Trinity International is an upcoming European Security company registered in the Republic of Croatia.
While this secretive company closely guards all details of their Clientèle and Operations, they are known to have provided security services for the Banking, Energy and Telecommunications sectors in Europe and The Middle East. They were also listed as the security provider on the website for a prominent Middle Eastern Holding company, though this was taken down afterwards, presumably due to Non-Disclosure agreements from Trinity International.
Trinity International is known to offer penetration testing (black, gray and white box testing), vulnerability analysis and consultancy work. They have helped companies achieve standards such as GDPR and ISO 27001, GDPR being compulsory for any company holding data on EU citizens, even if the company in question is not located in the EU.
At the time of writing, Trinity International is not believed to have publicly attended security conferences. However the CEO of Trinity International was at a conference in Abu Dhabi in 2018 with PGI, a prominent British security company, suggesting that there is possible collaboration between Trinity International and PGI.
Starting in 2008, and along with Trinity International they are the only other company that we know of to offer Penetration Testing in Oman. In addition to this service they also offer various security products developed by themselves for secure communication on the internet, this also includes secure Web Hosting Their website lists a number of their clients, some of which are large like the Gulf Mining Group, which is a surprising move, as clients - especially the larger ones which are targeted by hackers more often - often do not wish for security related information to be published. Regardless, this is illustrative that this is a capable security company. Due to leaked documents and communications regarding Eagle Eye we can verify that Eagle Eye was at least considering the purchase of the high end software used to help in Penetration Testing. If this deal finally came through or not is not currently known, as a leaked email stated that the company was facing financial difficulties. Eagle Eye also has a prominent Twitter following, with around 17,000 followers, an impressive feat for a security company based in a city of only 1 million residents. However it is worth noting that at the time of writing they have not posted on Twitter since June 2017, despite posting regularly beforehand, which is what lead us to mention that they may not be active anymore. Eagle Eye seem to be rather taken with ranking the SSL implementation of several Omani banks, an encryption method to secure communications between customers and websites. They tag banks in Tweets with the message "Dear lovely bank, can I trust your online system?" and then publicize the results of their test. Normally Security companies will refrain from highlighting vulnerabilities like this before they are fixed, but judging from their Twitter feed this does not seem to be the case. It is also important to note that SSL in this context only protects the end-user, not the actual banking system itself. Eagle Eye also have developed a VPN and a service for connecting to the TOR network while ensuring secure and private messaging for customers, they have even developed their own flavour of Linux for emphasizing online privacy. While we normally support these type of efforts, we are unsure of the legality of these products and services in Oman however, considering that technically all encryption is banned in the country. The founder of Eagle Eye, an Omani national, has worked for the government in the past, he has been quoted saying that he "wants to change technology" which definitely shows strong ambition.
While Ernst & Young is not a Cyber Security company they gain a special mention on this list as they have setup a regional Cyber Operations Centre in Muscat. While these services seem to be limited to just Incident Response and Monitoring Systems, their large international presence as an accounting firm is a welcome step for protecting customer data. While larger companies will ideally have internal teams dealing with these services, Ernst & Young's services are great for smaller companies who do not have the required budgets or resources to manage these systems. It is currently known that their Muscat staff are trained in basic Cyber Security measures to make it harder for criminals to access data. At the time of writing they do not offer the fully fledged services of the previously mentioned companies, such as Penetration Testing or Digital Forensics.