Rapid7’s Merger & Acquisition (M&A) Security Assessment engagements are tailored to provide organizations with a cost-efficient, high-value security review during the merger or acquisition process. Capture an asset's cybersecurity capability state pre-merger to aid in the final transaction. Often, this assessment will identify large gaps that when left unmanaged, will put the entire asset at risk.
The base engagement will analyze the risk profile and security posture of an asset across six security domains. That base assessment can also be combined with a validated vulnerability assessment, social engineering, penetration testing, and an in-depth compromise assessment. After the analysis, our team will deliver a report outlining major gaps and consultant observations to help you move forward with your decision. Post-merger, the M&A assessment can be enhanced to provide a go-forward strategic plan, program maturity rating, and/or best practice gap assessment.
The security domains assessed include:
Culture
Technical Self-Awareness
Incident Response
Technical Security
Disaster Recovery
SDLC/Product Security