Compromise Assessment
Am I compromised?
There are many adversaries and threat actors seeking to exploit vulnerabilities, whether in targeted or opportunistic attacks. The constant barrage of attacks on endpoints, accounts and resources do find various levels of success that could result in a compromise. The question of compromise is different depending on the customer, as each will assess and conclude their own acceptable and unacceptable risk.
The Talos IR team gains a mutual understanding of the meaning of compromise per the customer objective. Typically, a compromise assessment will focus on threat tactics and techniques related to persistence, malicious code executions, privilege escalations, credential harvesting and data staging or exfiltration. The search for the threat will focus on broad and available telemetry.
Why conduct a Talos IR Compromise Assessment?
Talos Incident Response (Talos IR) partners with your organization to identify existing threats in your environment and look for signs of present or historical compromise across your networked environment.
This service validates your current security investments to identify any gaps in visibility or configuration, identify baseline activity in your environment, or verify existing threats in mergers and acquisitions scenarios. Our experts will analyze your datapoints and provide a final report with detailed results and prioritized recommendations that your team can implement to reduce the threat risk. The Talos Incident Response team can also lead or assist in responding to any threats discovered during the compromise assessment through a prioritized emergency response service.
What does this include?
-
Detailed scoping exercise
to identify available telemetry, datapoints and customer objectives to ensure comprehensive ability to discover any applicable compromises. -
Proactive identification of suspicious indicators in your security controls
to identify possible links to malicious activity and provide a stronger security posture and deeper understanding of your security controls. -
Identifying gaps in your defenses
to provide more resilient protective measures with enforcement and visibility. -
Access to skilled incident responders
with years of experience dealing with numerous types of incidents, who will analyze various data points in the search of threats and provide actionable intelligence. -
Full access to Cisco’s complete tool suite during the exercise
to provide greater visibility, speed and a broader understanding of all threats in the network using the latest available technologies. -
A Compromise Assessment report
that includes an executive overview, technical summary, a full recap of all findings aligned with MITRE ATT&CK framework and recommendations. -
Technical and executive debriefs
to ensure that findings are effectively communicated across all business levels.
Compromise assessment case study
Fortune 500 retailer-
Challenges
- Client had growing concerns about their e-commerce sites ahead of and during the retail holiday season.
- While the client had an existing team, they did not want to pull focus from their day-to-day operations and engaged Talos IR to proactively look for a compromise in the e-commerce environment.
-
Solution
- During a six-week engagement, Talos IR worked alongside the customer to deploy the needed technologies, hunt for compromise, identify any persistence mechanisms and remove any threats.
- Cisco also monitored the environment for the remainder of the holiday season, once we determined there were no attackers on the system.
-
Outcomes
- Installed and deployed Cisco’s industry technologies that provided greater visibility and higher levels of confidence for protecting the environment.
- Located numerous types of commodity malware within the infrastructure that the client’s traditional AV solutions were not capturing.
Interested in this service?
Reach out to your account team or contact us below.