Threat Assessments
Comprehensive Vulnerability Assessment and Threat Reconnaissance
A complete and comprehensive Vulnerability and Threat Reconnaissance report covering all aspects of your organisation's digital footprint.
We map your digital footprint and then analyse for weaknesses with automated vulnerability tools. These identify:
- Known Software Vulnerabilities (unpatched or unsupported software)
- Insecure configuration within Networks and Systems (poor default security or simply user error)
- Default or weak passwords (a top access vector for attackers)
- Web Application Vulnerabilities such as SQL injection (SQLi) and Cross Site Scripting (XSS)
- Information Leaks (revealing too much configuration or other information can open doors
for attackers)
These tools identify the low hanging fruit that attackers leverage to breach your security. This is not a penetration test. For most organisations, penetration testing should not even be considered until a vulnerability assessment has been performed and remediation undertaken.
Once we have a digital footprint Open Source Intelligence gathering is then used to identify:
- Document Leaks - documents revealing information about the company, business processes, contracts or structure; Usually documents inadvertently stored unprotected online
- Breached Credentials & Email addresses; emails of employees and passwords where available, either publicly or from paid databases available on the dark and deep net;
- Personally identifiable information; personal information of customers, vendors, partners, staff & senior management leaked online;
- Social Media; fake and unauthorised social media accounts related to the company or any of its key partners that could cause brand damage or risk.
- Digital Housekeeping; old websites, pages, accounts and other such assets that require decommissioning
This is an intensive report that uncovers every aspect of your organisation that can be used in an attack against you. The full threat assessment requires many hours of meticulous human investigation to detect vulnerabilities and document leaks that automated tools are not able to detect.
This is priced with reference to the scale of your organisation and the scope of work required.
Third Party Assessments
Comprehensive assessments can be conducted on third parties using Open Source Intelligence techniques. A thorough investigation by our Intelligence specialists will gather all data publicly available on a target.
A full digital footprint is provided that covers every aspect of their online presence. Document leaks and credential breaches are identified and reported on.
Please note: for third party analysis we cannot provide the source material that contains sensitive data. We are unable to conduct vulnerability scanning on third party assets.