The Exposure and Identity Risk Assessment is a professional security service offered by Pen Test Partners that evaluates an organisation's digital exposure and identity-based risks across online and dark web sources. The service has two main components: **Exposure Attack Surface Risk Assessment** Uses CrowdStrike Falcon Suite's vulnerability management capabilities to discover and assess all assets — including endpoints, applications, and IoT devices — via agents. The assessment identifies externally facing assets and potential points of vulnerability, categorises findings by criticality and potential impact, and delivers holistic insight into an organisation's overall security posture. The service is customisable to align with specific organisational environments and priorities. **Identity Risk Assessment** Deploys an Endpoint Detection and Response (EDR) agent to gather data on all user accounts and identity-related data sources across hosts. The assessment analyses over 70 identity-related risks, including: - Vulnerable accounts and high-risk users - Attack paths to privileged accounts - Compromised and duplicated passwords - Anomalous behaviours - Unmanaged endpoints - Password policy robustness - Exploitable services running on machines - Vulnerable operating systems Findings are presented via a risk score per domain, a score trend over time, a risk matrix showing likelihood and impact, and an entities summary. Critical findings are reported immediately; all other findings are delivered in a formal report categorised by impact and remediation effort. The Identity Risk Assessment can be run as a standalone engagement, incorporated into a Compromise Assessment, or used as part of incident response.