Security Assessments

Improve your security posture by evaluating your information security program

The team draws on our collective expertise to deliver tailored, actionable recommendations to improve your security posture, reduce risk, and mitigate the impact of security incidents.


The process starts with the latest industry standards. It then incorporates the deep experience and knowledge gained from responding to hundreds of computer security incidents to generate high-quality recommendations across 10 critical security domains. During the process, our consultants perform interviews, collect evidence and review artifacts. At the same time, they facilitate workshops to ensure future improvements can be understood and successfully implemented by your team.


Executive threat briefing

Our intelligence analysts provide a summary of findings and recommendations that includes a threat intelligence report based on current observed attacker trends in your industry.

cq5dam.thumbnail.140.100 1

Observations and gap analysis

Using an industry framework as a benchmark, we identify domains that require further development. We also provide a maturity plan for each domain to strengthen your security posture.


Security program roadmap and recommendations

This strategic and tactical action plan provides recommendations on sequence and prioritization to improve effectiveness across one or more of the 10 critical security domains.

cq5dam.thumbnail.140.100 (2)

Threat detection report

Our consultants compare your company's event logs to our proprietary Indicators of Compromise (IOCs) library to identify malicious activity. We provide a detailed report that includes a findings summary with insights into relevant threat actor profiles.


How Secure do you Want to be?

When deciding whether or how much to invest and implement recommended changes, consider this: attackers are constantly innovating. Ask yourself if you should be innovating, too.


Security Program Focus by Industry

Learn how 10 targeted industries prioritize their greatest risks and align security investments to defend them.


M-Trends 2018: Understanding Today’s Cyber Attacks

Explore the latest and greatest trends that define today’s threat landscape, based on Mandiant’s investigation of the most successful cyber attacks of the past year.

Our Approach

The team evaluates your information security program’s overall effectiveness across 10 distinct security domains. At the end of the engagement, you receive a defined roadmap of short-, medium-, and long-term improvement initiatives for your organization.

Documentation collection and analysis

Our consultants review existing polices, standards, and procedures to gain an in-depth understanding of your current operational capabilities, existing technology, and the business environment.

Interactive workshops and executive meetings

Our experts will assess your organization’s maturity levels and compare the information we gather to best practices and industry standards so we can identify your organization’s short-term and long-term goals.

Recommendations and roadmap

We perform in-depth evaluation of the data collected during the assessment and provide detailed recommendations and an actionable implementation roadmap to support the achievement of your organization’s immediate and future goals.

Test how well your people, processes and technology protect your most critical assets

Organizations can greatly improve their security posture by rethinking their approach from an attacker perspective—considering the relentless tactics attackers might use to gain access to your critical assets (data, people and systems). Mandiant helps organizations achieve this with two unique services designed to assess the strength of your security program Security Operations.


  • Focus on giving your security team practical experience combatting real cyber attacks. While avoiding business damaging tactics, these assessments use conventional and advanced attacker TTPs to target agreed-upon objectives. You define the attack objectives — usually worst-case business scenarios — and the Mandiant team goes to work. The Mandiant goes through full attack lifecycle, from initial reconnaissance to mission completion. We offer two types of assessments for Security Operations.
  • Test your internal security staff’s ability to safeguard critical assets. Using experience from the front lines of cyber attacks, our experts simulate the tactics, techniques and procedures of real world targeted attack, without the negative consequences.
  • Table top exercise, also known as a Purple Team, simulate targeted attack across each phase of the attack life-cycle – with the ability to simulate multiple attackers at each phase. A Mandiant incident responder works side by side with your internal security team as they work to detect and respond, providing coaching and evaluating your response (people, process and tools used) at every step.
  • Penetration testing is ideal for organizations who want to test their ability to protect critical assets from targeted attack.
  • Security Operations is ideal for organizations who want to coach their security teams to improve detection and response capabilities to targeted attack.

