February 18, 2022
What is a Cyber Security Compromise Assessment?
Let’s step away from thinking about infrastructures and networks in the usual context. Try not to think about your organisation’s systems as just some combination of applications, servers, and digital connections that make everything work. Instead, think about your collective “systems” as an organism, a living and constantly changing entity.
Malware, hidden breaches, and cyber attacks are essentially infections resident within the “tissue” of your enterprise. The latest breed of cyber threats, or infections, can out-maneuver your defenses (endpoint security tools, next-gen antivirus software, and more) and spread looking for a longer-term location. Once threats find a home, they burrow deep into the core organs of your infrastructure.
A compromise assessment is focused on looking at the current state of the health of your ecosystem and is a critical point in defining the treatment of found threats. Without a detailed and accurate diagnosis of the current state of your organisation’s IT environment, infections and the resulting treatments, will likely be wrong and ineffective.
After infecting your infrastructure, cyber threats will eventually cause the death of that system or larger entity, depending on how quickly you (your security team) can detect and respond. Unfortunately, as cyber threats become more advanced—learning not only to bypass prevention tools, but also navigate within infrastructures more easily—they also become harder to expose, isolate, and eliminate. Additionally, the sheer volume of threats your organisation faces should cause some level of discomfort.
According to the FBI, over 4,000 ransomware attacks occur daily—and ransomware only accounts for one type of cyber attack.
Detecting and responding to advanced cyber threats requires more than a firewall and traditional endpoint security tools. Organisations with the best IT health, perform ongoing assessments aimed at exposing any and all threats (malware, configuration errors, vulnerabilities, and more) that have made it past your defenses and are currently living in your environment.
A cyber security compromise assessment is not a penetration test nor a red team exercise. A compromise assessment (sometimes called an “IT risk and vulnerability assessment”) uses specific forensically enabled tooling to identify infected assets within your enterprise via a combination of advanced detection techniques. Those techniques include:
- Correlation of possible indicators of compromise with threat intelligence sources
- Deep forensic analysis of actions taken by infected assets
- Analysis of network connections
- Analysis of accounts active in your environment
- Analysis of digital artifacts on those systems
- Identification of unknown and potentially exploited vulnerabilities
Compromise assessments expose threats, risks, vulnerabilities, and more, and must be done in a manner that works at the scale of your enterprise. Depending on the size and nature of your business, you may consider performing quarterly, monthly, or even weekly compromise assessments. To close the loop on open threats, the best cyber security compromise assessments include on-demand remediation of threats found in real-time—or as close to real-time as possible.