Security Bootstrap: For SMEs that want to prevent downtime and damage from hackers.
Our Security Bootstrap was designed by ethical hackers to quickly and affordably bring SMBs to a basic level of security.
X Sleepless nights about "am I safe enough?"
X Large invoices for hypothetical advice
✔ Peace of mind with a complete and affordable check
✔ Coverage of office (IT) and production environment (OT)
✔ Know immediately which “digital doors” to lock
Schedule a free consultation and we will be happy to discuss your situation .
Why now?
A recent report by ABN-AMRO shows that SMEs in the Netherlands are increasingly becoming a target for cybercriminals.
More often a target
One in five companies reported suffering damage from an attack in the past year.
Average damage
The average damage was as much as €270,000 per incident.
Standstill
Nearly one in ten SMEs reported operational disruption due to an attack in the past year.
Why now?
A recent report by ABN-AMRO shows that SMEs in the Netherlands are increasingly becoming a target for cybercriminals.
More often a target
One in five companies reported suffering damage from an attack in the past year.
Average damage
The average damage was as much as €270,000 per incident.
Standstill
Nearly one in ten SMEs reported operational disruption due to an attack in the past year.
A security starter package for SMEs
The Security Bootstrap is a no-nonsense starter kit for companies that want to improve their security but don’t know where to start. It consists of a series of tests created by ethical hackers to find the biggest risks to your company.
1. Internet Interfaces
We look at your company from the outside with the eyes of a hacker. With a scan we look at which "front doors" are unconsciously open, so that we can close them in time.
2. Internal vulnerabilities
We also search for weak spots within your network. This way you discover whether a malicious person who enters (e.g. via phishing) would have free rein.
3. Network separation
We check if your office IT and your operational technology (machines, production network) are separated. We test if this separation is sufficient or needs improvement.
4. Users and permissions
We will examine your Active Directory (the system for users and rights). A secure AD ensures that intruders cannot easily get further into your network.
+ Cloud analysis (optional)
Do you use cloud services (e.g. Microsoft 365, Azure, AWS)? Then we can optionally perform a scan of your cloud environment.
Free consultation
Demonstrable experience
15
Years of experience
100%
OSCP Certified
300+
Penetration tests performed
€ 0,-
To unexpected hours and invoices.
100+
VDP Disclosures
Our people
We are a Dutch specialist team, trusted by companies at home and abroad. Our pentesters are certified (OSCP) and used to thinking in terms of risks that affect you. We believe in transparency and practical advice that you can use immediately: no jargon, no wild theories, just results.
"I like to think about which vulnerabilities really matter to your company."
Wouter van der Houven MSc OSCP
Co-founder
Thinking like a hacker
Our testers are experienced attackers themselves, but now in your interest. We think like a hacker: how could we get to your sensitive data? Which combination of vulnerabilities is really interesting? This provides practical and relevant insights that your development team can start working with immediately.
Testing with scenarios
Every company is different and brings unique risks. That is why we at Security.Rocks start every test with a short business risk analysis. We do not only look at technical issues, but especially at what is really important for your organization.
Why this approach?
This way, our tests are aligned with your actual risks and you will mainly receive findings and advice that make a difference for your organization. No standard checklist, but relevant scenarios that would really keep you awake at night.
No book
Working out these scenarios is not a book. Usually a clear brainstorm from your daily practice is sufficient. We guide this process and use it to test in a focused, efficient and above all valuable way.
Together we determine what absolutely cannot go wrong.
What is really sensitive or confidential?
Think of customer or company data, financial data or anything that requires extra protection due to regulations (such as GDPR).
What data must absolutely not be unreliable?
Errors in certain numbers, records or processes can have a direct impact on business operations or compliance.
Which services should always remain available?
We look at which business units would immediately lead to disruption or reputational damage in the event of a failure.
Should users only be able to see and edit their own data?
Can an administrator do more than is strictly necessary? Is data protection properly arranged in all roles?
We translate these risks into concrete test scenarios.
What happens if someone sabotages processes, manipulates data, or intercepts communications between systems?
Extra attention to what makes your company unique
We also look at non-standard processes, links with external services or industry-specific functionality.
The process
01
Preparation (Week 0)
Together we determine which systems, applications or networks will be tested and we establish clear goals that match the needs and risks of your organization.
02
Reconnaissance and Attack (Week 1 & 2)
We collect information to understand how your systems are working. With this information, we perform targeted attacks, similar to how a malicious hacker would operate. This way, we identify weaknesses and risks.
03
Report (Week 3)
You will receive a clear and detailed report of our findings, which not only describes the vulnerabilities but also provides practical recommendations for resolving them.
04
Debriefing and support
Results can be technical. We help your team understand the results and how to fix them. We also perform a free audit test to verify that findings have been resolved.
Did you know that the financial impact of a hack often goes beyond just restoring systems? Think of possible fines from the Dutch Data Protection Authority and especially the reputational damage to customers and partners. With a pentest you prevent yourself from running these enormous risks. Security is an investment that pays for itself many times over.
_edited_p.png){kind=logo}