Why need to do a Compromise Assesment?
In the case your organisation is compromised by a malicious actor (Ransomware, among others), or even if you suspect it is compromised but still there is no evidence about that, we can help you to confirm the presence of malicious activity across your network. Our Compromise Assessment services detect and analyse the ongoing malicious operations, isolating compromised systems and supporting you to kick the malicious actor out of your network.
This is how our Compromise Assessment service can be included in your Incident Response activities, by providing:
- 24x7 monitoring
- Proactive Threat Hunting activities
- Isolating compromised systems and containing malicious activities
- Feed your Incident Response process with relevant information to respond and kick malicious actors out of your network
Our experience delivering Threat Hunting services, facing malicious actors on a daily basis, allow us to engage a Compromise Assessment within a few hours. The stages that follows the service are:
Contact us to expose the case and quickly analyse how we can become part of your Incident Response process.
Depending on the case, a Compromise Assessment support could require at least 45 days to be sure that any malicious actor has been kicked out, any persistence has been properly removed and no further malicious TTP has arisen in a reasonable amount of time.
In order to detect and monitor malicious activity, our Threat Hunting team needs access to relevant telemetry. That can be obtained by using your own EDR or XDR technology or, in the case there is no approved EDR/XDR available, we can guide you to deploy it within a few hours.
Once our Threat Hunting team can access the telemetry provided by the EDR or XDR technology, we can start performing Proactive Hunting activities to detect malicious actors, malicious operations, isolating compromised assets and providing feedback to other teams involved in the Incident Response process.
This activity will be performed continuously during engagement to be sure that no malicious TTPs are produced by the end of the engagement.
Support after the Compromise Assessment
Once the Compromise Assessment is completed, and no further malicious activity remains active in your network, we can support you performing a continuous Threat Hunting service.
Our Threat Hunting service will monitor 24x7 your infrastructure to quickly identify any malicious activity before it can generate any impact.