KYND performs three central types of assessment: Domain discovery, service discovery, and email discovery, and returns a report containing individual and comparative risk analysis.
Domain discovery: KYND tries to find the names of all the Internet domains that we believe are connected to your organisation. An Internet Domain is the part of the Internet that an organisation or individual has registered for itself to use. An example would be mycompany.com or mycompany.co.uk. Organisations or individuals never permanently own a particular domain name. They are registered for a period of time and the registration has to be renewed at regular intervals. KYND performs this Domain Discovery process by examining the registration details of the domain provided for your organisation and then connecting other domains that have been registered using similar details, such as the email address or organisation name used to register.
Service discovery: For each of the domains discovered, KYND then identifies all of the external Internet-facing services that are being run by your organisation from these domains. Some examples of 'Services' would be a Database (e.g. MySQL) or a Web Server (e.g. Apache). For each of these services, KYND collects all the external information available about and related to that service.
Email Discovery: For the original domain provided, KYND then collects all of the email policy, security and configuration information that is available. KYND uses this information to determine if your organisation is at risk of emails from your domain being impersonated.
Using all of the information collected in the previous steps, KYND then applies its cyber risk technology to create the individual Red, Amber, Green risks presented in the report. These risks are reported across different categories. KYND also compares the results for your organisation with a cohort of your peers to produce the comparative risk profile analysis shown in the report.