CromTec Cyber can help you:

  • Get experience dealing with a real-world breach attempt (Security Operations)
  • Determine the level of effort required to compromise your sensitive data
  • Reduce the time it takes for you to respond to events and incidents
  • Assess your security posture against a realistic, ‘no-holds-barred’ attack
  • Enhance your security team’s ability to prevent, detect and respond to real-world incidents
  • Identify and mitigate complex security vulnerabilities before an attacker exploits them
  • Get fact-based risk analyses and recommendations for improvement

What you get

  • A high-level summary for executive and senior level management with technical details that include enough information to recreate our findings
  • Fact-based risk analysis so you know a critical finding is relevant to your specific environment
  • Tactical recommendations for immediate improvement
  • Strategic recommendations for longer-term improvement

Our approach

The Mandiant relies on a systematic, repeatable and reproducible methodology. We begin by establishing the following core information and rules of engagement, agreed upon in collaboration with the organization’s leadership team:

  • Does the begin its effort with information about your environment (white box) or with no information at all (black box)?
  • What intelligence does Mandiant already have about high-risk assets and vulnerabilities in your industry?
  • What objectives do you want the Mandiant Team to accomplish in simulating a real-world attack?

Team Operations

After identifying objectives, the team attempts to breach your environment, maintain persistence, escalate privileges, obtain access to key systems, generate fake data that emulates sensitive production data and simulate data theft. These assessments focus on non-disruptive, non-damaging tactics to achieve their objectives—as real attackers try their best not to disrupt their target’s operations because people ask questions when services go down.

Security Operations

Security Operations builds on Mandiant Operations, using a step-by-step scenario-based exercise to test detect, prevent and respond capabilities at each phase of the attack lifecycle.


Assess your team’s ability to detect, respond to and contain advanced cyber attacks

The Mandiant Response Readiness Assessment evaluates an organization’s incident response (IR) function which includes their Security Operations Center (SOC) and IR capabilities. It compares the IR function against leading practices to determine what capabilities are needed and how best to implement them.


Using a combination of team discussions, internal document review and tabletop exercises, Mandiant consultants conduct a comprehensive survey of your existing cybersecurity event monitoring, threat intelligence, and incident response capabilities to deliver a detailed roadmap and specific, cost-effective improvement recommendations. During the assessment, our consultants examine six key areas of your program to ensure best practice incident response readiness:


Serves as a foundation for an effective IR function that advances the organization’s greater strategic objectives


Represents the people, processes, and technology that detect threats across the organization’s business architecture.


Represents the processes that allow communication of IR information to important internal and external stakeholders.

Threat Intelligence

Uses attacker intelligence to reduce internal and external threat risks and create effective threat response strategies.


Represents identification of the incident type, impact assessment and determination of proper IR actions to be taken.


Signifies the measurement and development strategies needed to maintain and improve the IR function.

What you get

  • Independent Assessment
  • Best Practices Overview
  • Tabletop Exercise
  • Prioritized Recommendations


Build a business case

  • Datasheet: Response Readiness Assessment
  • The Executive’s Breach Response Preparedness Playbook
  • Remediating Targeted-Threat Intrusions
  • Blog: The State of Incident Detection and Response in 2015

Our Process


Assess your ability to detect, respond and contain threats

Mandiant consultants review your SOC and IR documentation and compare your current processes against industry best practices to establish your baseline performance. They also conduct detailed staff interviews to better understand SOC and IR processes that are unique to your organization.


Test your processes with tabletop exercises

Incident scenarios (i.e., system compromise, unauthorized access of personally identifiable information(PII), policy violations, inappropriate emails) are simulated to evaluate your organization’s response processes from incident detection to closure


Adopt recommendations and custom roadmap

The observation identified during documentation review, staff interviews, and the tabletop exercise will be used to develop the final report and presentation. Your organization will be benchmarked against legal and regulatory requirements, and industry best practices. The RRA will highlight your organization’s SOC and IR strength’s, and identify improvement opportunities.

Identify an organization’s level of cyber risk for insurance underwriting

The Cyber Insurance Risk Assessment provides a quick, high-level analysis of an organization’s risk level based on the C.O.P.E framework (construction, occupancy, protection and exposure).


The Cyber Insurance Risk Assessment is designed for insurance providers, underwriters and organizations preparing to purchase cyber insurance. It is based on Mandiant’s extensive knowledge of advanced threat actors, security breach responses, and evaluations of security program maturity and readiness. The Cyber Insurance Risk Assessment provides a quick, high-level analysis of an organization’s risk level based on their technology, processes and people to facilitate the identification and classification of cyber risk for insurance underwriting. Risk is assessed along the four basic elements of property insurance underwriting: construction, occupancy, protection and exposure (C.O.P.E.) C.O.P.E. has been extended to apply to the assessment of technology-driven risk.


M-Trends 2018: Understanding Today’s Cyber Attacks

Explore the latest and greatest trends that define today’s threat landscape, based on Mandiant’s investigation of the most successful cyber attacks of the past year.

