Technology - cysmo

cysmo® technology

The spearhead of cyber risk assessment

With cysmo®, insurers and financial companies can carry out a precise assessment of a company's externally visible IT infrastructure - both for their own purposes and for the assessment of external partners such as service providers. The innovative technology makes it possible to efficiently check and evaluate publicly accessible systems, whereby we are guided by leading recommendations and industry standards.

cysmo® offers a fully automated solution for assessing and analyzing cyber risks, developed with in-depth expertise in insurance, IT security and product development. As a recognized standard in cyber risk rating in the insurance industry, cysmo® is already successfully used as a sales and underwriting tool and supports compliance with regulatory requirements such as VAIT.

With cysmo®, financial companies are already ideally positioned to comply with the EU Cyber Resilience Act (CRA).

cysmo® Method

Outside-In Scanning

The automated outside-in scanning method from cysmo® differs significantly from traditional penetration tests.

While penetration tests require active intervention in systems to identify vulnerabilities, outside-in scanning offers a passive and unintrusive technique that analyzes a company's digital attack surfaces from the outside.

This method makes it possible to create a realistic picture of cyber risks without internal access or disruption to operations, making it ideal for a quick and regular security assessment.

Zero false positives

The highest standard

Our approach to cyber security

At cysmo®, we use state-of-the-art technologies to assess the security of IT infrastructures. Our goal is to protect companies from the ever-changing threats in cyberspace. We provide a detailed external view of IT vulnerability as a potential attacker would see it.

Evaluation of the IT infrastructure

At cysmo®, we analyze the externally visible IT infrastructure of companies with a focus on publicly accessible systems. Our assessments are based on comprehensive security criteria that are aligned with technical recommendations and industry standards.

Dark web monitoring

Our technology detects and analyzes data leaks that could affect company data on the dark web. We identify potential risks resulting from published email addresses and passwords and offer recommendations for improving security measures.

Comprehensive risk analysis

The cysmo® rating is an essential component of a holistic risk analysis. It not only shows the current vulnerability of IT infrastructures, but also provides insight into potential weaknesses and gives recommendations for remedial action.

Individual safety recommendations

Based on the results of our analysis, companies receive customized recommendations for improving their security posture. Our experts are on hand to assist with the implementation of these recommendations.

Continuous monitoring and evaluation

Our service does not end with a one-off assessment. cysmo® provides continuous monitoring and regular assessments to ensure organizations remain resilient to new and evolving threats.

Your personal demonstration

Discover cysmo®, the industry standard for cyber risk assessment that goes beyond traditional risk assessments. Contact us for a personalized demo.

Book a demo

Fully automated recording

cysmo®'s advanced algorithms map cyber risks in real time.

Regular updates

Automated, recurring assessments keep your risk proﬁle up to date at all times.

Industry standard evaluation

Based on the criteria of expert authorities such as the BSI and the VdS.

Made in Germany

Developed by the renowned PPI AG, cysmo® stands for quality and reliability.

cysmo® Scoring

Precise evaluation for well-founded decisions

Attack Resilience

The "Attack Resilience" sub-rating represents the visible attack surface of the rated company without actively scanning or penetrating the systems or system components.

DDoS Stability

The "DDoS Stability" sub-rating assesses the infrastructure's resistance to DDoS attacks (Distributed Denial of Service).

DNS Config

The "DNS Config" sub-rating evaluates the configuration of the DNS infrastructure used (Domain Name System), i.e. the servers responsible for name resolution in the network.

Mail Config

The "Mail Config" sub-rating relates to the configuration of the mail servers used, including aspects such as appropriate encryption and measures against social engineering attacks.

Privacy and Reputation

The "Privacy and Reputation" sub-rating deals with user behavior when tracking website visitors, including the evaluation of encryption, confidentiality and the forwarding of user data to third parties.

DarkNet

The "DarkNet" sub-rating assesses the attack surface in terms of social engineering, based on information from the DarkNet that includes, for example, company addresses from public networks.

Book a demo

Experience cysmo® live now

Let us inspire you

Book your demo now!

Experience the power of cysmo® with a personal demo. Choose a date that suits you to get an exclusive introduction to our cysmo® platform. Our team will show you how you can optimize your risk analysis and decision-making processes.