Mustard Research is a cybersecurity consulting firm founded in 1993, with delivery led primarily by Dave Marsh. It highlights credentials including PCI DSS QSA, CISM, and ISO 27001 Lead Auditor. Its services cover PCI DSS compliance, penetration testing, security audits, AWS security assessments, NIST CSF assessments, AI security consulting, and a cyber threat detection solution called Beacon Butty.
Based on the available content, this is not a single SaaS security product, but rather a high-end consulting-led service provider. Its PCI DSS services include gap analysis, RoC, SAQ support, scope reduction, and ongoing compliance management. Penetration testing covers Web, API, infrastructure, network, and payment systems, including OWASP Top 10, SANS Top 25, and CVSS 3.0 scoring, with free retesting for critical and high-risk issues. AWS assessments are based on CIS AWS Foundations and review IAM, VPC, S3, encryption, logging, and monitoring. NIST CSF assessments can be used for maturity benchmarking, supply-chain due diligence, and cyber insurance underwriting.
Most services are delivered as projects, including discovery, assessment, validation, reporting, and retesting. Beacon Butty is a combined hardware and software solution that requires on-site consultant installation and network-specific configuration. It is used to passively detect periodic beaconing and send alerts via Slack, email, SMS, and other channels. Integration capabilities mainly relate to AWS environments, payment systems, B2B merchant processing, software platform connectivity, and alerting channels.
The website does not disclose pricing, packages, SLA terms, or payment methods, only noting that a no-obligation discovery call is available. Its strengths are deep experience, a strong payment security and compliance background, clear and actionable reporting, and the ability to serve demanding scenarios involving investors, insurers, and acquirers. The drawbacks are that delivery appears to rely heavily on senior individual consultants, with unclear scalability; automated platform and continuous monitoring capabilities are only lightly disclosed outside Beacon Butty; and there is no clear information on China-specific compliance, Chinese-language support, or domestic payment options.
Mustard Research is better suited to mid-sized and large organizations in finance, retail, energy, payments, clearing, and settlement that need highly trusted third-party assessments. It is especially relevant for PCI DSS, AWS security due diligence, NIST maturity assessments, and AI security reviews. Access from China cannot be confirmed from the main content, and there may be uncertainty around payment and cross-border on-site deployment. For domestic delivery, MLPS compliance, or local on-site support in China, alternatives such as QiAnXin, NSFOCUS, Venustech, DBAPPSecurity, and Sangfor may be worth comparing.
â This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on mustardresearch.com official site.
mustardresearch.com is an United Kingdom Cybersecurity provider. TG4G tracks its product information, an overall rating of 7.0/10, and a China-accessibility score of Workable. Click "Visit Official Site" to reach mustardresearch.com directly.