With Our Compromise Assessment You Will Know If You Have:
- Malicious Processes
- Malicious Libraries and Drivers
- Memory Injections
- Operating System Manipuation
- APT Beach Heads
Has your network already been breached? Are you sure? Virtually every enterprise network undergoes routine vulnerability scanning, but not many firms admit they have done a full compromise assessment. Somewhere in the process of assessing threats, vulnerabilities and assets, we lost sight of the threat that has already penetrated our network.
The traditional prevent, detect and respond methodology isn’t good enough anymore. As the Internet of Things (IoT) grows, secure perimeters are dissolving. At the same time that invasions are getting easier, the threats grow more sophisticated and are harder to prevent or detect. Response has typically been a process of rebuilding compromised devices, updating patches and possibly adding firewall or IPS rules. The process is time consuming can be very expensive. More importantly, it doesn’t insure the threat won’t be back without much more forensics work. As a result, systems continue to be compromised with little hope of the security analyst ever catching up.
Intrusion assessment is the process of hunting threats. Think about hunting an animal or even hunting for the person who robbed the bank. With every lead, the investigator checks the location to determine if the area is clear. A cyber intrusion assessment works the same way. As the owner of all the devices where an intruder could be hiding, you know the locations and have immediate access. If you know the signs of a system that has been compromised, you can provide a yes/no answer to the question, “Has this system been compromised?”
Forensics analysts have known how to do this for some time, but the level of effort required is enormous and the training is expensive. But with a thorough scouring of any system, a qualified forensics analyst can determine if a system is clean or not.
A Compromise Assessment dramatically reduces the level of effort required to provide that yes/no answer. We use your admin credentials to log into every system and then uses the latest static and dynamic processes to evaluate a system for any signs of compromise. When we we are finished, we can give you a complete report about the state of compromise on your network
Data Breach and Cyber Risk Insurance providers would be prudent to use the compromise assessment as a pre-existing conditions check prior to issuing a policy. The resulting report can be used in actuarial decision making alongside vulnerability and compliance reports. Additionally, the assessment may be used quarterly or annually as a third party audit to ensure the insured is making necessary efforts to detect and report cyber intrusions.
The compromise assessment serves also to validate the effectiveness of current security measures and catch threats that may have been missed in the 24/7 cycle of continuous monitoring. Additionally, many organizations have difficulty justifying an increase in their security posture when a breach has not been experienced before. The resulting paradox renders breach detection nearly impossible due to a continuing weak security posture. An independent, third party intrusion assessment can uncover compromises that may have gone undetected, thereby providing the evidence necessary to improve security.
The methodology of the intrusion assessment enables faster triage of systems to determine the extent of newly identified breaches. Threat Hunter can be integrated with a Security Event and Incident Management (SEIM) system for rapid deployment in the event your other security products have detected suspicious or malicious activity.
A common tactic utilized by persistent attackers is the placement of an alternate backdoor within a network, even if said backdoor beacons infrequently. An alternate path ensures that an attacker can maintain access to a network in the event their primary mode of access is discovered. After an incident response situation, an intrusion assessment will help verify that no other hidden accesses remain and that the cleanup process was successful.
Mergers & Acquisitions
Prior to an M&A transaction, the compromise assessment serves as the pre-existing conditions check to ensure the buyer is not accepting unnecessary risk from existing compromise. The most valuable part of many companies is their data. An intrusion assessment can validate intellectual property is not currently being compromised. When feasible an intrusion assessment should be conducted during the due diligence phase or at least prior to merging of the networks.