CYBER OSINT

Understand risks in your IT infrastructure.

Discover security vulnerabilities in your external cyber security perimeter.

Detect your real cyber business risks.

Identify your cyber security posture by global network scans

Many companies check their IT security by means of a penetration test. Unfortunately, these tests are usually limited to certain network areas and do not identify shadow IT or other forgotten or unknown IT systems, which nevertheless belong to the own attack surface or external security perimeter.

As our own ISP with more than 1024 Scan-Nodes, we regulary conduct distributed global Internet scans (2.8 billion IPv4 addresses) and store each network services and vulnerability information for all identified companies in our database. With the help of our OSINT analysis we can identify your real attack surface, eliminate shadow IT and identify potential weak points of your company or your third party provider. This allows you to preventively reduce your attack surface and sustainably improve your security.

Leaked Data and Social Scanning

It happens again and again that leaked data is published or offered for sale. For example, private login data is often traded, which of course can also be traced back to employees of companies. This may allow an attacker to gain access to internal systems.

We analyze for you which information is available in leaked password databases and social networks about your employees and how this information can be used against your company.

MONITORING

Evaluate and continuously monitor your cyber risk.

View all externally accessible assets or network services and active domains of your company. Immediately after project creation, you can view all systems with the highest vulnerabilities interactively or as an Excel file and, if required, have a presentation created with all the information you need.

VISIBILITY

Get the hacker’s Perspective

See your company though the eyes of an hacker. Get an outside-in view of your IT Infrastructure. This can be systems with vulnerabilities up to login data of your employees  such as e-mail addresses and passwords.

REPORTING

Reporting for executives and board members

We offer you fully comprehensive reports as Excel files. This allows you to automatically develop your own appropriate KPIs and present them to your managers and create trend graphs. As a detailed report you will receive a presentation, which presents per page a system with vulnerabilities including the respective screenshot for a better understanding.

See CYBER-OSINT in action.

Our Cyber-OSINT scans the global Internet and identifies ALL your externally accessible digital assets and performs non-invasive vulnerability analyses.

Request a demo

Use Cases

Third-Party Risk Management

 

You want to hire a third party or service provider and don’t know if they are trustworthy and have a good level of IT security?
With the help of Cyber-OSINT you can check the external attack surface of your service providers and thus manage your external risk portfolio.

Due Diligence

 

You want to enter into an intensive business relationship with another company, grant a loan or even acquire another company?

But you fear unknown cyber risks and want an independent external  assessment? With the help of Cyber-OSINT we can offer you an in-depth analysis and thus uncover possible cyber risks during a due diligence.

Compliance

 

Wir unterstützen Unternehmen bei Überprüfung der technischen und organisatorischen Maßnahmen, ob diese auch compliant zu bekannten Datenschutz oder Sicherheitsstandards wie z.B. ISO 27001, PCI oder GDPR sind.

Cyber Insurance

Reduce the cost of cyber-insurance by having us regularly record all your external and exposed network services on the Internet and on cloud systems. We automatically check these services for known vulnerabilities and deliver the results in Excel and Powerpoint files.

If you wish to have more in-depth IT security audits, we can gladly advise you on this.

Industries

Cyber Insurance

Discover all external assets of your insured companies and compare them with the transmitted asset lists of your clients.

We regularly scan the global Internet and identify vulnerabilities and can determine on request how long certain companies need to patch or update their systems. This gives insurance companies an insight into the response times and internal business process maturity of their clients.

For insurance companies we offer an “On Premises” System with FullData-Access, which is located directly at the insurance company in the data center. This means that no client data leaves the insurance company and data protection is guaranteed. As a German company, data protection is our top priority.

Financial Services

With our Cyber-OSINT we support financial institutions in “Threat Intelligence-based Ethical Red Teaming” according to the TIBER-EU and TIBER-DE Red Teaming Framework.

Healthcare

We actively support the pharmaceutical and healthcare sector and know the industry specific requirements. Both research and customer data are in the focus of attackers. We identify all external network services and other publicly available information that an attacker could use against your company. Be faster than potential attackers and close your gaps before hackers take advantage of them.

References

Towards Better Internet Citizenship: Reducing the Footprint of Internet-wide Scans by Topology Aware Prefix Selection.
Johannes Klick, Stephan Lau, Matthias Waehlisch, and Volker Roth.
In Proceedings of the 16th ACM SIGCOMM conference on Internet measurement conference. ACM, 2016

See more of our publications