Manage
Attack Surface Discovery
- Automated discovery of digital assets.
- Eliminate false positives.
- Monitor for changes.
Security Ratings
- Organisation security ratings.
- Domain security ratings.
- Benchmarking.
Attack Surface Reduction
- Exposed domains.
- Functionality Vs Risk.
Remediate
Risks
- Breaches.
- Vulnerabilities.
- Misconfigurations.
Workflows
- Remediation workflows.
- Organisation risk matrix.
- Risk impact ratings.
Enquiries and Improvements
- Live enquiries tool.
- Access to expert analysts.
- Track organisation and domain scores.
Monitor
Reporting and Benchmarking
- C-Suite reporting.
- Alerts and Automated reports.
- Custom competitor analysis.
Integration
- Client and Supply Chain Risk.
- Due Diligence.
- APIs.
Oversight
- Accounts and permissions.
- Historical scores.
- Account security.
Speak with
an Expert
Speak with
an Expert
Manage your attack surface
Gain visibility over your attack surface with accurate, automated attack surface discovery, actionable security ratings and like-for-like peer comparison.
Attack surface discovery
Automated discovery of digital assets
Orbit Cyber Risk’s powerful Machine-Learning algorithm accurately and automatically discovers your public-facing IT infrastructure.
- ML algorithm automates the discovery process
- Continuously monitors for domains added or taken offline
- Identifies absolute global exposure, not just infrastructure managed by local IT team.
- Pinpoint’s location of digital assets globally
- Minimal manual intervention required
- Highly accurate for identifying each of your underlying domains
- Robust, absolute methodology, not liable to user manipulation
Eliminate false positives
Attack surface discovery module is designed to eliminate false positives, accurately identifying the digital assets an organisation manages and is exposed to.
- Automatically monitors for new domains
- Alerts users when changes occur
- Updated continuously
Monitor for changes
Instantly identify when domains are added or removed from your network.
- Organisation security rating from 0-1000
- Analyses 10,000+ data points across six risk categories
- Identifies breaches, vulnerabilities and misconfigurations across your attack surface
- Updated continuously
Security Ratings
Organisation security ratings
Orbit Cyber Risk ratings provide continuous, objective analysis of your network. Our security ratings are based on Thomas Murray’s proprietary methodology, as well as analysis of open-sources and high-quality third-party data feeds.
- Security ratings for every underlying digital asset, from 0-1000
- Drill into underlying risks, prioritised by impact
- Access detailed explanations and remediation advice
Benchmarking
Orbit Cyber Risk benchmarks your organisation against its peers, giving absolute security ratings a real-world perspective.
- Visualise every exposed digital asset in your network and identify which domains do not need to be publicly exposed
- Identify services with known vulnerabilities
- Take action to reduce your attack surface
Attack Surface Reduction
Exposed domains
View all your domains and sub-domains exposed to the internet and reduce the size of your attack surface.
- Understand known risks associated with desired functionality
- Take steps to mitigate risk while delivering on company priorities
Functionality Vs Risk
Empower your team to decide what level of risk they are willing to accept in order to deliver the required functionality
Remediate Risks and Build Security
Understand the risks that can affect your organisation and its underlying domains and build resilience with remediation workflows and access to expert security analysts.
Risks
Breaches
Discover breaches in your network to prevent attacks which could lead to data loss, operational disruption, financial loss or reputational damage.
- Continuously monitor for infrastructure breaches including Malware, Phishing or Port Scanning
- Identify when data breaches have occurred, such as employee email addresses and passwords
- Take action to prevent attacks and build resilience
Vulnerabilities
Discover vulnerabilities running on your domains that could be exploited by malicious actors
- Identify publicly accessible services with known vulnerabilities that do not need to be exposed
- Scan for c.10,000 known issues and vulnerabilities
- Each vulnerability has an impact rating, helping you determine its criticality
Misconfigurations
Continuous information about misconfigurations observed in your network, allowing you to remediation potential operational and security issues.
- Check for misconfigurations in your network such as issues in your DNS setup, TLS or HTTPS configuration.
- Protect your security, performance, and reputation
- Each misconfiguration has an impact rating, helping you determine its criticality
Workflows
Remediation workflows
Make your remediation simple and smart with impact ratings, risk tips and information, as well as rapid query responses.
