Rapid7’s Merger & Acquisition (M&A) Security Assessment engagements are tailored to provide organizations with a cost-efficient, high-value security review during the merger or acquisition process. Capture an asset's cybersecurity capability state pre-merger to aid in the final transaction. Often, this assessment will identify large gaps that when left unmanaged, will put the entire asset at risk.
The base engagement will analyze the risk profile and security posture of an asset across six security domains. That base assessment can also be combined with a validated vulnerability assessment, social engineering, penetration testing, and an in-depth compromise assessment. After the analysis, our team will deliver a report outlining major gaps and consultant observations to help you move forward with your decision. Post-merger, the M&A assessment can be enhanced to provide a go-forward strategic plan, program maturity rating, and/or best practice gap assessment.
The security domains assessed include:
Culture
- Security Awareness
- IT Staffing
- IT/Security Budget
- Executive Support
Technical Self-Awareness
- Inventory Control (Hardware/Software)
- Data-maps
- Network Diagrams and Maps
- Documentation
- Logging/SIEM
Incident Response
- Incident Response Plans
- Incident Response Table-tops/Practice
- Ransomware Preparedness
- Incident Response Staffing and/or IR Retainer
- Cyber Insurance
Technical Security
- Firewalls, IDS/IPS
- Encryption Policies
- Patching and Vulnerability Management
- Local Admin Access Policies
Disaster Recovery
- Backup Encryption
- Backup Process and Testing
- DR Site, Plan, Testing
SDLC/Product Security
- Secure SDLC Policies
- Software Security Testing
- Software Acquisition and Vendor Management Process