Merger and Acquisition Due Diligence
- Solution Approach:
The Business Issue:
While the security posture of an acquisition target is unlikely to influence management's decision to acquire the firm, an acquisition creates both opportunities and risks for the acquiring company. Several common issues that must be considered include:
- Risk: How to securely and quickly interconnect/integrate the two firms while still protecting the combined information assets and business processes? By connecting the two firms, the acquirer potentially expands its network perimeter to that its acquisition.
- Risk: Employees or affiliates of the acquired firm become internal users increasing their ability to potentially harm company assets, particularly if they are disgruntled about the acquisition and are privileged IT users.
- Opportunity: Identify and help retain talented security staff and best practices within the acquired firm.
KoreLogic's Approach:
Various clients have retained KoreLogic to provide M&A security due diligence services including Post-Acquisition Assessments (PSA). The following are representative examples of this support:
Other services include:
- Conducted a PSA for a Fortune 500 financial services firm which had acquired another financial services firm for +$4B. KoreLogic performed external and internal penetration testing of the acquisition and their hosting providers.
- Conducted a PSA for a large financial services firm which had acquired a strategic consulting firm. We are performed external pen testing, internal pen testing, Active Directory integration review, security operational practices review and VoIP testing.
