🎯 Interactive Demo — Experience CyberDD's M&A cybersecurity due diligence platform Start Free Trial →
← Back to CyberDD

Project Phoenix

View as:
🏢 Seller View
Demo User

Target Company

TechStart Inc.

Status

In Progress

DD Deadline

Jan 31, 2026

6

Participants

Cyber Risk

72

HIGH

$45M

Deal Value

👤

Buyer Dashboard

You're viewing approved findings from the target company. Use External Recon to discover attack surface and breaches. Generate reports for your investment committee.

🏢

Seller Dashboard

You control what the buyer sees. Connect your cloud accounts, upload policies, and approve findings before they're shared with the buyer.

Your Next Steps

23 findings pending approval

Review and approve for buyer

📋

2 questionnaires incomplete

Due by Jan 20, 2026

📄

3 policies awaiting analysis

AI analysis available

☁️

Connect GCP account

AWS and Azure connected

Assessment Progress

🔍

External recon complete

2 breaches • 847 leaked credentials

⚠️

37 findings to review

4 critical • 12 high severity

5 policies analyzed

Avg maturity: 3.2/5

📊

Generate IC Report

Ready for investment committee

Deal Timeline

Deal Created

Jan 2, 2026

Cloud Accounts Connected

Jan 5, 2026

Policies Uploaded

Jan 8, 2026

Security Assessment

In Progress

DD Deadline

Jan 31, 2026

Recent Activity

🤖

AI analyzed Information Security Policy

Today at 3:45 PM • Maturity: 4/5 • 3 findings

AWS security scan completed

Today at 2:34 PM • 23 findings detected

12 findings approved for buyer

Yesterday at 4:15 PM

📋

Security Assessment questionnaire submitted

Jan 10, 2026 • 23/23 questions answered

🔍

External reconnaissance completed

Jan 8, 2026 • 2 breaches detected

24

Total Documents

18

Approved

6

Pending Review

45.2 MB

Total Size

Document Type Category Uploaded By Status Date Actions
📄

Information_Security_Policy_v2.pdf

2.4 MB

 Policy Security Governance John Smith ✓ Analyzed Jan 10, 2026
📜

SOC2_Type_II_Report_2025.pdf

5.1 MB

 Certification Compliance Sarah Johnson ✓ Approved Jan 8, 2026
🖼️

Network_Architecture_Diagram.png

1.8 MB

 Diagram Infrastructure Mike Chen ⏳ Pending Jan 12, 2026
📊

IT_Asset_Inventory.xlsx

856 KB

 Asset List

→ 147 assets extracted

 Asset Management John Smith ✓ Approved Jan 6, 2026

AI Policy Analysis

Automated analysis of security policies against frameworks like NIST, ISO 27001, and SOC 2

5

Policies Analyzed

3.2

Avg Maturity (1-5)

12

Total Findings

8

Findings Managed

Policy Documents

📄

Information Security Policy v2.0

Security Governance • 2.4 MB • Uploaded Jan 10, 2026

Maturity:
4/5
| 3 findings
✓ Analyzed

Key Findings:

MEDIUM Password policy does not specify complexity requirements
LOW Review cycle not defined for security exceptions
📄

Incident Response Plan

Incident Response • 1.8 MB • Uploaded Jan 8, 2026

Maturity:
3/5
| 5 findings
✓ Analyzed
📄

Data Classification Policy

Data Protection • 1.2 MB • Uploaded Jan 12, 2026

Not Analyzed
Full Partial Minimal Not Covered

ISO 27001 Control Coverage

A.5Policies
A.6Org
A.7HR
A.8Assets
A.9Access
A.10Crypto
A.11Physical
A.12Ops
A.13Comms
A.14SysDev
A.15Suppliers
A.16Incident
A.17BC/DR
A.18Comply
Buyer View: You see only findings the seller has approved. 12 of 35 findings are currently visible to you.
Seller View: You see all 35 findings. Click "Approve for Buyer" to share findings with the acquiring company.

Connected Cloud Accounts

☁️

AWS Production

123456789012

Connected
🔷

Azure Subscription

sub-abc123...

Connected
🔶

Google Cloud

Not connected

Scan History

Scan Type Account Status Findings Approval Date
Full Security Scan AWS Production Completed
4 8 11
✓ Approved Jan 14, 2026
IAM Analysis Azure Subscription Completed
2 5 5
Jan 12, 2026

Security Findings

CRITICAL ✓ Approved

S3 Bucket Public Access Enabled

arn:aws:s3:::techstart-prod-data

S3 bucket has public access enabled, potentially exposing sensitive customer data.

AWS • S3 Detected Jan 14, 2026
CRITICAL 🔒 Pending

RDS Instance Publicly Accessible

arn:aws:rds:us-east-1:123456789012:db:prod-db

Production database is publicly accessible from the internet.

AWS • RDS Detected Jan 14, 2026
HIGH ✓ Approved

Unencrypted EBS Volume

vol-0abc123def456

EBS volume attached to production instance is not encrypted at rest.

