Skip Ribbon Commands
Skip to main content
Home > Services > Profiling > SocialScan ™




SecureState is one of the only Information Security firms to offer a complete scan of social networks as an assessment. Most firms will only include it in the footprint of an assessment, if it is even considered at all. Our SocialScan™ service is far superior to an automated tool. The methodology allows SecureState experts to examine popular, as well as obscure, online databases and social networks in order to detect exactly what is exposed on the Internet about your organization. In addition, we will manually assess conversations about your organization found on social media sites to determine brand, reputation, and security risks. SocialScan™ assesses all of the information that your organization, employees, ex-employees, and the public are making public on the Internet.


Our SocialScan™ incorporates cutting edge tools as well as custom developed scripts and methods to search for company specific information on social media sites. Using this methodology, SecureState manually analyzes the information returned and follows conversations related to your organization. For example, our staff can correlate comments from a blog posting back to Facebook, Twitter, and other popular social media sites. This can reveal the true source of the conversation as well as all of the people involved. SecureState looks at the most popular social media sites including Facebook, LinkedIn, Twitter, Flickr, YouTube, and MySpace; as well as the more obscure social networks such as Hi5, Tagged, Friendster, Bebo, Orkut, Yammer, and Yelp. In total, SecureState reviews approximately 40 social media sites to search for your information. In addition, our Team Members will examine message boards, online forums, and blogs / micro-blogs like Google Blogger and Tumblr to provide a complete picture of your online presence.


Our methodology is superior to other, more automated services because our manual methods remove many of the false positives and non-related information about your company. In addition, not only will we show you the negative things that may be posted about your organization, but we also will provide the positive attributes as well.

Did You Know?

  • Social networks are now the fourth most popular online activity, even ahead of personal email
  • Many organizations have no idea what their employees are posting on social networks, some of these posts can lead to security issues
  • SocialScan’s can supplement any annual security assessment or penetration test
  • SecureState’s Profiling Team develops proprietary tools and methodologies dedicated to OSINT (Open Source Intelligence) gathering

Our Approach and Methodology

Phase I – Pre-engagement Interactions:

In this phase, SecureState works with the client to establish the rules of engagement as well as the scope and exchange contact information for both parties. SecureState provides a detailed Project Charter which contains information on scope and everything that will be required to conduct the testing. The Project Charter is discussed during the kickoff call prior to the beginning of the engagement.

Phase II – Information Gathering:

SecureState begins the Information Gathering phase by determining company naming conventions, company subsidiaries, and domain names. This information is required so we can determine how a company’s related names and domains are found on social media sites.

Our Team Members determine the current social media presence with deep research into the major social media sites such as Facebook, Twitter and LinkedIn. Once this information is determined, we work with the client to determine what is most valuable to the company from a social media perspective. This may include: include brand reputation, loss of confidential data, and employee abuse of social media or company policies. SecureState will analyze this information to help guide the analysis phase to determine what is most valuable to the client.

Phase III – Social Media Analysis:

Using custom and proprietary tools designed for social media information gathering, SecureState reviews over 40 social media sites including message boards, online forums, blogs and more for your company information and related conversations. In addition, SecureState dives deep into the most popular social media sites such as Facebook, LinkedIn, Twitter, Flickr, YouTube, and MySpace as well as the more obscure social networks such as Hi5, Tagged, Friendster, Bebo, Orkut, Yammer, and Yelp.

Phase IV – Reporting and Deliverables:

SecureState will deliver to your organization a comprehensive report showing screen shots, detailed conversations, names, and links back to the information collected. Additionally, we will provide an information linkage diagram (if applicable) showing how the company’s information is linked together. This will visually show, from a high level, the source or sources of the information. Finally, we will provide a detailed, professional analysis of the information gathered as well as a comprehensive risk rating for your organization. This is determined by considering the sensitivity of the information found as well as how your company ranks compared to your industry peers.

What Makes Us Different

  • Uses a team-based approach for all SocialScans™
  • Profiling Team members are known as experts in the privacy and security of social networks
  • SecureState’s Tom Eston co-hosts the popular social media security podcast and runs the website
  • Profiling Team members are frequent speakers at national and worldwide security and hacking conferences such as DEFCON, Black Hat, OWASP AppSec, SANS, ShmooCon, THOTCON, DerbyCon, ToorCon and more
  • Conducts all SocialScans™ from our state-of-the-art hacking facility in SecureState’s world headquarters; a DOD cleared facility
  • Provides a secure, two-factor authentication web portal for access to SocialScan™ results

Related Services