Exposure and identity risk assessment

What is it?

Our Exposure Attack Surface Risk Assessment is designed to fortify your organisation’s digital defences.

This comprehensive service will equip you with in-depth insights about your attack surface, enabling proactive threat mitigation and safeguarding of your digital assets.

Our assessments use cutting edge AI-powered vulnerability management offered by the CrowdStrike Falcon® Suite, allowing discovery of all assets, from endpoints to applications and IoT through agents. It allows our analysts to speed up investigations, reduce complexity and lower total costs for you while providing a comprehensive solution 

The agent leaves a minimal trace on endpoints, and our streamlined management of the assessment via our single console dashboards makes analysis fast and easy.

What does it involve?

The assessment begins with a systematic evaluation of your organisation’s digital infrastructure and externally facing assets to identify potential points of vulnerability that attackers could exploit.

By proactively identifying and mitigating these threats, we help reduce your organisation’s susceptibility to attacks. Our approach ensures you can allocate resources efficiently, prioritising vulnerabilities based on their criticality and potential impact.

Throughout the process, we provide holistic insight into your overall security posture, empowering you to make better-informed decisions about risk management and future cybersecurity investments.

The service is also fully customisable, meaning we can tailor the assessment to align with your organisation’s unique environment, needs, and priorities.

We also provide a more niche identity risk assessment to develop awareness of your existing identities and the risks they may pose.:

Identity Risk Assessment

What is it?

Help protect your organisation from all forms of identity-based attacks with our Identity Risk Assessment. It uses identity, behavioural, and risk-based analytics to give you a detailed, in-depth review of your organisation’s security.

The majority of breaches involve compromised identities and credentials. One of the best steps you can take to help prevent this is to develop awareness of your existing identities and the risks they may pose. It can be run as a standalone service, incorporated into other services such as Compromise Assessments or as an investigative service in response to an incident.

How does it work?

We deploy an Endpoint Detection and Response (EDR) agent to gather data on all user accounts. This identifies security gaps and gives insights into how they occur, what risks they carry, and how best to address them.

The agent also gathers further identity-related data sources on each host. We use this to understand the attack surface, by analysing factors like:

• Vulnerable accounts
• Attack paths to privileged accounts
• Exploitable services running on machines
• Password policy robustness
• Vulnerable Operating Systems

Areas Covered

The assessment covers over 70 identity-related risks, including:

• High-risk users
• Anomalous behaviours
• Attack paths to privileged accounts
• Compromised and duplicated passwords
• Unmanaged endpoints

Reporting

Any critical findings will be relayed as soon as possible. All other findings will be covered in a formal report.

Findings will be categorised by their Impact and Effort in terms of the severity of the identified issues, and the difficulty of implementing the recommended remediations.

Overview

• Each domain in the network is given an overall Risk Score derived from individual scores attributed to each Risk Factor detected.
• A Score Trend shows the client’s given Risk Score over time.
• The Risk Matrix displays the volume of Risk Factors based on the likelihood of their exploitation and the implicated or possible consequences.
• The Entities summary gives some insight into the sheer number of users, endpoints, and how many of them are privileged entities.

The risks detected are not limited to only users.

Other  risks, such as Print Spooler Service  Running, can be expanded to display details about the risk as well as recommended actions for remediation.