fbpx Skip to main content

Attack Surface Management

Protect your business from the increasing risk of Cyber Attacks with Attack Surface Management from CSIQ. We help organisations that don’t have an in-house team of qualified security professionals to respond to the latest threats.

Find Out MoreFind Out More
CSIQ-Cyber-Investigation-Header-V2
csiq-background-breaking-squares-3
csiq-what-is-managed-attack-surface

What is Attack Surface Management?

Attack Surface Management refers to the exposed areas of your business where an unauthorised person can access a system and collect data. In principle, the smaller the attack surface, the easier it is to protect.

The attack surface is typically considered the following:

  • Endpoints & Staff
  • Perimeter Firewalls, Internet Connections, and Application Services
  • Communication and Telephony Systems
  • Identity and Access Management Solutions (Microsoft 365 / Active Directory / G-Suite etc)
  • Remote Working Solutions such as Citrix and VPN
  • Corporate Website

By monitoring what the internet sees and proactively managing your devices, you gain control and peace of mind to ensure your business is protected from modern cyber threats.

Contact UsContact Us

Cyber Security Simplified

Our services are built to be cost-effective while maximising risk reduction. All consultancy and managed solutions provide actionable results that protect your business from opportunistic to advanced persistent threats.

17

of businesses have performed an audit of cyber security vulnerabilities

32

of businesses use VPN technologies for remote working

82

of businesses say that cyber security is a high priority for their directors or senior managers

What are the benefits of a Managed Attack Surface?

A hackers perspective of your organisation

Continuous monitoring of your attack surface. Optional Penetration Testing-As-A-Service.

Analytics that guide risk reduction strategies

Access to CSIQ Insight Risk Management Platform and Experts

Managed Attack Surface features:

Public Email Addresses
By understanding which email addresses are public, you can provide focused training for those users to help prevent spam and targeted email attacks.

Email Health
Correct DNS configuration and blacklist monitoring ensure time sensitive delivery of emails to customers and suppliers.

IP Reputation
Monitoring the IP reputation of your company IP addresses provides an indicator of infected machines which are avoiding endpoint protection solutions.

Dark Web Chatter
Commonly used by hackers to share leaked information on individuals and companies, we monitor the dark web for indicators of targeted attacks and information leaks.

Monitored by the SOC Team
All alerts and metrics are vetted and monitored by our SOC team, and all threat metrics alerts are available through our Live Risk Management Platform.

Impersonation Attacks (DMARC/SPF)
We monitor DMARC forensic and aggregate reports to provide insight on email failures and identify if malicious users are attempting to impersonate your users.

DNS Health
DNS is essential for network communication. All businesses utilise this technology to make services such as remote access and the company website accessible to staff and customers, so we monitor for new DNS records and any misconfigurations that could reveal sensitive information.

CSIQ-Technology-Agnostic

CSIQ Insight – Live Risk Management Platform
All consultancy and managed services come with access to our Risk Management Portal. All risk types, including technical, human, residual and inherent, are allocated a score, allowing for a strategic approach to risk reduction.

Credential Leaks
We index and aggregate credential leak databases to provide a true reflection of the risks associated with lost credentials.

Search Engine Leaks
Our Threat Hunting team can identify potential information leakage by combining automated and manual assessments of search engine databases.

Monthly Reports (Threats and Recommendations)
Monthly reports detailing individual risk scores, a summary of events, detailed vulnerabilities, and security recommendations are provided.

Quarterly Threat Intelligence Report
A manual investigation is performed, and a report is generated to summarise the information collected and provide recommendations where appropriate.

Initial Threat Intelligence Report
During onboarding, we will run a full assessment, manually review the collected information and provide recommendations on reducing the risks identified.

CSIQ-Forward-Thinking-2

We monitor for indicators of compromise and the following metrics at a minimum:

  • Multi-Factor Authentication Is enabled for all accounts
  • Disabled Users with a License
  • Administrator Added/Removed
  • Disabled Administrator Accounts
  • Locked out accounts
  • Users targeted by brute force attempts
  • Standard users logging in with administrator accounts
  • Aggregated insights across the platform

Perimeter Vulnerability Scanning
Our recommend methodology will typically consist of weekly scans of all TCP/UDP ports and daily scans against live services consisting of emerging threats and critical vulnerabilities.

Active Directory Security Assessment
Obtaining high-level privileges within Active directory will often result in access to all company information and control over all workstations and servers. Our unique assessment will identify configuration weaknesses and highlight any issues that could result in account compromise.

Onboarding Assessments

Email Health Assessment

We review your current email health and provide recommendations on implementing SPF, DMARC and DKIM correctly and without interruption.

Microsoft 365 and Azure AD Security Assessment

Our consultancy team will perform a security assessment on your Microsoft 365 environment during onboarding. The report will detail health and configuration, identify signs of compromise, and provide recommendations on securing your accounts from the latest threats.

Endpoint Security Assessment

We will conduct an assessment against a typical end-user device and provide recommendations on how to protect against malicious attachments and techniques used by advanced persistent threat actors.