- Scan for c.10,000 known issues and vulnerabilities
- Identify known vulnerabilities that do not need to be exposed
- Every risk is given an explanation and impact rating
- Both granular and high-level queries get rapid responses by our analysts
Organisation risk impact matrx
See your organisation-wide risk profile, where key risks are concentrated and which to prioritise.
- View the risk impact of every breach, vulnerability and other risk in your network
- See how each domain is exposed, and how to mitigate every risk
Risk impact by domain
Within every domain, see which risks are high, medium and low impact, to prioritise remediation and build resilience.
- Scan for c.10,000 known issues and vulnerabilities
- Identify known vulnerabilities that do not need to be exposed
- Every risk is given an explanation and impact rating
- Both granular and high-level queries get rapid responses by our analysts
Enquiries and Improvements
Live enquiries tool
Make your remediation simple and smart with impact ratings, risk tips and information, as well as rapid query responses.
- All queries responded to by expert analysts
- Query anything from risk impact to remediation tips and likely score improvements
- Reduce your attack surface with help of industry experts
- Chart score changes over time
- See the impact of remediations in real time
- Demonstrate to management the impact of their investment
Access to expert analysts
Access our team of expert cyber security analysts for remediation advice, risk quantification and any other queries.
Track organisation and domain scores
See how your organisation score changes over time, as well as every underlying domain.
Monitor
Get alerts directly to your inbox, create tailored competitor benchmarks, and report with confidence to management in language they understand. Escalate your monitoring with due diligence, supply chain risk analysis and data integration.
Reporting and benchmarking
Executive reporting
Access tailored management reporting suite for boards, regulators, risk and compliance and IT Security
- Reporting with scores, history, benchmarks and underlying risks
- Filter based on multiple categories
- Generate customised reporting
- Export to PDF
Email Notifications
Get real-time alerts and reporting directly to your inbox, with custom triggers and recipients.
- Default notifications when score drops or new risks arise
- Set custom notifications to ensure oversight at all times
- Customise audience, risk triggers and timing
- Set regular, bespoke reports summarising risks
Custom Competitor Analysis
Create custom benchmark of direct peers and competitors
- Default benchmarks against peers and ‘Global’ universe of companies
- Custom peer analysis can include named competitors
- Provide management with comparative, as well as absolute, cyber risk performance in language they understand
Integration
Client and Supply Chain Risk
Escalate your monitoring programme at any time to gain visibility over your clients and supply chain
- Easily upgrade your account to monitor any number of third parties
- Priced to allow you to monitor all companies in scope, not just key service providers
- Satisfy management that you are actively monitoring supply chain cyber risk
Due Diligence
Build a robust third-party cyber risk management programme with IT Security questionnaires and integrated reporting via risk dashboards
- Issue questionnaires at scale and analyse responses on our bank-grade platform
- Library of standard questionnaires, as well as fully custom templates
- Automated scoring and reporting
- Achieve best-in-class third-party cyber risk management
APIs and Data Feeds
Access information via APIs, or integrate external data feeds into your Thomas Murray account
- Get real-time information, security ratings and remediation steps via our API
- Integrate existing risk feeds into Thomas Murray’s platform
- Integrate your risk analysis into a single platform for ease of use and holistic oversight
Oversight and operations
Accounts and permissions
Share access with InfoSec and management colleagues across departments and offices.
- Provide access to colleagues in your team and across departments
- Allocate permissions and track account usage
- Add or remove users easily
Historical performance
See your organisation’s security performance at any point in history
- View your full analysis from any historical point in time
- See how remediations have impacted risk profile over time
- Demonstrate reduced attack surface to management
- Report on any previous point in time
Account Security
Ensure account and data security with permissions, sensitive data redaction and robust platform security
- Manage SSO permissions with other Thomas Murray platforms and products
- Breached sensitive data is redacted and carefully managed
- Thomas Murray’s platform and staff adhere to the highest security standard
Have any questions?
Have any questions?
Thomas Murray launches OrbitAI
Thomas Murray, a global leader in risk management, due diligence, and cyber security services, is proud to announce the launch of OrbitAI. This…
Thomas Murray launches Cyber Risk practice with key strategic hire
Leading global risk intelligence firm Thomas Murray has announced the launch of its Cyber Risk advisory practice today with the key strategic…