Want to know how cybercriminals could target your organisation and how to defend against them?
A value and threat-driven penetration testing alternative can help you discover your company’s technological and human flaws and how they could be used against you.
We use the same tactics and techniques of cybercriminals and persistent threat groups to find holes in your organisation’s security.
Unlike advanced Penetration Testing, the focus is on identifying attack paths and weaknesses rather than developing and demonstrating exploits against a system.
Our Active methodology combines a vulnerability assessment, a technical review of public information sources, a workstation configuration assessment, human threat intelligence, and more to give you a real-world view of your organisation’s cyber exposure.
The latest statistics from the U.K Governments Cyber Security Breaches Survey
For SMEs and MSPs, a penetration test is overkill and, unless correctly scoped, provides a false sense of security.
Threat actors prioritise low-risk / high-reward tactics that exploit human weaknesses and misconfiguration before exploiting vulnerabilities typically identified during a penetration test.
We developed the Attack Surface Review to help businesses identify the high/critical risks in their Cyber Security position without requiring lengthy scoping meetings and risk disrupting the business.
A hackers perspective of your organisation
A value-driven alternative to penetration testing
Analytics that guide risk reduction strategies
Access to CSIQ Insight Risk Management Platform and Experts
Public Email Addresses
By understanding which email addresses are public, you can provide focused training for those users to help prevent spam and targeted email attacks.
Email Health
Correct DNS configuration and blocklist monitoring ensure time-sensitive delivery of emails to customers and suppliers.
IP Reputation
Monitoring the IP reputation of your company’s IP addresses provides an indicator of infected machines that avoid endpoint protection solutions.
Credential Leaks
We index and aggregate credential leak databases to provide a true reflection of the risks associated with lost credentials.
Dark Web Chatter
Commonly used by hackers to share leaked information on individuals and companies, we monitor the dark web for indicators of targeted attacks and information leaks.
Use of Technologies
We analyse the technologies in use to identify supply chains, potential login accounts and additional attack vectors.
DNS Health
DNS is essential for network communication. All businesses utilise this technology to make services such as remote access and the company website accessible to staff and customers. We monitor for new DNS records and misconfigurations that could reveal sensitive information.
Search Engine Leaks
Our Threat Hunting team can identify potential information leakage by combining automated and manual assessments of search engine databases.
CSIQ Insight – Risk Management Platform
All consultancy and managed services come with access to our Risk Management Portal. All risk types, including technical, human, residual and inherent, are scored, allowing for a strategic approach to risk reduction.
Perimeter Vulnerability Scanning
We combine automated tools and manual verification to identify vulnerabilities that could lead to compromise and information leakage.
A scoping document is agreed upon at the beginning of the engagement; CSIQ recommends the following are assessed:
CSIQ will only scan websites if the company manages the platform and underlying operating system. All scanning is conducted using vulnerability assessment tools approved for Cyber Essentials plus audits.
Workstation Security Assessment
Along with the network perimeter and your staff, workstations are one of the first lines of defence from cybercriminals. Weaponised documents and misconfiguration are some of the leading causes of compromise.
Our workstation assessment includes a review of the following:
In addition, we test AV/EDR against some of the latest threats and techniques that steal credentials and backdoor systems.
Visit our Cyber Investigation page to learn more about our other Cyber Intelligence services.
Or get in touch to find out more about all our services.
We are proud of our industry recognised certifications in Cyber Security and Service Delivery
The Attack Surface Review is a threat and value-driven alternative to penetration testing and is suitable for all organisations regardless of size.
It is common for companies to believe they need a Penetration Test because they were told they needed one or thought that was the only option. We often find when reviewing test reports that the wrong scope was agreed upon or the test only captured a part of the company’s attack surface and missed the likely path an attacker would take.
The main difference between an Attack Surface Review and a Penetration test is that the Attack Surface Review has a broader scope for identifying weaknesses and does not spend time actively exploiting systems.
A Penetration Test demonstrates vulnerabilities and the impact of exploitation. A considerable amount of time is allocated to enumerating and exploiting systems in a safe and controlled way; however, the outcome is typically the same: remediation advice and fixing the issue.
The Attack Surface Review focuses on the tactics and techniques used by cybercriminals to exploit weaknesses in technical systems and humans.
The Passive assessment provides a perspective of a business that avoids attribution to any entity. This is ideal for companies that need an understanding of what a determined hacker can find out about the business without triggering any defences.
We hear that a lot. feel free to call us, and we can help you review the scope.
The typical turnaround time for a Passive or Active Attack Surface Review is two weeks from order sign-off.
A mutual non-disclosure agreement is required for all engagements.
We take the privacy of our clients seriously and ensure that customer and vulnerability information is protected at all times.
As this is a value-driven assessment, your Threat Intelligence Investigator will focus on the riskiest users to provide the greatest value. The report will provide recommendations for further investigation.
Send us an enquiry to get a rapid response from a cybersecurity expert.
Email Us
Call Us
"*" indicates required fields
