24/7 security for the IT infrastructure of your company
Vulnerability scan to protect against cyber attacks
Cyber attacks occur on a daily basis – even at smaller companies
The best way to protect against these attacks is by not making yourself vulnerable in the first place. This is how the vulnerability scan protects you against attacks:
- Continuous monitoring of your IT infrastructure
- Timely, easily understandable notifications about security risks
- Increasing awareness among your employees using phishing simulations
- Push notifications for actual cyber threats
Monitor your security and close security gaps in a targeted manner – all with one dashboard
Your IT security is at risk – We have found significant security gaps.
http to https redirect
Meaning
Unencrypted HTTP requests are not being redirected to encrypted HTTPS requests. Sensitive data is therefore not protected when being transmitted.
Possible risks
Criminals could exploit this vulnerability to intercept data transfers and steal sensitive data or redirect users of your website to other websites. There is also a risk that your website might not open properly in browsers.
Meaning
Server is not redirecting http request to https.
Certificate issue
Meaning
Your data is not properly encrypted, which means that the transmission or storage of sensitive information could be vulnerable to unauthorised access.
Possible risks
Criminals could exploit this vulnerability to intercept data transfers and steal sensitive data or redirect users of your website to other websites.
Meaning
Asymmetric encryption algorithm validation failed.
Unintended publicly accessible directory/file detected
Meaning
Default folders or files such as configuration files, backups, etc. have been detected.
Possible risks
Criminals could use the found folders and files to penetrate deeper into your system, manipulate it or extract confidential information.
Meaning
Discovered publicly accessible directory/file on target server which should be inaccessible: /wp-register.php
Content-security-policy (CSP)
Meaning
The Content Security Policy (CSP) isn’t set up, meaning that the browser isn’t being given clear instructions on whether or not to load potentially dangerous elements such as scripts, resources or content.
Possible risks
Criminals could inject malicious code into your website.
Meaning
‘content-security-policy’ header is not detected in response headers or response body.
Cookies not configured correctly
Meaning
The security settings for cookies, which store information such as session keys for logins, are not set restrictively enough; potentially sensitive information may not be adequately protected.
Possible risks
Criminals could intercept these cookies, which are not encrypted due to the insufficient setting, and thereby gain access to session data, personal data and authentication information.
Meaning
‘set-cookie’ header missed required option: ‘secure’.
Server allows TRACE method requests
Meaning
HTTP-TRACE is a tool commonly used for website development to identify and fix bugs and shouldn’t be enabled on live systems as it can potentially expose sensitive information.
Possible risks
Criminals could exploit this vulnerability to access confidential data such as login details and other sensitive information, which could then result in security risks.
Meaning
Server allows TRACE method requests.
DMARC
Meaning
Your email domain’s security mechanisms are not configured or not configured restrictively enough, making it vulnerable to forgery of sender addresses.
Possible risks
Criminals could exploit your email domain for social engineering attacks without the receiving mail server being able to check the authenticity of the incoming email.
Meaning
No DMARC record found for the domain.
Easy to use
Answer the five simple questions and you’ll get clear results and recommendations for your cyber security. You don’t need any technical knowledge and you don’t have to grapple with complex details.
24/7 protection
The scan runs in the background and continuously monitors your security so that you can concentrate on your core business. If the scan identifies a vulnerability, you’ll be informed immediately. You’ll also receive push notifications when new security breaches and scams are identified so that you can protect yourself in the best way possible.
Upgrade to automated, all-round protection
Do you want to protect your company automatically, around the clock? For just CHF 259, you’ll get easily understandable information about the IT security situation in your company and warning messages as well as clear descriptions of risks posed by security breaches and scams. This will allow you to react quickly and in a targeted manner at all times.
Vulnerability scan – an overview
Using continuous risk monitoring, our vulnerability scan provides an effective opportunity to protect your company against cyber threats.
Network
The network scan identifies vulnerabilities and configuration errors in your network infrastructure. Hackers can exploit these to gain access to your systems.
You receive clear and easily understandable results on the threat situation as well as details about the vulnerabilities identified.
Website and email server
The scan of your website and your email server checks possible points of entry from outside, the security of your technical configuration and the blacklist status of your website. This ensures that your website is protected against attacks and that you don’t lose the trust of your customers.
You receive clear and easily understandable results on the threat situation so that you can quickly rectify the vulnerabilities that have been identified.
Data theft
Thanks to this monitoring, you are warned immediately if your credit card or telephone numbers are published on the Internet or dark web. The scan also checks whether user accounts associated with a company email address have been hacked. This allows you to take countermeasures quickly to prevent financial losses
You receive clear and easily understandable results on the threat situation and tips on how to protect your data.
Phishing prevention
Phishing emails are one of the most common causes of data or financial loss. Phishing simulations help you to test the sensitivity of your employees to phishing attacks and to determine if training is needed.
You receive results to determine if your employees need training.
FAQ
What information do I have to enter before I can launch the scan?
To launch the vulnerability scan, you only need to provide the following information
- Your domain
- Your email address
- Login function present
- Payment function present
- Contact form present
How does the vulnerability scan actually work?
Upon activation, the vulnerability scan runs continuously and
- identifies configuration errors in your network infrastructure
- checks the security of the technical configurations of your website and email
- checks whether sensitive data is present on the Darknet.
Which data is processed for the vulnerability scan?
Only data that you make available to us will be used. This includes the domain, email and other information about your website and, if you wish, also your credit card details and telephone number.
Do I have to install any software to be able to run the vulnerability scan?
No, you do not need to install any software. The vulnerability scan runs on our online platform.
Can the vulnerability scan also help if I have an antivirus program installed?
Antivirus programs check whether malware such as computer viruses, Trojans or similar programs are present on a terminal device (e.g. laptop) and then proceed to block and remove them. Antivirus programs are installed separately on devices. On the other hand, the vulnerability scan checks whether there are security gaps in the IT infrastructure (i.e. outside the individual devices), which could be used as points of entry by criminals.
What difference is there between a vulnerability scan and a firewall?
A firewall is a security system that monitors and filters data traffic between an internal network and external networks, whereas a vulnerability scan is an automated process that identifies potential security gaps that could be exploited by attackers. In contrast to firewalls, which monitor data traffic, the vulnerability scan focuses on identifying potential vulnerabilities within the configuration.
How will I be notified if a security breach or data theft is identified?
We will send you a notification to the email address you have provided asking you to log in to the platform to view the details. For security reasons, we do not send details of vulnerabilities by email.
My company only has 3 employees – can I still benefit from the vulnerability scan?
It goes without saying that IT systems are tested regardless of the number of employees.
What are the payment options?
You can pay easily and conveniently by credit card, Apple Pay or Twint.
How does phishing training work?
Simply choose from a selection of email templates such as “Google Login” or “Visa Terms and Conditions Update”, enter up to 30 employee email addresses and click “Send”. You gain insight into the statistics as soon as employees react to the emails by opening them, clicking on them or forwarding sensitive data.
What are the advantages of phishing training?
On the one hand, you raise awareness among your employees of the need to handle (phishing) emails carefully in a protected environment. On the other hand, you gain insight into the behaviour of individual employees and can set up targeted training courses to further instruct employees in dealing with phishing emails. Employees who hand over sensitive data as part of the phishing training are immediately informed of this and given recommendations on how to handle emails safely.
How frequently should I run the phishing training?
You can run the phishing training up to once a week on an individual basis. We recommend adjusting how often they are sent so that employees do not find them too predictable.
How will my employees receive notification of the phishing training?
On our platform, we provide you with a corresponding email template to help you inform employees about phishing and the associated data protection issues.