The three packages differ in their depth of analysis:

• Essentiel: 10 control points, automated scan, simplified report — for small sites or first audits.
• Avancé: 15 control points, manual testing of common vulnerabilities, authentication analysis, detailed report with prioritised action plan.
• Premium: 20 control points, in-depth penetration tests, API and database audit, full OWASP Top 10 verification, presentation session included.

All packages include post-audit follow-up and implementation assistance.

The three packages differ in their depth of analysis:

• Essentiel: 10 control points, basic network mapping, automated scan for common vulnerabilities, simplified report — for SMEs beginning their security journey.
• Avancé: 15 control points, manual intrusion tests, configuration analysis of active devices, detailed report with prioritised action plan.
• Premium: 20 control points, internal and external penetration tests, attack simulation, full analysis of segmentation and access, presentation of results to management.

All packages include post-audit follow-up and implementation assistance.

Bexxo offers 5 service categories: (1) Web and network security audits (ISO 27001, NIST CSF); (2) Penetration tests; (3) Vulnerability monitoring via CVE Find, integrating MITRE, NVD and CISA KEV data; (4) Phishing simulation via PhishTrainer, a Swiss software with client-side encryption; (5) Consulting and nFADP compliance. Our audits detect an average of 12 to 15 critical vulnerabilities per SME.

The corporate network is the primary target for attackers: it provides access to all systems, data and internal communications. Three factors increase SMEs' exposure:

• Long detection time — the average time to detect a breach is 204 days (IBM Cost of a Data Breach 2024), giving attackers time to exfiltrate data.
• Default configurations — firewalls, routers and switches delivered with non-hardened settings represent exploitable entry points.
• Uncontrolled remote access — VPN, remote working and partner access expand the attack surface without always being adequately secured.

We combine technical expertise and advanced methodology to quickly identify vulnerabilities, propose fixes, and strengthen your platform against cyberattacks.