Got questions? This way.

We've put a comprehensive list of frequently asked questions from our customers. If we've not got an answer to your question, just contact us.

Attack Surface Management :

1. What is Attack Surface Management (ASM)?

ASM is the continuous monitoring of your organisation’s external-facing assets—such as domains, IPs, cloud services, and shadow IT to identify vulnerabilities before attackers do.

2. Why does my business need ASM?

Cyber attackers constantly scan the internet for weaknesses. ASM ensures you stay ahead by detecting exposed assets, misconfigurations, and potential entry points in real time.

3. How is ThreatInsights different from vulnerability scanning tools?

We cut through the noise by combining automated scanning with human verification—you only get alerts that matter, not false positives. elementum turpis leo vel libero.

4. What kind of risks can ASM detect?

Open ports, outdated software, shadow IT, cloud misconfigurations, exposed services, and signs of dark web exposure and more! Below is a list of what we monitor for.

Vulnerable Service (Vulnerable Service)

Report Technical Vulnerability (Report Technical Vulnerability)

Report of botnet activity (Report of botnet activity)

Vulnerable/Weak certificate (Vulnerable/Weak certificate)

Phishing report (Phishing report)

Phishing webpage (Phishing webpage)

Misconfigured Web Server (Misconfigured Web Server)

Mentioned by Threat Actor (Mentioned by Threat Actor)

Leaked sensitive data (Leaked sensitive data)

Impersonating Sub Domain (Impersonating Sub Domain)

Impersonating Domain (Impersonating Domain)

Possible sub domain takeover (Possible sub domain takeover)

Impersonating company profile (Impersonating company profile)

Exposed ports (Exposed ports)

Exposed sensitive documents (Exposed sensitive documents)

Exposed Credentials (Exposed Credentials)

Exposed Access keys (Exposed Access keys)

Association with malware (Association with malware)

Evidence of credential access (Evidence of credential access)

Evidence of Initial Access (Evidence of Initial Access)

Evidence of Reconnaissance (Evidence of Reconnaissance)

5. Do I need technical staff to use your ASM?

Not at all. Results are presented in plain language via the ThreatInsights portal, with clear remediation steps for your team. You also get access to an analyst should you need further guidance.

Penetration Testing:

1. What is Penetration Testing

Penetration testing (or “pen testing”) simulates real-world attacks on your systems to find vulnerabilities before criminals exploit them.

2. How often should I run a penetration test?

At least annually, or whenever you launch a new system, update critical infrastructure, or after significant business changes.

3. What types of penetration testing do you offer?

We provide web application testing, infrastructure testing, mobile app testing, cloud testing, and red team-style engagements tailored to your business.

4. How is this different from vulnerability scanning?

Scanning only reports known weaknesses. Pen testing goes deeper—using attacker tactics to chain issues together and prove real-world impact.

5. Will pen testing disrupt my business?

Cras eget leo in quam euismod viverra et luctus tellus. Nullam porta euismod est sodales cursus. In lacinia, mauris quis volutpat tempor, nulla turpis vulputate magna, ut elementum turpis leo vel libero.

6. How do I request a Penetration Test?

You can request a Penetration Test through the ThreatInsights portal.

Incident Readiness:

1. What is Incident Readiness?

Incident Readiness ensures your business is prepared to respond quickly and effectively to cyberattacks, reducing downtime and financial loss.

2. What services are included in your Incident Readiness offering?

Tabletop exercises, customised playbooks, incident response runbooks, threat assessments, and breach simulations—all accessible through the ThreatInsights portal.

3. Why do SMBs and startups need Incident Readiness?

Cyberattacks don’t discriminate by company size. Without a clear response plan, even small incidents can become business-critical crises.

4. How do tabletop exercises help?

They simulate real attack scenarios in a workshop setting, testing your team’s ability to respond and highlighting any gaps before a real incident occurs.

5. What makes ThreatInsights’ approach unique?

We don’t just give you generic plans—we create bespoke, business-aligned playbooks tailored to your technology stack and workflows.

Managed Services:

1. What managed services do you provide?

Our managed services cover Penetration Testing, Cyber Threat Intelligence, and Incident Readiness, all delivered through the ThreatInsights portal.

2. Why choose a managed service instead of one-off projects?

Cyber threats evolve daily. A managed service ensures continuous protection instead of a one-time snapshot of your security posture. We can and do however still cater for those who require one off projects.

3. How does ThreatInsights deliver Managed Services?

Everything is delivered through our secure portal—giving you dashboards, reports, alerts, and direct access to real analysts.

4. Do you work with businesses that don’t have a security team?

Yes. We’re designed specifically for SMBs and startups that lack dedicated security staff but still need enterprise-grade protection.

5. How much does it cost?

Pricing depends on your service level (Base, Pro, Expert). We keep it transparent and affordable for growing businesses—far less than hiring in-house staff. You can see our prices on the pricing page

Got questions? This way.

Attack Surface Management :

Penetration Testing:

Incident Readiness:

Managed Services:

Services

Get in touch