AWS • EC2 Detected Jan 12, 2026

External Attack Surface

Discover exposed assets, vulnerabilities, and data breaches — no target company access required

68

HIGH

External Attack Surface Risk

4 critical • 7 high • 12 medium • 8 low findings

23

External Assets

8

Open Ports

4

Critical

2

Breaches

847

Leaked Credentials

🚨

Data Breach Detection

Credentials from techstart.io found in breach databases

2 Breaches Detected

LinkedIn Data Breach (2023) Critical

Breach Date: October 2023 • Discovered: Jan 2026

523

Affected Accounts

Exposed Data: Email addresses, hashed passwords, names, job titles

📧 Emails 🔑 Passwords (Hashed) ⚠️ Password Reset Recommended

Third-Party SaaS Breach High

Breach Date: March 2025 • Discovered: Jan 2026

324

Affected Accounts

Exposed Data: Email addresses, API keys, session tokens

🔑 API Keys 🚨 Immediate Rotation Required

Assets by Type

8

Domains

12

IP Addresses

5

SSL Certs

147

Emails

Combined Risk Analysis

Aggregated risk score from all assessment sources

72

HIGH

Combined Score

Score Breakdown by Source

🔍 External Attack Surface28 / 100
☁️ Cloud Security18 / 100
📋 Questionnaire Responses14 / 100
📄 Policy Analysis12 / 100
📜 Certification Trust-8 (adjustment)

Finding Summary (All Sources)

6

Critical

15

High

23

Medium

12

Low

5

Info

Certification Trust Factor

-8

Risk Adjustment

Valid Certifications: SOC 2 Type II (2025), ISO 27001 (2024)

Certifications reduce overall risk score when verified and current.

Executive Reports

Generate professional reports for stakeholders and investment committees

📊

Executive Summary

Board-ready overview

High-level risk assessment with key findings, breach history, and remediation priorities.

📋

Technical Detail

For security teams

Comprehensive findings with CVEs, remediation steps, and integration considerations.

PE FOCUSED
💼

IC Report

Investment Committee

Deal-focused analysis with risk quantification, valuation impact, and go/no-go recommendation.

💰

Remediation Cost Estimate

Budget planning

Estimated costs to remediate all findings, prioritized by severity and effort.

🔄

Post-Close Playbook

Integration planning

90-day integration plan with security milestones and remediation timeline.

🎯

Risk Heatmap

Visual summary

Visual representation of risk across all security domains.

Generated Reports

Report Type Generated Actions
Project Phoenix - IC Report IC Report Jan 14, 2026
Project Phoenix - Executive Summary Executive Jan 12, 2026

Security Questionnaires

Title Status Progress Deadline Actions
Security Assessment Questionnaire
23 questions • Comprehensive security controls
 COMPLETED
100%
Jan 10, 2026
Data Protection & Privacy
18 questions • GDPR and data handling
 IN PROGRESS
72%
Jan 20, 2026
Incident Response Capabilities
15 questions • IR procedures assessment
 NOT STARTED
0%
Jan 25, 2026 Awaiting response

Seller Security Tools

Connect security tools to share data with buyers

Seller View Buyer View

4 integrations pending approval

Approve findings to make them visible to buyers.

Viewing approved security tool data

The seller has connected their security tools and approved this data for your review.

68
Risk Score
High Risk
Multiple critical vulnerabilities detected across security tools. CrowdStrike shows 12 unresolved detections. Wiz reports 8 critical cloud security issues.

Key Findings (6)

CRITICAL Wiz - ApiTest Cloud security score 7/100
CRITICAL Wiz - ApiTest 8 critical cloud security issues
CRITICAL CrowdStrike - Production 12 unresolved endpoint detections
HIGH Rapid7 InsightVM - test 2,520,890 high severity vulnerabilities
CRITICAL Rapid7 InsightVM - test 1,064,645 critical vulnerabilities detected
HIGH Vanta - Production 15 failing compliance tests across SOC 2 controls

Compliance Automation

Compliance monitoring, audit preparation, and certification tracking

Vanta - Production

Production Vanta

Connected⏳ Pending
22 Risk Score
Last sync: Feb 4, 2026, 10:15 AM

Cloud Security

Cloud security posture management and risk assessment

Wiz - ApiTest

ApiTest

Connected⏳ Pending
93 Risk Score
Last sync: Feb 4, 2026, 11:39 PM

Vulnerability Management

Vulnerability scanning, assessment, and remediation tracking

Rapid7 InsightVM - test

test

Connected⏳ Pending
67 Risk Score
Last sync: Feb 4, 2026, 11:33 PM

Endpoint Security

Endpoint detection & response, threat hunting, and SIEM

CrowdStrike Falcon - Production

Falcon Production

Connected⏳ Pending
45 Risk Score
Last sync: Feb 4, 2026, 11:42 PM

3

Documents

3

Analyzed

-3

Cert Risk

82%

Avg Maturity

8

Findings

6

Acknowledged

Security Certifications Analysis

Analyze compliance certifications for validity, scope, and control coverage

SOC_2_Type_II_Report_2025.pdf

2.4 MB • Uploaded Jan 15, 2026 by John Smith

✓ Analyzed 88% Substantially Compliant

Strong SOC 2 Type II report covering Security, Availability, and Confidentiality trust principles. Clean opinion with no exceptions noted. Coverage period: Jan 2025 – Dec 2025. Audit firm: Deloitte.

2 Medium 1 Low 3/3 acknowledged

ISO_27001_Certificate_2025.pdf

1.1 MB • Uploaded Jan 15, 2026 by John Smith

✓ Analyzed 85% Substantially Compliant

Valid ISO 27001:2022 certification from BSI Group. Scope covers information security management for SaaS platform operations. Certification valid through March 2027.

1 Medium 2 Low 3/3 acknowledged

PCI_DSS_AOC_v4.pdf

890 KB • Uploaded Jan 20, 2026 by Sarah Chen

✓ Analyzed 72% Partially Compliant

PCI-DSS v4.0 Attestation of Compliance. Level 1 service provider. Some compensating controls noted for requirements 6.4 and 11.3. QSA: Coalfire Systems.

1 High 1 Medium 0/2 acknowledged