Compromise Assessments (aka Threat Hunting) should be a mandatory service, or internal capability, for any organization who takes security seriously. As an experienced compromise assessments service provider, we deploy techniques to reduce the gap between a breach/compromise and detection of advanced adversaries. Even in the case of a past compromise, detecting what and how it happened is key to prevent such events from happening in the future.
However, the benefits of doing periodic Compromise Assessment go beyond this by producing an accurate picture of what “normal” looks like and what “blind angles” exist in the threat detection strategy.
In the threat landscape context of today’s advanced adversarial capabilities, this service is perfect for organizations who may have an MDR service already and want to expand their visibility over the corporate environment to find new, advanced cyber-threats. When companies from the same industry (and/or country) appear in the news for being targeted by cyber-criminals it is highly recommended to show due diligence by performing such assessments of the enterprise network/services.
Before anything, it is important to mention that senior IR consultants with at least five years of IR engagements qualify to be the compromise assessments service provider.
The Compromise Assessment delivered by the Offensive Shield team uses a wide range of DFIR evidence to produce a comprehensive view of the enterprise environment. The detection logic covers:
The evidence used is log-based (from cloud or on-prem technologies),file-based artefacts, network-based evidence as well as in-memory artefact structures.
Types of Compromise Assessment:
A Compromise Assessment final report needs to answer hard questions such as “is the organization compromised?” or “what are the critical areas to address to ensure the threat detection strategy will not miss an APT”. As such, Compromise Assessment by the very nature of its objectives needs to be very thorough in both scope and depth of the analysis performed.