag banks in Tweets with the message "Dear lovely bank, can I trust your online system?" and then publicize the results of their test. Normally Security companies will refrain from highlighting vulnerabilities like this before they are fixed, but judging from their Twitter feed this does not seem to be the case. It is also important to note that SSL in this context only protects the end-user, not the actual banking system itself. Eagle Eye also have developed a VPN and a service for connecting to the TOR network while ensuring secure and private messaging for customers, they have even developed their own flavour of Linux for emphasizing online privacy. While we normally support these type of efforts, we are unsure of the legality of these products and services in Oman however, considering that technically all encryption is banned in the country. The founder of Eagle Eye, an Omani national, has worked for the government in the past, he has been quoted saying that he "wants to change technology" which definitely shows strong ambition.
While Ernst & Young is not a Cyber Security company they gain a special mention on this list as they have setup a regional Cyber Operations Centre in Muscat. While these services seem to be limited to just Incident Response and Monitoring Systems, their large international presence as an accounting firm is a welcome step for protecting customer data. While larger companies will ideally have internal teams dealing with these services, along with an internal penetration testing team, Ernst & Young's services are great for smaller companies who do not have the required budgets or resources to manage these systems. It is currently known that their Muscat staff are trained in basic Cyber Security measures to make it harder for criminals to access data. At the time of writing they do not offer the fully fledged services of the previously mentioned companies, such as Penetration Testing or Digital Forensics.