Industry Exposure Report
Get the latest summary and specific intelligence on Attack Surface Exposure for your industry vertical
Learn MoreDo You Know Your Attack Surface on the Web?
When it comes to exposure of your networks, computers and devices on the Internet, ignorance is not bliss. If it can be seen, you can be attacked. We can help you to see and neutralize your vulnerabilities.
The Costs of Insecurity Are High and Growing
We need the Internet. But the Internet and telecommunications networks are insecure and NOT PRIVATE. Because of this:
Remote distributed workforce with BYODHas made traditional defences like VPNs irrelevant
Everything is Getting ConnectedIt is no longer just your data at risk
Al is expanding both the sophistication and breadth of attacksExponentially lowering the costs and increasing the power of decentralized attacks
SMBs Are in the Bullseye
While attackers used to spend most of their energy on big Enterprise and government targets, that has all changed. Powered by ever more sophisticated tools and automation, criminals gangs, hostile state actors and other adversaries are coming after small-to-midsized businesses with the same ruthless efficiency.
And its no longer just data they are after - Ransomware is even more lucrative when the threat is to shut down the production line of manufacturers, critical ehealthcare devices, charging stations and so on. If it is connected and can be seen, it can and will be attacked.
Attack Surface & Threat Analysis Can Help
Faction Communications Corp. has partnered with the Mobile Intelligence Alliance, a US 501(c)(3) non-profit organization focused on reducing cyber threats to Internet users, to provide independent services on different levels of visibility into internet-exposed devices, including network details and metadata about the connected assets of an organization such as the OS and network services that are exposed and potentially vulnerable to attackers.
Various types of sophisticated, industry leading scanning and analysis tools are used to obtain the information needed to assess the risks of exposed assets to external attacks. Deeper inspection can then reveal active communications and potential attempts of potentially malicious nodes targeting your network, who is attacking, and a profile of the attacking network.
Threat and Vulnerability Assessment
A detailed report of exactly what networks, devices and application can be seen - and attacked - for your organization
Learn MoreThreat Analysis and Reconnaissance
A deep investigation and analysis, including reconnaissance of potential active compromises and attacks
Learn MoreAttack Surface Management
As the remote workforce grows and the number of connected devices increases, organizations become more distributed, expanding their attack surface, and exposing them to elevated levels of risk.
Connected assets that comprise an attack surface include everything from servers and computers to printers and smartphones. Assets with internet exposure become targets for adversaries that attempt to exploit applications that actively listen for connections to provide services to your organization.
The role of Attack Surface Management (ASM) is important but can be expensive and time consuming. Organizations that rely on mission-critical services often do not have the resources to monitor their attack surface, but need help to identify their exposure, prioritize risks, and find ways to mitigate it. For these organizations, Attack Surface Assessment & Threat Analysis can help.
| SERVICE | OUTPUTS PROVIDED | SERVICE DESCRIPTION | |
|---|---|---|---|
| INDUSTRY EXPOSURE REPORT | A report showing the quantity of publicly exposed services used in different industry verticals, including industrial manufacturing, healthcare, and green energy. | The Exposure Assessment provides intelligence into internet-connected services and devices used in different industries. It looks at service protocols and host information to show the attack surface routinely exploited by criminal hacker organizations and state-affiliated threat groups. | Download Now |
| THREAT AND VULNERABILITY ASSESSMENT | A report showing exposed hosts and vulnerabilities of an organization's network, with an overview of threat risk. The assessment requires network details from the organization. | The Vulnerability Assessment conducts a multi-faceted analysis of an organization's attack surface. It scans a range of IP networks and hosts provided by the organization and searches for known vulnerabilities. The scan results are provided in a report showing exposed and highly vulnerable assets. | Apply Now |
| THREAT ANALYSIS & RECONNAISSANCE | A detailed report showing exposed hosts, with a detailed view of the external attack surface, including malicious breach attempts from known adversarial networks. | The Threat Assessment conducts a deep investigation of an organization's attack surface to find exposed surface weaknesses and potential compromise. It uncovers malicious external networks which actively and periodically attempt to breach the organization's network defences, and the techniques and tactics used. | Get a Quote |
Industry Exposure Report
Understand Your Threat Environment and What You Should Be Looking At
The Exposure Assessment provides intelligence into internet-connected services and devices used in different industries. It looks at service protocols and host information to show the attack surface routinely exploited by criminal hacker organizations and state-affiliated threat groups.
