Interconnekt
Security Assessments

Security Assessments

You can't fix what you haven't measured. A good assessment gives you three things: a baseline you can defend to a board, a prioritised remediation list, and the evidence an auditor or insurer will accept.

Book a security assessmentSee pricing
Next step

Ready to scope Security Assessments for your business?

Book a security assessmentSee pricing
What’s included

Scope that’s actually defined.

Every inclusion below is documented, delivered, and renewable under our standard agreement. No surprise scope. No silent exclusions.

Microsoft 365 security audit

Full tenant review against CIS and Essential Eight - identity, data protection, device management, and configuration drift.

External vulnerability scanning

Internet-facing asset scans with false-positive-triaged reports. We tell you what's real and what's noise.

Essential Eight posture review

Maturity scoring against all eight controls with a roadmap to your target maturity level.

Dark web exposure report

Credential, IP, and brand monitoring for your domains - with an exposure summary delivered in plain English.

What’s not included

The boundaries, stated up front.

Knowing where a service stops matters as much as knowing what it covers. Here’s what sits outside this engagement - so there are no awkward surprises later.

Remediation of what we find

An assessment tells you where you stand and what to fix. The remediation work is a separate engagement - often under Compliance or Cyber Security - so you're free to action it yourself or with us.

A pass/fail vanity certificate

We assess against Essential Eight and CIS honestly, amber findings included. We don't issue a feel-good certificate that papers over real gaps.

Testing systems you don't own

We assess your environment. Probing third-party or supplier systems requires their written authorisation and is scoped separately.

How we deliver

A sequence you can hold us to.

Every engagement runs the same four steps. You always know which one we’re in and what comes next.

  1. 01

    Scope

    We map your current state and agree exactly what's in and out, in writing, before any work or invoice. No surprise scope, no silent exclusions.

  2. 02

    Plan

    A documented plan with milestones, owners, and success criteria you can hold us to - so you know what good looks like before we start.

  3. 03

    Implement

    We do the work with change control and your sign-off at each gate. You see progress against the plan, not a black box.

  4. 04

    Operate

    Ongoing management, published performance, and a quarterly review that keeps the work honest and the roadmap current.

Frequently asked

The questions we get most.

How long does an assessment take?
A Microsoft 365 audit typically takes 2 weeks end-to-end - scanning, validation, and reporting. A full posture assessment spanning cloud, endpoints, and external attack surface takes 3-4 weeks.
Do we get the report, or do you keep it?
You get the report, the evidence, and the raw data. We are not in the business of holding your security posture hostage - you should be able to walk this across the road if we ever disappoint you.
What does the remediation plan look like?
A prioritised list keyed to effort, cost, and risk reduction. We flag the 20% of work that delivers 80% of the uplift - and we're honest when a finding is low-risk-in-practice.
Do you assess against a specific framework?
Yes. This page is the overview - if you already know the framework you need measured, go straight to the dedicated audit: the Secure Score Uplift for your Microsoft 365 tenant, the CIS Gap Analysis for the broad international baseline, or the Essential 8 Gap Analysis for the Australian standard primes and insurers ask about. Each scores you against your target level and hands back a roadmap.
Tools we use

What we run for security assessments

The platforms we standardise on for this service. Picked for fit, not for kickbacks.

Vulnerability management

RoboShadow

External vulnerability scanning and attack surface monitoring - what attackers see before they attack.

View partner
Compliance

Drata

Compliance automation for SOC 2, ISO 27001, HIPAA, and more - with continuous evidence collection and audit-ready reports.

View partner
Compliance

Vanta

Security and compliance automation - SOC 2, ISO 27001, HIPAA, GDPR. Continuous monitoring, streamlined audits.

View partner
Related reading

Go deeper on security assessments

Compliance · 9 min read

Asked for CIS Controls and the Essential Eight? Here's how they actually map.

Auditors and insurers increasingly want both CIS Controls v8 and the Essential Eight. They overlap, but they aren't the same shape. Here's the control-by-control mapping we use - and the four CIS controls the Essential Eight quietly leaves you exposed on.

Read articleCompliance · 6 min read

ML1 is enough. Most SMBs still overshoot.

The Essential Eight has three maturity levels. Most SMBs reach for ML2 or ML3 because the number looks better. Here's why ML1, done honestly, beats ML2 done badly - and what the gap actually costs.

Read articleSecurity · 9 min read

The SMB buyer's guide to Managed Detection and Response

Every MDR vendor's site says the same things. Here's how to actually tell them apart: the difference between an alert and a response, who's watching at 2am, and the questions that separate real 24/7 detection from a dashboard you'll never open.

Read article
Related services

Usually bundled with security assessments

Essential 8 Gap Analysis

Your maturity against all eight ACSC mitigation strategies, scored to your target level, with a roadmap to close the gaps. The Australian baseline that primes, contracts, and cyber insurers increasingly ask you to prove.

Learn more

CIS Gap Analysis

Where you stand against the CIS Critical Security Controls v8.1 - all 18 controls, scored to your target Implementation Group - with a prioritised roadmap to close the gaps. The broad, internationally-recognised baseline that maps to NIST and ISO.

Learn more

Secure Score

A baseline of your Microsoft 365 security posture in the Defender portal, then a prioritised plan to raise it - working the high-impact actions, not chasing a vanity number. The fastest way to know where your tenant actually stands.

Learn more

Compliance

Roadmap, remediation, and ongoing attestation against the CIS Critical Security Controls and the Australian Essential Eight. Frameworks that actually get implemented, not just referenced.

Learn more
Ready when you are

Leave the MSP that doesn’t pick up.

Tell us what your current setup looks like. We’ll send back a quote, a transition plan, and a firm date you’d be onboarded - within 48 hours.

Response
Within 48 hours
Format
Written quote
Discovery call
Not required
Contracts
No lock-in terms

We’ll respond within 48 business hours. No spam, ever.