Small and medium-sized businesses
SME Pentest
A special pentest for small and medium-sized companies (KMU), to assess core risks in your organisation.
Cyber Security Check
The first step of a hacker is an information gathering phase. We evaluate, which information about your comapny can be obtain from public sources.
Leaked Information
We check, whether data of your employees has been affected by data leaks and whether this data is publicly accessible.
Public Infrastructure
We evaluate public infrastructure (e.g., VPN servers, applications, e-mail servers) regarding known vulnerabilities.
Internal infrastructure
We conduct a full vulnerability scan of your infrastructure. You receive an overview of identified vulnerabilities and attack vectors.
Active Directory
We assess your Active Directory (AD) towards misconfigurations and vulnerabilities. This includes analysing, whether attackers can obtain administrative rights.
Leaked Information
A phishing campaign is often the initial attack vector. With a phishing campaign we check the awareness of the users and
from 6.900 € plus VAT at fixed price
360° Analysis
Our package offer for you:
We analyse your infrastructure from different viewpoints in a risk based assessment. Your get a detailled overview of possible vulnerabilities from the perspective of a hacker. We analyse internal, as well as external attack vectors.
We incorporate current attack methods and common vulnerabilities. The penetration test is a combination of automated and manual testing.
You receive a detailled report of all our findings including remediation recommendations for all identified vulnerabilities.
IT-Security in KMU
Data & facts
KMU Pentest
Specification of our services
An in-depth analysis of individual IT components, such as the Active Directory or a single application is oftentimes not viable for small and medium-sized companies. The test effort is comparably high and the results are limited to particular systems. Oftentimes, an overview of general vulnerabilities and so called “quick wins” of the infrastructure makes more sense.
Therefore we have developed a pentest package that serves the needs of KMU companies. We thus favor a broad assessment of your infrastructure over in-depth testing of single components. You receive a broad overview of possible attack vectors. Based on the KMU pentest you can task us to conduct more specific tests of single components.
The KMU pentest includes manual, as well as automated testing methods. Of course you will receive a full reportdetailing the conducted testing methodology, results and recommendations.
With our KMU pentest you receive a full-featured assessment following our general quality standards. The KMU pentest is conducted in adherence to our processes and consists of the following phases:
- Kick-Off
- Pentest Assessment
- Finalisation
Service components
Cyber Security Check
We check public resources for sensitive data about your company. This is generally the first step of an attacker.
Leaked Information
We run a phishing campaign for you and check user awareness. You can choose from our campaigns.
Public infrastructure
We evaluate public endpoints regarding vulnerabilities and attack vectors, e.g., open ports or outdated software.
Internal infrastructure
In your internal infrastructure we conduct a full scan and evaluate identified vulnerabilities.
Active Directory
The AD is usually a critical infrastructure component. We assess for example whether an attacker can gain administrative privileges.
Password Audit
We examine the password strength and quality in your company. Our technical analysis is performed without user context and is privacy compliant.
Comparison with individual pentests
- KMU Extern
-
PopularKMU Intern
- KMU Complete
KMU Extern |
Popular
KMU Intern | KMU Complete | |
€6900 zzgl. MwSt. | €9999 zzgl. MwSt. | €14999 zzgl. MwSt. | |
Cyber Security Check - Public vulnerabilities - View of an external attacker - Excel final report | |||
Public infrastructure | |||
Availability | |||
Internal infrastructure | |||
Active Directory | |||
Password Audit | KMU Pentest anfragen | Zum Konfigurator | Buy Now |
Frequent questions regarding KMU pentests
Which companies can book the KMU test?
Per definition of the EU commission, KMU companies have less than 250 employees and an annual turnover up to 50 million € or a balance sheet total not exceeding 43 million €. More information on the KMU definition can be found under:KMU-Definition der Europäischen Kommission – Förderberatung.
Can i adapt the KMU pentest individually?
The KMU pentest is a fixed price offer, which we only offer in this package. If you have additional requirements, we can extend the KMU pentest or create an individual pentest offer for you.
Is it necessary to conduct the pentest on-premises?
No, the KMU pentest can also be conducted remotely. In this case we provide you with an access box that you set up in your network. Using the access box our testers can conduct all necessary tests. Simply return the box to us after the pentest is completed. In this case no additional travel fees arise.
Is there a possibility for pentest grants?
In some federate states grants will be given for IT security services, such as penetration tests. We gladly advise when applying for grants. Please talk to one of our consultants.
What support can I get after a penetration test?
You receive a detailed report with all findings and detailed remediation recommendations. Of course we support you after the test is finished (e.g., with the remediation of vulnerabilites or a retest for the verification of implemented measures). Our affiliate, the tacticx Consulting GmbH, can also provide you with extensive assistance in the field of IT security or data protection.