Web analysis (darkSOC®) and Security of the Supply Chains

With the initial assessment of the web analysis, we determine your organisation’s profile and level of exposure on the dark and deep web.

Verkkoanalyysin lähtötilannekartoituksen avulla selvitämme organisaatiosi profiilin ja altistumisen tason pimeässä ja syvässä verkossa.

Web analysis

In our web analysis, we examine and report your organisation’s profile and level of exposure in the dark and deep web.
The analysis reveals organisation’s cybersecurity deficiencies, data breaches, and other potential vulnerabilities.
Web analysis contains attack surface analysis which analyses the structure of the organisation’s network infrastructure and the state of its network’s cybersecurity.
The tools used are the Cyber Intelligence House’s database and Badrap’s services.
Data is collected non-stop at 9 Gb per second, from servers located all around the world.
With the help of analysis, you get an overview of what the organisation looks like the cybercriminal’s perspective.
The exposures are classified into eight categories and based on the severity; the findings are divided into three levels.
From the attack surface, it is reported how the organisation’s network and the level of cybersecurity looks in the eyes of an external observer.
We highlight the key findings in the executive summary to support management’s decision-making.
The report also includes a more detailed presentation of the findings and recommendations for the immediate corrective actions and strategic-level development targets.

Monitoring

Based on the web analysis, monitoring is agreed upon to determine the effectiveness of the measures and to detect new threats.
New findings observed during monitoring are examined in relation to previous observations and the reasons why the number of observations has changed is analysed.
The results are reported at agreed intervals.
Regular monitoring: a report delivered at agreed intervals, for example monthly, quarterly, half-yearly or annually.
Continuous monitoring: 24/7 monitoring of new findings, information about which are directly reported to the customer.

Security of the Supply Chains

NIS2 Compliance Requirement

Security around supply chains and the relationship between the company and direct supplier. Companies must choose security measures that fit the vulnerabilities of each direct supplier. And then companies must assess the overall security level for all suppliers.

The analysis can be done for selected parts of the supply chain organisations (requires an agreement). The findings of the attack surface analysis are introduced to the concerned organisations which are responsible for the implementation of corrective actions and reporting to the customer when the corrective measures have been taken. Service content, for example:

Preliminary analysis for the supply chain
Web analysis for the supply chain
NIS2 implementation training

Auditing the cybersecurity practices of the supply chain increases the customer organisation’s cyber maturity and helps the company better meet the minimum requirements of the Cybersecurity Act. It enables the customer, for example, in a corporate acquisition situation, to determine the cyber maturity of potential partners and to conduct a risk assessment.