Understand your exposure
You might not know every system, host, domain or network under your control – especially in large enterprises where estates have been combined over time, or if you’re conducting due diligence for an acquisition. This could cause problems such as being unknowingly exposed to unmanaged risks. Or having shadow IT that you’re not aware of, and that could be vulnerable to exploitation.
What does your attack surface look like? As a new information security controller, you might need to establish an accurate picture of how your business ‘looks’ to an outside adversary. Considering the exposure of your company’s people, network and information is crucial.
What do we look for?
The approach we take depends on how your organisation operates. Our experience is vital when it comes to setting up a strategy, but the time we take to understand your main areas of concern is just as key.
Once we have a good picture of what we need to do, we will carry out one, two, or all three of the following:
Mapping of key personnel exposure
We highlight how key personnel in the business might be exposed to social engineering attacks.
Mapping of technical exposure
We map network ranges, hostnames, domains and subdomains associated with your business.
Mapping of information exposure
There may be business information available that an adversary could use to conduct phishing or other social engineering attacks.
We provide a comprehensive report detailing the findings of our investigation, including sources for information and what it means in the context of a potential cyber attack.
We understand adversaries
By applying the attacker mindset to the information we discover, we help you understand how an adversary would use the information to target your business.
Get the big picture
This discovery process unlocks a full understanding of the external footprint of your organisation, and how this exposed footprint translates to risk for the business.
We provide actionable recommendations on how you can reduce unnecessary attack surface area, and suggest easy improvements where complete privacy is impossible.
How we work
The Cyberis way
We know the enemy
We’re experts in using the attacker mindset to inform our investigations. We can identify a great deal of information that might not be visible to others.
Review any assets
These services are passive, so we can conduct investigations even if ownership of your system assets might not be contractually clear.
We come to these investigations with an outside perspective, eliminating possible internal bias which can be limiting for these kinds of investigations.
Accredited by the best
We’re fully accredited to provide a number of information security services.
Our services are covered by our ISO9001 Quality Management System and our ISO27001 Information Security Management System.
Our reports are clear and our advice is actionable, taking the burden of discovery from internal teams and providing targeted guidance based on what we discover.
Our rigorous penetration testing assesses all areas of potential vulnerability across infrastructure, web applications, corporate networks and cloud deployments, mobile apps and web services.
We operate full-chain adversary simulations using our experienced Red Team. Using threat intelligence and thorough research allows us to simulate a targeted attack using the same tactics, techniques and procedures (TTPs) as your adversaries.
Detect and Respond
Our incident readiness services include helping you put your incident response plans together and reviewing them with your teams to make sure they’re fit for purpose.