Why need a Compromise Assessment?
In the case your organization is compromised by a malicious actor (like Ransomware), or even if you suspect it is compromised but still there is no evidence that it was, we can help you to confirm the presence of malicious activity across your network. Our Compromise Assessment services detect and analyze the ongoing malicious operations, isolating compromised systems and supporting you to remove the malicious actor out of your network.
This is how our Compromise Assessment service can be included in your Incident Response activities, by providing:
- 24x7 monitoring
- Proactive Threat Hunting activities
- Isolating compromised systems and containing malicious activities
- Feed your Incident Response process with relevant information to respond and remove malicious actors out of your network
Our experience delivering Threat Hunting services and facing malicious actors on a daily basis allow us to begin a Compromise Assessment within a few hours. The stages that follows the service are:
Contact us to expose the case and quickly analyze how we can become part of your Incident Response process.
Depending on the case, a Compromise Assessment support could require at least 45 days to be sure that any malicious actor has been kicked out, any persistence has been properly removed and no further malicious TTP has arisen in a reasonable amount of time.
In order to detect and monitor malicious activity, our Threat Hunting team needs access to relevant telemetry. hat can be obtained by using your own EDR or XDR technology or, in the case there is no approved EDR/XDR available, we can guide you to deploy it within a few hours.
Once our Threat Hunting team can access the telemetry provided by the EDR or XDR technology, we can start performing Proactive Hunting activities to detect malicious actors, malicious operations, isolating compromised assets and providing feedback to other teams involved in the Incident Response process.
This activity will be performed continuously during engagement to be sure that there are no malicious TTPs being produced by the end of the engagement.
Support after the Compromise Assessment
Once the Compromise Assessment is completed, and no further malicious activity remains active in your network, we can support you performing a continuous Threat Hunting service.
Our Threat Hunting service will monitor your infrastructure 24x7 to quickly identify any malicious activity before it can generate any impact.