Zero Touch Diligence®
What Does Zero Touch Diligence® Mean?
This service is an outside-in risk assessment of an M&A target or third-party partner. We provide deeper reporting on your key partners and potential merger or acquisition candidates without the need for collaboration or resources from the target.
Investigate Outside the Firewall
Contextualize Investment Risks – Don’t Buy a Breach or a Bad Reputation
Nisos helps you meet challenges that exceed typical investment, IPO, and M&A diligence capabilities. Go beyond reviews, questionnaires, and interview-based cyber diligence. Evaluate your non-traditional business risks and combine automation and intelligence to give you a better understanding of your potential challenges and an organized list of risk-mitigating priorities.
We understand your challenges and priorities when it comes to assessing risks.
Speed
Fast responses to important questions
Get fast answers from a knowledgeable and responsive team familiar with third parties and M&A.
Impact
Low-touch, high-value assessments
Have less work and more actionable insights centered on financial and security-focused risk.
Focus
Getting the transaction closed
We’ll help identify material risks and reduce post-close actions and noisy distractions.
Simplicity
Access to insights without interference
Reduce the number of complicated requests by augmenting your existing auditing capabilities.
Facts
Clean and articulated relevant data
Have all of the factual information about the target that you can verify and validate with intelligence.
Unique Insights
Maximum External Visibility
Nisos delivers actionable, adversary-centric intelligence that goes beyond cybersecurity ratings. We provide insights into:
- Cybersecurity Posture
- Cybersecurity Risks
- Reputational Challenges
- Key Personnel Activity
We can gather all of this intel without network access or IT coordination.
Boardroom-Ready
Finished Actionable Findings
You will receive a comprehensive intelligence report that outlines and triages your risks by criticality. Executive overviews and risk summaries will cover:
- External Cybersecurity Posture Assessment
- Brand Reputation Threat Discovery
- Non-Traditional Business Risks
- Derogatory Information and Press
Reports delivered will give clear indications of immediate and near-future risks.
The Work
How We Do It
External Cybersecurity Posture Assessment
Analyzes information collected from a wide range of data sources to identify specific vulnerabilities in a target company’s network and infrastructure. Included in our report is a criticality assessment and recommendations for additional investigation or remediation.
- Indicators of current or past breaches
- Mapping of the target company’s WAN and MPLS network infrastructure
- Network ingress and egress points
- Internal and external security products that may be in use
- Patches and security protocol maturity
- Malware infection frequency and duration
- Efficacy of malware mitigation strategies
- Geographic or business unit-based differences in security maturity across a company
Brand Reputation Threat Discovery
Assesses the extent of the acquisition target’s exposure by examining key data and individuals that may have been compromised. Senior executives and network administrators are often the targets of bad actors. Using our knowledge of dark web methodologies combined with commercial and proprietary tools, we identify risk factors.
- Breached credentials discovered in the dark web, open source, and social media
- Exploitable software
- Direct network access offers
- Stolen intellectual property for sale
- Chatter related to targeting the vendor company
- Code or data in file sharing sites such as Github, Pastebin, etc.
Non-Traditional Business Risk
Non-traditional business risks can be discoverable digitally. Zero Touch Diligence includes a tailored aggregation system to gather relevant, publicly available, potentially sensitive information about the acquisition target.
- Criminal or derogatory information on key personnel or investors
- Indications of hostile control or undue influence from criminal elements or potentially hostile nation states
- Evidence of suspicious financial activity to include insider trading or embezzlement
- Allegations of intellectual property theft, unethical practices, or whistleblower complaints