Investigation Colophon · Methodology · Provenance

About this investigation

Full audit trail of how this report was produced — target identification, analytical techniques applied, tools that ran, gaps recorded, and the schema and skill versions used. Reproducibility is a forensic posture.

Confirmed Target · Type: Org

Benefit Advisors Network (BAN)

benefitadvisorsnetwork.com

Premier national credentialed network of independent benefit advisory and employee benefits consulting companies.

Founded in 2002
Spun off from Alera Group
Network of independent benefit brokers and consultants specializing in employee benefit solutions

§ 01

Investigation Metadata

Provenance

Investigation ID: be12cde0-b4b5-4098-9412-adf3eb066448
Created: 2026-05-28 16:48:15.46
Recon Started: 2026-05-28 16:48:15.46
Recon Completed: 2026-05-28 18:12:38.23 · 84m 23s
Analysis Completed: 2026-05-28 19:05:00.00 · 20m 0s
Total Duration: 104m 23s · within 60-minute walltime budget
Wave Budget: 60 enabled tools × multiplier 5 = 300 tool calls per wave
Stopping Rule M: 4 consecutive empty calls · fired in Wave
Artifact Location: D:/RECON/ban-be12cd

§ 02

Analytical Methodology

Structured analytic techniques · ICD 203

KAC Applied

Identified the completeness assumption as HIGH-sensitivity (CT-log / passive-DNS enumeration not deep enough to fully retire), feeding kj_007's moderate confidence. Identity, currency, source-integrity, and intentionality assumptions assessed and not load-bearing.

ACH Applied

Tested H1 'weak resource-constrained security posture' vs H2 'intentional minimalist surface, risk absorbed by Zywave' vs H3 'unmeasured surface, posture unknown'. H1 wins on weighted inconsistency (H2 fails against A1 DMARC=none + MDN F evidence; H3 is consistent but less constraining).

Premortem Applied

Surfaced two failure modes: (1) broker-facing portal on unenumerated subdomain inheriting weak parent posture, (2) Zywave-side controls absorbing risk in ways recon could not see. Both ride kj_007's confidence-limit.

Red Hat Applied

Org target with substantial public surface; built 7 red vectors anchored to specific recon evidence with paired blue controls plus 4 baseline blues.

§ 03

Coverage

Schema v1.0

Entities

Relationships

Evidence

Judgments

Timeline

Geo

Confidence Distribution · Key Judgments

4 · High

3 · Moderate

High · multi-source, no surviving alternatives Moderate · KAC stress or ACH margin Low · sparse base or explicit caveat

§ 04

Tools Engaged

60 enabled · 26 fired · 0 gap

prestage:/enrich/domain 5

brave_news_search 2

coho_company 1

coho_search_companies 1

corp_crunchbase 1

corp_theorg 1

epo_published_data_search 2

gdelt_doc_search 1

github_repo_search 4

gleif_record 1

gleif_search 2

hunter_domain_search 1

npm_search 1

openalex_search 1

pypi_project 1

rapidapi_similarweb_traffic 1

sec_company_facts 1

sec_edgar_search 1

sec_edgar_submissions 1

serper_news 8

serper_scholar 1

theorg_org_chart 1

usaspending_search_awards 1

wikidata_sparql 1

wikipedia_pageviews 1

wikipedia_summary 2

Integrity Hash

sha256:14b56f10cdc21f6c38f03462324c15a80aaccba87d98961fb29e6efdc00f9d07