Mini Security Assessment
An unbiased view of yourendpoint security posture.
This assessment is conducted by RedTeamTrust — not your MSSP. Reports carry the RedTeamTrust brand, not your service provider's. That independence is the point: a neutral third-party finding carries more weight with leadership, auditors, and insurers than a report from your own vendor.
Why independent assessment matters
“You wouldn't ask your IT team to judge their own work and trust the result to be fully unbiased.”
Not because they're untrustworthy — but because independence is what makes an assessment meaningful. Your IT team understands this. The fact that they sought a third-party evaluation rather than running their own checklist is a deliberate choice: they want your leadership to have a view of your security posture that hasn't been filtered through the team responsible for it.
That's a sign of professional integrity. This report is not a grade on your IT team — it's the honest, unfiltered picture they wanted you to have, because they care more about your actual security than about how an internal review might look.
What the assessment covers
A single-endpoint run of our visibility agent checks the controls that matter most for SMB environments. No credentialed access, no network agent, no persistent install — the agent runs once and sends structured telemetry to generate your reports.
Endpoint
- ✓AV / EDR registration and real-time protection status
- ✓EICAR test file probe — does your AV actually remove threats?
- ✓EDR behavioral probe — does your EDR catch encoded process launches?
- ✓BitLocker / disk encryption on all fixed volumes
- ✓Windows Update patch age and pending reboots
- ✓Defender ASR rules, Tamper Protection, AppLocker / WDAC
- ✓TPM version (required for Credential Guard and Secure Boot)
Identity
- ✓RunAsPPL (LSASS protection), Credential Guard, WDigest status
- ✓Windows LAPS deployment
- ✓Local administrator count and non-expiring passwords
- ✓Built-in Administrator SID-500 — enabled or default-named?
- ✓Account lockout threshold — spray protection
- ✓Browser-saved password databases detected on disk
- ✓Stale and dormant local accounts
Detection
- ✓PowerShell script block, module, and transcription logging
- ✓Process creation auditing (Event ID 4688)
- ✓Logon auditing (Event ID 4624)
- ✓Sysmon installed and running
- ✓Windows Event Log sizing — will logs survive a 48-hour incident?
Network & Data Exposure
- ✓LLMNR / NBT-NS / mDNS — the Responder poisoning triad
- ✓SMB signing required on client and server
- ✓WPAD proxy auto-detection and IPv6 exposure
- ✓AWS / Azure / GCP credential files and .env files on disk
- ✓Unencrypted SSH private keys in user profile
- ✓Firewall profile status, WinRM, Remote Registry
What you receive
Three deliverables are generated from each assessment — one for your leadership, one for your IT team, and one your MSSP uses to present and prioritize remediation.
Everyone
Risk Score
A weighted 0–100 risk score calibrated against category weights (detection, identity, endpoint, network, data exposure) and whether active probes completed without interception.
Leadership
Executive Summary PDF
A section-by-section narrative explaining each gap in business terms, with a risk band and finding table. Suitable for board presentations, insurance renewals, and compliance narratives.
IT team
Technical Detail PDF
Full finding inventory with category, detection outcome, raw evidence, and remediation steps. The working document your IT team uses to implement fixes.
Partner MSSP also receives a findings slide deck for the proposal meeting and an internal remediation guide.
How the MSSP referral model works
Many assessments are initiated by an MSSP who refers their client to RedTeamTrust. Here is what that means for each party.
Your MSSP
- →Initiates the assessment and obtains written authorization from you
- →Downloads the assessment bundle on your behalf
- →Identified on the report cover as the referring partner
- →Does not control the findings or the scoring — that is RedTeamTrust's role
RedTeamTrust
- →Conducts the assessment and generates all reports independently
- →Scores findings against a calibrated, fixed methodology
- →Delivers PDFs branded RedTeamTrust — not your MSSP's brand
- →Maintains the platform and the assessment methodology
Your Organization
- →Provides written authorization before any agent runs (required)
- →Runs the agent binary — no persistent install, one-time collection
- →Receives executive and technical PDFs with a clear risk score
- →Owns the remediation path — your MSSP or internal team executes
Ready to see your real risk?
One-time engagement. No persistent agents. Independent report you can share with leadership, insurers, and auditors.