INTERNET EXPOSURE ANALYSIS
Service Description
During an Internet Exposure Analysis, without any assistance from the customer, our experts will attempt to identify all Internet-accessible networks systems, sites, applications and services; and any information about the company gleaned from public databases, forums and chat rooms that might be sensitive in nature or useful in crafting a cyber attack.
Our Methodology
The purpose of this exercise is to describe the client’s cyber attack surface, to make the customer aware of all assets and information which are currently visible from the Internet (the organization’s “Internet footprint”) and therefore exposed to possible Internet-based threats. CAG also searches organizational and non-organization sites and sources to identify sensitive information that may have been exposed, or any chatter about the organization relating to security or planned attacks from chat rooms and forums. Furthermore, bot lists, black lists, and web reputation sites are inspected to serve as a leading indicator of malware infections with the client’s systems.
Note: This assessment is typically performed prior to the Perimeter Security Assessment & Penetration Testing and serves to confirm assessment targets and scope for the subsequent testing.
Scope: This is a blind test and requires no input from the client. Once the test has been completed, the results will be reviewed with the client to confirm that all in-scope networks and systems have been properly identified.
Our Deliverables
In addition to the usual status updates and meetings, CAG will deliver written drafts of the following material:
• Internet Exposure Analysis Report complete with findings and recommendations (as applicable)
