speak to an expert

Thank You

Your form has been submitted successfully.
Oops! Something went wrong while submitting the form.
consulting

Supply Chain Threat Assessment

Security Alliance Supply Chain Threat Assessments provide an extremely detailed assessment of the threat landscape of an organisation’s supply chain or critical service providers. This enables clients to understand, quantify and mitigate the full range of threats to their business.

chain icon

What is a Supply Chain Threat Assessment?

A supply chain threat assessment looks at the Threat Landscape and the Attack Surface of an organisation's most important suppliers and partners. From an assessment of their threat levels to evaluating their attack surface, the assessment gives the organisation an understanding of where the supply chain threat lies.

Speak to an expert

Security Alliance Supply Chain Assessments

Threat Landscape

The Threat Landscape provides a high level analysis of attacker intent towards subsidiary assets.

Attack Surface

The Attack Surface identifies information on the organisations that a threat actor would also review when preparing for an attack on the company.

The Output

These findings are then condensed into particular scores which can be used to compare the relative threats faced by each of these entities. The findings are then analysed across the business to inform prioritisation for remediation.

Speak to an expert

More Details

Our assessment is extremely thorough and uses a combination of automated and manual techniques. Our scoring areas include:

  • Reputation: Identification of any reputation issues associated with IPs, domains, or other infrastructure linked to an organisation.
  • Exploitation: Evidence that an organisation’s perimeter or internal systems have been compromised (according to external sources).
  • Infrastructure: Evidence that an organisation issuing outdated/vulnerable operating systems or software or has external-facing infrastructure with open ports.
  • Phishing Threat: Issues that could increase the of phishing attacks, including typo-squatting domains and opportunities for email or sender address spoofing/forgery.
  • Domain Configuration: Various factors including secure handling of web requests, protection against DNS hijacking, domain record management, cookie handling, and potential subdomain hijacking opportunities.
  • Encryption: Issues relating to SSL certificates or SSL/TLS configuration.
  • Credentials: An assessment of leaked credentials. Results are based on the percentage of total employees assessed to have associated leaked credentials.
  • Employee Sentiment: High-level assessment of public information on employee satisfaction ratings and criticisms.
  • Data Leaks: Evidence of past data breaches, current inappropriately exposed databases, data being sold on Dark Web forums, or sensitive information exposure (e.g. on ‘paste’ sites).
  • Threat Landscape: What are the threats faced by the the supplier that you could inherit.
Speak to an expert
"The Threat Intelligence reports provided by Security Alliance provide us with detailed and highly realistic attack scenarios to conduct, enabling the customer to get real value from every engagement.”
CBEST Red Team Leader,
Global Pen Testing Company

more consultancy services

latest Blogs

View all posts