What you get

  • Cyber Insurance Risk Assessment report that includes current capabilities, risk levels and strategic recommendations
  • Executive presentation
  • Threat assessment report
cq5dam.thumbnail.140.100 (3)

COPEing with Cyber Insurance Risk Assessment

Learn why cyber insurance policies are growing in popularity and how underwriters evaluate your risk profile.


  • Identification, classification and analysis of cyber risk in the context of insurance underwriting
  • Identification of company and industry cyber threats
  • Strategic recommendations for security improvement

On-Demand Webinar: COPE-ing with Cyber Risk Exposures

Get an introduction to our Cyber Insurance Risk Assessment and learn how organizations can better understand their cyber and privacy risks.

Our Approach

This two-week engagement combines a general organizational risk assessment based on industry, size and geography with cyber risk scoring across the four domains of the C.O.P.E. framework. The derived weighted risk score helps determine the risk posture for each domain and the company as a whole.



How is the information security program structured? What are the organization’s strengths and opportunities for improvement? Areas reviewed include:

  • General technology policies and procedures
  • Incident response and crisis management policies and procedures
  • Organizational staffing
  • Senior management and leadership cyber security awareness
  • Audit and compliance practices


How does the organization handle data and asset management processes? Areas reviewed include:

  • Classification policies
  • Technical controls to manage data
  • Encryption usage requirements
  • Data retention policies
  • Backup and recovery policies
  • Standard asset build and control requirements for items such as laptops, serves and mobile devices


How well is the organization protected from advanced cyber attacks? Areas reviewed include:

  • Current and planned technology deployment
  • Established and pending processes
  • In-house and external personnel
  • Functional capabilities, such as threat visibility, operational security, and incident response


What is the potential for risk based on the organization’s industry, type of business and geographic bases of operations? Areas reviewed include:

  • Processes and policies used by the organization to identify business and information security risks
  • System and network maintenance policies
  • Processes and policies for security data collection and storage (logging) requirements

Conduct due diligence on cyber security for merger and acquisition targets

Organizations pursue mergers and acquisitions (M&A) to develop strategic business advantages as a result of gaining or consolidating personnel, technology or intellectual property. Companies, as part of their due diligence, investigate the potential business impact and risks from the merger or acquisition in a number of areas, including financial, legal and intellectual property. But they don’t always fully explore the consequences of combining the cyber security practices and technologies of two different organizations.


The M&A Risk Assessment helps companies evaluate multiple security programs and address compatibility issues and potential security gaps. Security experts analyze and measure the acquisition environment and risk levels across four critical security domains so you can make informed decisions about how to smoothly secure the transitional and post M&A environment.

Cyber security during organizational growth

Combining the cyber risk of two different organizations dramatically increases the risk for both. In addition to different vulnerabilities and security gaps, each organization may have different security priorities that must be reconciled. When reviewing the security maturity and posture of organizations involved in M&A, CromTec Cyber can provide deeper insights through supplemental services to clearly identify immediate risk. We offer two types of assessments:

  • Limited Compromise Assessment: a light-touch, technical assessment of the network for signs of anomalous activity.
  • Compromise Assessment: a detailed analysis of the acquisition environment for the presence of past or current attacker activity.

After an acquisition or merger, organizations continue to develop and refine their security program. CromTec Cyber and Mandiant can provide customized continuous monitoring to help evolve an organization’s cyber security posture. Recommended services include:

  • Response Readiness Assessments
  • Threat Intelligence-Based Risk Profiles
  • Tabletop Exercises
  • Security Program Assessments
  • Security Operations as a Service

Benefits of Cyber Security Diligence in Mergers and Acquisition

This white paper examines the cyber security risks in mergers and acquisitions and the due diligence that should be standard practice.

cq5dam.thumbnail.140.100 1 1

Watch Our On-Demand Webinar - Cyber Security: The Achilles Heel of M&A Due Diligence

This webinar details why cyber security due diligence is critical before merging with or acquiring an organization.

Our Approach

CromTec Cyber evaluates your organization’s cyber security programs across four core security domains:

  • Data safeguards, to examine how the data protection framework helps identify and classify high-risk information assets
  • Access control, to review how policies and procedures reduce the risk of inappropriate access to sensitive data
  • Threat detection and response, to see how current deployments detect, analyze, escalate, respond to and contain advanced attacks
  • Infrastructure security, to understand how endpoints are managed to reduce the risk of compromise