While threats are pervasive, not all industries are equal in either their exposure or the severity of impact for cyberattacks. Manufacturing, Healthcare are two in particular - and of course Infrastructure, starting with Green Energy - that share characteristics which make organizations vulnerable to catastrophic damage from criminal and hostile state actors.
- Smart, dumb and legacy devices which are mission critical to operations – or even the lives of customers, staff and end users. It’s not just your data that hackers are after any more.
- The inability of VPNs and Firewalls – or even ZTNA – to truly protect these devices, as they have no CPUs or other resources.
- The difficulty in getting end users and staff to adhere to rigorous cybersecurity best practices that are then required to try to keep them safe.
A report showing the quantity of publicly exposed services used in different industry verticals, including industrial manufacturing, healthcare, and green energy.
The Exposure Assessment provides intelligence into internet-connected services and devices used in different industries. It looks at service protocols and host information to show the attack surface routinely exploited by criminal hacker organizations and state-affiliated threat groups.
Learn MoreThreat and Vulnerability Assessment
Find Out Exactly What Devices, Networks and Data Are Visible and Vulnerable to Attack in Your Organization Right Now
No matter how many layers of security, training, processes and monitoring you have in place, one fundamental truth remains: if it can be seen, it can be studied and attacked.
Faction Threat and Vulnerability Assessments provide a detailed report of exactly what can be seen on your networks and devices on the Internet. If they can be seen by us, they can be seen by anyone - most especially malicious adversaries armed with the same tools. It is only a matter of time - and how valuable the target - before you are compromised.
The Faction team conducts a multi-faceted analysis of an organization's attack surface with sophisticated tools. It scans a range of IP networks and hosts provided by the organization and searches for known vulnerabilities. The scan results are provided in a report showing exposed and highly vulnerable assets.
This then gives you the power to make informed and intelligent decisions about your true level of risk, and what to do about it. And of course, if you want to mitigate that risk, Faction can provide low-cost options and support your MSP to implement a strategy and plan to get all of your critical devices, computers and systems off of the Internet.
Remote malicious actors - no matter how sophisticated - cannot attack what they cannot see or reach.
Request an Assessment
Register to request an assessment.
There will be an initial screening and consultation with no cost or obligation.
Request An Assessment NowThere will be an initial screening and consultation with no cost or obligation.
A report showing exposed hosts and vulnerabilities of an organization's network, with an overview of threat risk.
The assessment requires network details from the organization.
The Vulnerability Assessment conducts a multi-faceted analysis of an organization's attack surface. It scans a range of IP networks and hosts provided by the organization and searches for known vulnerabilities. The scan results are provided in a report showing exposed and highly vulnerable assets.
Learn MoreThreat Analysis and Reconnaissance
Learn What Critical Networks and Devices Are Under Attack Right Now and the Location and Genesis of the Attackers
Frequently asked questions
What are the typical targets of the assessment service?
The assessment locates connected devices that host network services and run various applications accessible from the internet, such as:
- Web hosts, including private web servers
- Virtual hosts, such as virtual servers (both IP-based and name-based)
- Cloud storage servers
- Private VPN’s
- Firewalls
- Wireless Access Points
- Internet connected devices, such as web security cameras, sensors, healthcare devices, manufacturing equipment, and other smart and dumb devices.
You can specify individual IP addresses, network ranges, and include your domains for the assessment. However, for large and highly distributed deployments such as remote sensor or industrial processing networks, you should contact us to discuss customized options.
Who uses these Services?
Organizations of all sizes in many industries are concerned with understanding and mitigating vulnerabilities to internet-based attacks. Not all organizations face the same threats, and the nature and targets of threats are constantly changing. Our services are designed to address the needs of many industry verticals.
Our Industry Exposure Reports are for organizations that want to get a current picture of the exposed hosts using applications and services in their industry vertical, and where they should focus their attention to formulate defences. This report is available to any organization worldwide.
