Most breaches are still identified by third-parties, typically the damage has already occurred. With a compromise assessments as high-level investigation you will be able to identify ongoing or past attacker activity in addition to identifying existing weaknesses in controls and practices. Using specialized software that can be rapidly deployed on any system, experts will take a deep dive into your environment without interrupting your daily business operations. Typically, this type of assessment is performed when there is a suspicion of a compromise or during mergers and acquisitions.
Compromise assessment
What we do
Based on the collection of various sources, analysis is done based on frequency, statistics, locations and known malicious characteristics to reveal hacking activities. The process is similar to Incident Response for the analysis and investigation phase.
- Host analysis
- Log analysis
- Network analysis
- AD account analysis
How it works
Responders.NU works with special forensic software that is rolled out across the network on the most common systems (Windows, Linux, Mac) with zero impact on your environment. Essential log sources such as Proxy, AV/EDR, Firewall are made accessible or are exported for the investigation. In addition, Repsonders.NU uses network sensors to map and analyze current network flows.
FAQ
When to perform a compromise assessment?
If a company is merged due to a takeover or if there are suspicions of a possible hack, a compromise assessment provides the most complete picture of whether the network is clean or not. In addition, the gaps are also exposed to improve the detection and response in a timely manner.
What is the lead time of a Compromise Assessment?
The lead time of compromise assessment depends on the infrastructure and the information that can be supplied for the investigation. On average, a compromise assessment takes about three weeks from start to finish.
Difference between compromise assessment and incident response?
With a Compromise Assessment there is no immediate need and can therefore be planned. With Incident Response, the cause is often clear in advance, with a Compromise Assessment this need not be the case.
What is the difference between Threat Hunting and a Compromise Assessment?
In Threat Hunting, a hypothesis is made in advance based on possible threats and may or may not have an outcome. A Compromise Assessment takes a holistic look at the environment to recognize hacking activity and provides advice based on shortcomings in detection, response and analysis options.
Our method
Rapid response
Time is one of the most important factors during incident that influences the impact and containment. We have Rapid Response tools and technology available to quickly gather and collect evidence for rapid insights.
Confidential
Without trust it is hard to get things done. Especially fort that reason we work with frameworks that can offer the highest level of discretion and trust.
Quality
We believe it is important to offer the highest possible quality. We therefore require all our specialists to be SANS trained and GIAC certified, the holy grail.