Zero Touch Diligence®

Understand any organization’s risk profile – including personnel, digital footprint, past breaches, and leaks – without engagement or access.

What Does Zero Touch Diligence® Mean?

This service is an outside-in risk assessment of an M&A target or third-party partner. We provide deeper reporting on your key partners and potential merger or acquisition candidates without the need for collaboration or resources from the target.

Investigate Outside the Firewall

Contextualize Investment Risks – Don’t Buy a Breach or a Bad Reputation

Nisos helps you meet challenges that exceed typical investment, IPO, and M&A diligence capabilities. Go beyond reviews, questionnaires, and interview-based cyber diligence. Evaluate your non-traditional business risks and combine automation and intelligence to give you a better understanding of your potential challenges and an organized list of risk-mitigating priorities.

We understand your challenges and priorities when it comes to assessing risks.


Fast responses to important questions

Get fast answers from a knowledgeable and responsive team familiar with third parties and M&A.


Low-touch, high-value assessments

Have less work and more actionable insights centered on financial and security-focused risk.


Getting the transaction closed

We’ll help identify material risks and reduce post-close actions and noisy distractions.



Access to insights without interference

Reduce the number of complicated requests by augmenting your existing auditing capabilities.



Clean and articulated relevant data

Have all of the factual information about the target that you can verify and validate with intelligence.

Unique Insights

Maximum External Visibility

Nisos delivers actionable, adversary-centric intelligence that goes beyond cybersecurity ratings. We provide insights into:

  • Cybersecurity Posture
  • Cybersecurity Risks
  • Reputational Challenges
  • Key Personnel Activity

We can gather all of this intel without network access or IT coordination.


Finished Actionable Findings

You will receive a comprehensive intelligence report that outlines and triages your risks by criticality. Executive overviews and risk summaries will cover:

  • External Cybersecurity Posture Assessment
  • Brand Reputation Threat Discovery
  • Non-Traditional Business Risks
  • Derogatory Information and Press

Reports delivered will give clear indications of immediate and near-future risks.

The Work

How We Do It

External Cybersecurity Posture Assessment

Analyzes information collected from a wide range of data sources to identify specific vulnerabilities in a target company’s network and infrastructure. Included in our report is a criticality assessment and recommendations for additional investigation or remediation.

  • Indicators of current or past breaches
  • Mapping of the target company’s WAN and MPLS network infrastructure
  • Network ingress and egress points
  • Internal and external security products that may be in use
  • Patches and security protocol maturity
  • Malware infection frequency and duration
  • Efficacy of malware mitigation strategies
  • Geographic or business unit-based differences in security maturity across a company

Brand Reputation Threat Discovery

Assesses the extent of the acquisition target’s exposure by examining key data and individuals that may have been compromised. Senior executives and network administrators are often the targets of bad actors. Using our knowledge of dark web methodologies combined with commercial and proprietary tools, we identify risk factors.

  • Breached credentials discovered in the dark web, open source, and social media
  • Exploitable software
  • Direct network access offers
  • Stolen intellectual property for sale
  • Chatter related to targeting the vendor company
  • Code or data in file sharing sites such as Github, Pastebin, etc.

Non-Traditional Business Risk

Non-traditional business risks can be discoverable digitally. Zero Touch Diligence includes a tailored aggregation system to gather relevant, publicly available, potentially sensitive information about the acquisition target.

  • Criminal or derogatory information on key personnel or investors
  • Indications of hostile control or undue influence from criminal elements or potentially hostile nation states
  • Evidence of suspicious financial activity to include insider trading or embezzlement
  • Allegations of intellectual property theft, unethical practices, or whistleblower complaints

Want to learn more?