CSIQ-Background-Right-1
CSIQ-Active-Directory-and-Azure-AD-Review

CSIQ Insight: Risk Management Portal

All consultancy and managed services include access to our Risk Management Portal.

A Single Pane of Glass

All risk types, including technical, human, residual and inherent, are allocated a score, allowing for a strategic approach to risk reduction.

Monthly Reports

Monthly reports from our managed services detailing individual risk scores, a summary of events, detailed vulnerabilities, and security recommendations are all available from the platform.

Visual Attack Path

Multiple vulnerabilities are typically exploited to reach a target. Our platform visualises the attack path taken by your consultant to achieve the objective.

Trend Analysis

Track your exposure over time to ensure that your IT teams are tackling the vulnerabilities identified.

If you have our pre-pay contract, simply send us a message through the platform to assist with the remediation.

Attack Surface Lifecycle

Security Operations Centre

Our SOC team operate using our Attack Surface Lifecycle to proactively monitor and respond to threats. Ensuring a timely and prioritised approach to risk reduction

CSIQ-Lifecycle-Background
1
Onboarding
2
Discovery
3
Monitoring
4
Threat Detection & Prioritisation
5
Review
6
Response
7
Reporting

Attack Surface Lifecycle

Security Operations Centre

Our SOC team operate using our Attack Surface Lifecycle to proactively monitor and respond to threats. Ensuring a timely and prioritised approach to risk reduction

1

Onboarding
2

Discovery
3

Monitoring
4

Threat Detection &
Prioritisation
5

Review
6

Response
7

Reporting

Plans & Pricing

Stay ahead of cybercriminals with round the clock vulnerability management and complete visibility of your internet facing assets.

Essentials
£44 Month 12 Month Minimum Term
Recommended for

Essential monitoring for every business

  • Managed Security Service
  • Risk Management Platform
  • 24/7 Monitoring by the SOC Team
  • Monthly Reporting
  • Quarterly Threat Intelligence Review
  • Identity and Imperonsation Monitoring
  • Email Security
  • Impersonation Attack Monitoring
  • Typo Squatting Monitoring
  • Open Source Threat Intelligence
  • Public Email Addresses
  • DNS Health
  • IP Reputation
  • Information Leakage
  • Technologies in Use
  • Dark Web Chatter
  • Credential Leaks
  • Vulnerability Scanning
  • Office Internet Connection
  • Company Website
  • End-User Devices
  • Server Operating Systems
  • Endpoint Management
  • Remote Monitoring & Management
  • Endpoint Detection & Response
  • Operating System Patch Management
  • Third-Party App Patch Management
  • Deception and Response
  • Network Honey Pot
  • Canary Tokens
  • Account Takeover Protection
  • Microsoft 365 / Azure AD Monitoring
  • Active Directory Monitoring
  • Incident Response Triage
  • Onboarding
  • Initial Threat Intelligence Report
  • Microsoft 365 Security Assessment
  • Active Directory Security Assessment
  • Endpoint Security Assessment
  • Optional
  • Penetration Testing As a Service
Control
£140 + £14 Per Endpoint / Month + £240 Onboarding
Recommended for

SME's & Scaleups

  • Managed Security Service
  • Risk Management Platform
  • 24/7 Monitoring by the SOC Team
  • Monthly Reporting
  • Quarterly Threat Intelligence Review
  • Identity and Imperonsation Monitoring
  • Email Security
  • Impersonation Attack Monitoring
  • Typo Squatting Monitoring
  • Open Source Threat Intelligence
  • DNS Health
  • Public Email Addresses
  • IP Reputation
  • Information Leakage
  • Technologies in Use
  • Dark Web Chatter
  • Credential Leaks
  • Vulnerability Scanning
  • Office Internet Connection
  • Company Website
  • End-User Devices
  • Server Operating Systems
  • Endpoint Management
  • Remote Monitoring & Management
  • Endpoint Detection & Response
  • Operating System Patch Management
  • Third-Party App Patch Management
  • Deception and Response
  • Network Honey Pot
  • Canary Tokens
  • Account Takeover Protection
  • Microsoft 365 / Azure AD Monitoring
  • Active Directory Monitoring
  • Incident Response Triage
  • Onboarding
  • Initial Threat Intelligence Report
  • Microsoft 365 Security Assessment
  • Active Directory Security Assessment
  • Endpoint Security Assessment
  • Optional
  • Penetration Testing As a Service
Vigilance
£240 + £20 Per Endpoint / Month + £440 Onboarding
Recommended for

Risk adverse SME's & Enterprises

  • Managed Security Service
  • Risk Management Platform
  • 24/7 Monitoring by the SOC Team
  • Monthly Reporting
  • Quarterly Threat Intelligence Review
  • Identity and Imperonsation Monitoring
  • Email Security
  • Impersonation Attack Monitoring
  • Typo Squatting Monitoring
  • Open Source Threat Intelligence
  • Public Email Addresses
  • DNS Health
  • IP Reputation
  • Information Leakage
  • Technologies in Use
  • Dark Web Chatter
  • Credential Leaks
  • Vulnerability Scanning
  • Office Internet Connection
  • Company Website
  • End-User Devices
  • Server Operating Systems
  • Endpoint Management
  • Remote Monitoring & Management
  • Endpoint Detection & Response
  • Operating System Patch Management
  • Third-Party App Patch Management
  • Deception and Response
  • Network Honey Pot
  • Canary Tokens
  • Account Takeover Protection
  • Microsoft 365 / Azure AD Monitoring
  • Active Directory Monitoring
  • Incident Response Triage
  • Onboarding
  • Initial Threat Intelligence Report
  • Microsoft 365 Security Assessment
  • Active Directory Security Assessment
  • Endpoint Security Assessment
  • Optional
  • Penetration Testing As a Service