Our Threat and Vulnerability Assessment services are popular with anyone who wants to understand the exposure and vulnerabilities in the security postureof their specific organization with regard to internet exposed networks, devices and data. Currently, these services are restricted to organizations in North America[GM1] , which can vary from small business to large enterprises.
Our Threat Analysis and Reconnaissance services are for organizations that have reason to believe that they may be under current or imminent attack. Typically, this is due to a specific cause for concern, such as:
- Warnings or alerts from the media, cybersecurity and/or law enforcement agencies relevant to your industry vertical or organization;
- Poor network performance or unusual behavior from IT equipment and concerning computer activity observed by staff;
- Amplified alerts from virus monitoring tools, increased volume of phishing emails, and application or computer lockups;
- Concerns of active threats resulting from an initial Industry Exposure Report;
- Discovery of specific vulnerabilities resulting from a Threat and Vulnerability Assessment.
[GM1]Why is this restricted to organizations in North America?
Can I get an assessment against client systems?
Of course! Agencies and consultants can use this service to perform security reviews of sites they are handing over or working on. A value added service for your web projects or managed services.
Why is there a minimum fee for a Threat and Vulnerability Assessment?
We use various security tools to provide actionable information to our clients. Due to the highly sensitive nature of the reporting outputs, we use payment as part of the identification, verification, and screening process to prevent abuse. You must be the owner or operator of the system or have explicit authorization for us to conduct a vulnerability security assessment on behalf of your organization.
Conducting a vulnerability assessment takes time and resources to address in a professional and thorough manner while providing rapid response. Please fill out our registration form to schedule a consultation to determine if your organization qualifies for any special programs.
Can our integrations with 3rd party vendor equipment be included?
Yes, if you have systems installed or integrated with 3rd party vendors, let us know and we can include them in our scans and analysis.
What does the Threat and Vulnerability Assessment Include?
- We provide an inventory report of exposed host IP addresses, open services on those hosts, assets at a particularly high risk of adversary exploitation, and potential vulnerabilities of those hosts in the context of an organization’s network security posture.
- Recommendations on steps for mitigation or remediation, if further investigation is warranted, and key focal points.
What does the Threat Analysis and Reconnaissance package include?
- Report. We compile a report after conducting an analysis of the results from the active and passive security tools. Sections include an overall summary of the results, including vulnerabilities found, a list of discovered vulnerabilities with recommended remediation steps, and an inventory of exposed assets in an appendix that contains the raw results and screenshots from the tools that used during the assessment.
- Presentation & Consultation. We conclude with a 1 hour working consultation to walk through the results, answer any questions, and ensure that you have actionable findings.
- Next Steps and Follow Ups. If necessary, we can schedule additional periodic analysis and reconnaissance of your network or refer you to managed security or forensic professionals based on the results. (These are optional and would depend on your choice of follow-on actions and expertise required to address any identified attacks or compromise).
What % of these fees does Faction Communications get?
The Mobile Intelligence Alliance, a non-profit 503(c)3 corporation, provides all of the professional services and analysis and keeps 75% of the fees. Faction Communication Corp. keeps 25% of the fees to cover the following:
- e-commerce and other processing costs;
- scheduling and management of customer engagements;
- proprietary tools, databases and expertise that we provide in delivery of these services.
Our partnership with Mobile Intelligence Alliance is based on our shared goal to help average users and small to mid-sized businesses to increase their understanding and awareness of the many threats to their security and privacy, and enable them to do something about it.
Faction Communications is open to and engaged in discussion with other partners in this area. Professional services is not a long term component of our business model, which is focused on our SaaS platform, applications and solutions.
Will Faction partner with other organizations for attack surface assessments and threat analysis?
Certainly! However, this area has many different tools, consultants and contractors, which makes it very challenging and complex for the average small to mid-sized business user to sort out the wheat from the chaff.
Or in some cases, it can be far worse. When it comes to VPNs – and cybersecurity tools – there are actually very large numbers of apps which are malware created by both criminal gangs and hostile state actors.
Therefore, Faction will go through a careful vetting process of any organizations that we recommend and/or partner with, and certainly expects the same in return! There is nothing more important to us then the security and privacy of our customers and users.