FAQ - Answers to Your Questions

Here are answers to frequently asked questions we receive about the analysis process and data security at LocateRisk.

1. What is LocateRisk?

LocateRisk is a platform for assessing, monitoring and minimizing the external IT attack surface for organizations of all industries and sizes worldwide. The automated solution bundles and Simplifies complex cybersecurity processes in a single, easy-to-use application. 

2. Who uses LocateRisk?

Our solution is used by a wide range of customers, from SMEs to corporations, as well as public institutions such as cities and municipalities, ministries and many more.

3. What are the main functions and advantages?

With LocateRisk, you can minimize cyber risks, create transparency, save time and costs, and effortlessly prove your own external IT security posture and that of third-party companies at any time.

4. Does the LocateRisk scan affect the systems?

No, the scan is not invasively structured and relies extra on proprietary developments.

5. Can I check externally managed servers? Is this legally allowed without written consent?

Yes, we do not violate the hacking paragraph because we do not overcome access barriers. There are two legal opinions on this. We only evaluate public data.

6. What do I need to consider before starting the security scan?

The skin domain of the organization to be audited is required, as well as optionally other main domains such as product landing pages. For the IT security assessment, in the form of a management overview, verbal consent is sufficient. For detailed analyses, benchmarks or monitoring, written consent is required.

7. How much does the LocateRisk analysis cost?

This depends on the scanning interval and the number of employees in the organization being audited. The IT inventory and management overview are free of charge.

8. What do I get as a result of the free LocateRisk IT security assessment?

A free demo of the assessment results, including the management overview (pdf) and insight into the top 5 weaknesses.

9. Where is the data stored?

Completely in the EU. ISO 27001 certified hosters: Hetzner and Scaleway.

10. Are personal data processed?

Only public, technical data is processed in the scan.

11. What are typical weak points?

MySQL and Remote Desktop accessibility, missing SPF entries, security vulnerabilities due to missing patches, SSLv3, TLS1.0, tracking cookies without user consent, etc.

12. Who fixes the vulnerabilities?

As a rule, the IT teams of the audited companies fix the vulnerabilities themselves. The fee-based products include a one-hour meeting. If further support is required, we are happy to recommend a suitable service provider from our partner network.

13. Can targeted service providers be tested?

Yes, both before collaboration and in ongoing risk management. We provide management reports for this and are in the process of building a platform.

14. Is there also an internal LocateRisk scan?

There is a possibility of Nessus import. This allows to work on the vulnerabilities with a unified, simple and clearly structured interface.

---