Attack surface definition
In meetings, the IT infrastructure is examined together and attack vectors are determined. Conceptual risks are often already uncovered here.
Basic Health Check
An assessment of the company's cyber security situation lays the foundation for further projects and measures to secure the IT infrastructure. Thanks to our basic health check, exactly those gaps are revealed that could be directly exploited by a real attacker. In addition, the average time between the start of the test and the receipt of the results is only one working week. A basic health check ensures that only efficient and effective measures are initiated, all according to the Core Security Return on Investment (CSROI). The site assessment is carried out as comprehensively as possible to cover all attack vectors.
If the following questions are still open in your company, a basic health check is recommended:
- How should we protect ourselves from hackers?
- Which measures should we prioritize?
- How vulnerable are our systems accessible from the Internet?
- Do we have internal systems that are not actively maintained and have vulnerabilities?
- How well do our employees recognize phishing emails?
- What happens if a phishing is not detected?
- Can we respond to ongoing cyberattacks in our organization?
Process
Scoping
External
Review of external attack vectors
Next, the systems that can be reached from the Internet and their interfaces are checked for possible attack paths.
Awareness
Phishing Test
Employee awareness is determined and click and interaction rates are measured for different scenarios and difficulties of detecting the attacks.
Internal
Assumed Breach
What happens when a phishing attack succeeds? How easy is it for an attacker to cause the maximum damage? These and other questions are answered in this check and a realistic hacker attack is simulated.
Defense
defense mechanisms
Can attacks be detected quickly and accurately? How is an attack responded to? How can operations be maintained in an emergency? These are the questions addressed in this check with practical reviews.
Report
Evaluation
All results are summarized and evaluated. Measures are proposed and prioritized for all risks.
All results are submitted in a final report (PDF, Excel and JSON) and made available via the Mesher platform. This is where the real work begins. Cybersecurity can only be increased if measures are also implemented. Thanks to the basic health check, measures can now be addressed according to their priority and cost-benefit ratio. Via Mesher, your current security level is recorded and you can view the return on investment for the various measures. All results are also visualized here and can be linked to existing tools thanks to integrations. With the platform, technical measures can be directly assigned with tasks to the appropriate people and agile working without media breaks is made possible. This lays the foundation for efficient and sustainable cyber security in the company.