Penetration Testing as a Service (PTaaS)

Our Pre-Pay contract combined with Managed Attack Surface enables a proactive approach to protect your organisation from cyberattacks.

Businesses are often stuck in the loop of annual penetration testing and then waiting a year before retesting. With PTaaS, our ongoing services significantly reduce the time it takes to identify, validate, and remediate vulnerabilities.

What are the Benefits of PTaaS?

  • Continuous security monitoring to protect against emerging vulnerabilities
  • Any new services introduced by the business are automatically assessed
  • Managed by our SOC and Consultancy team
  • Risk Management Platform – Full view of all identified security issues
  • Reduces the time between identified vulnerability to remediation with dedicated support

Have further questions about Penetration Testing? Read our FAQs, or contact us here.

csiq-square-with-circuit-cut-out
CSIQ-Penetration-testing-as-a-service

Flexible Pre-Pay Contract

Benefit from a discounted consultancy rate and rapid response with our Flexible Pre-Pay Contract options

Journey to Adversarial Awareness and Defence

Our methodical and project managed approach ensures you will begin your risk reduction journey and benefit from our proactive monitoring sooner.

CSIQ-managed-attack-surface-journey
1
Non-Disclosure Agreements
2
Scoping questionnaire/understanding your organisation
3
Kick-Off-Meeting
4
Initial threat intelligence investigation
5
Meeting to discuss findings
6
Feedback and evaluation
7
Post engagement support

Journey to Adversarial Awareness and Defence

Our methodical and project managed approach ensures you will begin your risk reduction journey and benefit from our proactive monitoring sooner.

1

Non-disclosure Agreements
2

Scoping questionnaire /
understanding your organisation
3

Kick-Off Meeting
4

Initial Threat
Intelligence Investigation
5

Meeting to
Discuss Findings
6

Feedback and
Evaluation
7

Post Engagement
Support
CSIQ-Footer-Logo-4

Cyber

Intelligence Services

Check out our Attack Surface Review page for a point-in-time hackers’ perspective of your organisation.

To learn more about the other Cyber Intelligence service we offer, visit our Cyber Intelligence page.

Or get in touch to discover all our available services.

Contact UsContact Us

Our Accreditations & Memberships

We are proud of our industry recognised certifications in Cyber Security and Service Delivery

CSIQ NCSC Assured Service Provider Cyber Advisor
CSIQ NCSC Assured Service Provider Cyber Advisor
Cyber Essentials Plus Certification Body
Cyber Essentials Plus Certification Body
IASME Governance Certification Body
IASME Governance Certification Body
ISACA Professional Members
Ecologi - Climate Positive Workforce
Ecologi Climate Positive Workforce

FAQ

What's included in the endpoint security assessment?

The endpoint security assessment evolves as the tactics and techniques of attackers change.

The following is tested at a minimum:

  • MITRE ATT&CK Tests
  • Use of Encryption
  • Two-Click Rule of downloaded files
  • Two-Click Rule of email attachments
  • Vulnerability assessment
  • Software Restriction Policy / AppLocker Effectiveness
  • PowerShell and Remote Management Configuration
  • Weaponised document execution
  • Macro blocking
  • Credential leakage by opening malicious emails and files
  • CIS policy compliance
  • Data Exfiltration channels
  • EDR/AV effectiveness
  • Ransomware prevention effectiveness

Do you offer a penetration testing as a service contract?

We do. Our pre-paid contract has many benefits, including a core cyber review and rapid incident response. Still, if you only require PTaaS services, these can be purchased in 10-hour bundles at the same reduced consultancy and engineering rate.

How often are vulnerability scans run?

Our recommended strategy is to run a weekly scan of all TCP/UDP ports for all vulnerabilities and daily scans against all open ports for emerging threats and high/critical vulnerabilities.

This approach ensures a minimal impact on system performance and stability while still maintaining visibility of essential vulnerabilities.

Will Managed Attack Surface help us meet Cyber Essentials Plus?

Our Attack Surface Vigilance package far exceeded Cyber Essentials Plus’s requirements and was designed to help companies protect and respond to modern cyber threats.

CSIQ uses Cyber Essentials Plus approved scanning vendors for all vulnerability assessments. Attack Surface Essentials will help you meet your requirements for external scanning with visibility of all CVSSv3 7.0 and above vulnerabilities.

Have a question for us about our services?

Send us an enquiry to get a rapid response from a cybersecurity expert.

"*" indicates required fields

Name*
Hidden
Hidden
This field is for validation purposes and should be left unchanged.