External Security Assessment FAQs
What's the difference between an External Security Assessment and an External Penetration Test?
An external security assessment collects and reports on your organization's publicly available information to give you an understanding of what an attacker could use in a cyberattack. An external penetration test involves manual exploitation of vulnerabilities found on your external network.
What types of information are you looking for during this assessment?
From an information gathering standpoint, we are looking for publicly available company information - things like employee names, phone numbers, and email addresses. We also perform configuration checks of your email set-up including the use of DomainKeys and SPF records. In addition to those, our ISAs will perform vulnerability scanning of your organization's externally facing IP addresses in order to identify any weaknesses and if there are any, we will provide detailed recommendations to mitigate these issues.
What do you need from me to perform this assessment?
We need your external IP address(es) and domain names to complete the assessment.
How often should we perform this test?
We recommend that you perform this once per year, or if there is any significant change to your externally facing IT environment.
Could there be any denial of service during testing?
No, we have never experienced any denial of service when performing this assessment.