Domain Risk Assessment
Procure an objective, external measure of your organisations Cyber Risk posture through the identification and analysis of potential threats and vulnerabilities.
What is a Domain Risk Assessment
A Domain Risk assessment involves identifying, evaluating, and mitigating potential threats and vulnerabilities within a specific domain or area of an organisation's IT infrastructure. It involves analysing risks to data, systems, and operations to ensure the confidentiality, integrity, and availability of resources. This assessment is crucial for proactive risk management, improving security posture, ensuring regulatory compliance, and prioritising security efforts.
Quantum Evolve aims to help protect organisations against cyber threats, minimise potential damage, and efficiently allocate resources to address critical risks.
What we do
By simply entering an organisations top level domain (TLD) such as trelleborg.com, our technology will discover all related sub-domains. All domains are validated against known vulnerabilities, misconfigurations, website issues, cryptographic weaknesses etc. which in-turn, provides a complete picture of where the issues are and how to correct them.
The domain infrastructure will also be evaluated for vulnerabilities, weaknesses, and entry points for an attacker with confirmation of any exploits that have been attempted and found to be successful.
In addition, we will provide details of your compliance against internationally recognised standards and frameworks, such as General Data Protection Regulation (GDPR), ISO 27001, National Institute of Standards Technology (NIST), Payment Card Industry Data Security Standard (PCI DSS) etc.
| Safeguard | Privacy | Resiliency | Reputation |
|---|---|---|---|
| Digital Footprint | SSL/TLS Strength | Attack Surface | Brand Monitoring |
| Patch Management | Credential Management | DNS Health | IP Reputation |
| Application Security | Hacktivist Shares | Email Security | Fraudulent Apps |
| CDN Security | Social Network | DDoS Resilience | Fraudulent Domains |
| Website Security | Information Disclosure | Network Security | Web Ranking |
Key Features of a Domain Risk Assessment
Reporting is provided to accommodate both Board and Technical level staff and contains quantified risk in monetary terms using the widely adopted Factor Analysis of Information Risk (FAIR) model.
The Quantum methodology is also augmented by experienced consultants who will perform additional relevant checks to provide the human element depending on the devices in-scope.
Digital Footprint
Identify related domains (active and dormant), sub-domains, IP addresses, DNS Records, Services, Social Media, and ASN (Autonomous System Number) information.
Brand Monitoring
Various channels are monitored to gain an insight about the company and brand in the Cyberspace. WoT (Web of Trust) is a crowdsourced web safety reputation and review service, utilised in conjunction with web efficiency including scoring of: • Vendor Reliability. • Child Safety (dependant on applicability). • Trustworthiness. • Privacy.
Website Security
Security Headers, Cookies, vulnerabilities such as, but not limited to, POODLE, HEARTBLEED, ROBOT, TICKETBLEED, CSRF (Cross-Site Request Forgery), Information Exposure, Server level vulnerabilities and web application code quality review. Website Performance: How improvements could be made for both desktop and mobile user experience.
Application Security
weaknesses (aligned to CWE (Common Weakness Enumeration)
CDN (Content Delivery Network) Security
– Vulnerabilities identified, including blacklisted IPs
Cryptographic status (SSL/TLS)
Revealing how digital certificates affect the organisation from a trust and compliance perspective.
Credential Management
Details of any discovered leaked credentials on the web /dark web.
Social Networking
Any found publications / leaks.
Hacktivist Shares
Identified leaks (Hacker publicised information)
Information Disclosure
Found on the web / dark web.
Attack Surface
What this looks like, including discovered / associated third party security status.
DNS Health
DNS setup and configuration issues.
Email Security
Any misconfigurations that may allow for email spoofing. Email domain blacklist check to avoid organisational disruption, authentication and port status are confirmed.
DDoS (Distributed Denial of Service) Resiliency
15 different checks to verify any amplification points.
Network Security
Detection of any open critical ports, unprotected network drives, misconfigured firewalls, and service endpoints (SMB, FTP etc.).
IP Reputation
Validate the organisation’s IPs reputation against the IPs or domains that are blacklisted or that are used for sophisticated Advanced Persistent Threats (APT) attacks.
Fraudulent Applications
Reputable and non-reputable application stores are checked for any association with an organisation, to ensure there are no fraudulent applications available, protecting both customer and the end user.
Fraudulent Domains
Identified scam domains are provided.
Web Ranking
Reveals Alexa and Majestic trends, Google Page insight speed test results as well as Web Content Accessibility Guidelines (WCAG) 2.0 parsing compliance findings.
Identify Domain / Sub-domain infrastructure with issues, weaknesses and / or vulnerabilities such as: Missing patches identified.
Key Benefits of a Domain Risk Assessment
Improved Security and Privacy Controls
Continuous Monitoring (CM) ensures ongoing assessment and analysis of security controls. It provides reporting on the security posture of information systems and supports risk management decisions to maintain acceptable risk levels.
Increased Productivity
CM streamlines risk management processes, allowing organisations to focus on critical areas. It reduces manual effort and enhances efficiency in maintaining security and privacy.
Identifying Emerging Risks
CM helps detect security threats and vulnerabilities promptly. Organisations can proactively address risks before they escalate.
Better Insights
Provides deeper insights into the organisation’s security and privacy landscape. It enables informed decision-making and risk mitigation strategies.
Compliance and Regulatory Adherence:
Ensures ongoing compliance with regulations and standards. Regular monitoring helps organisations stay aligned with evolving requirements.