professional compromise assessment services
A compromise assessment is a technical review of an organization’s security controls conducted when a company wants to find out if there is a possible security breach or malicious activity conducted in their network.
The objective is to examine the client’s IT infrastructure (network infrastructure, systems and applications) with a focus on identifying signs of a potential compromise, presence of back-doors, and unauthorized access.
Compromise Assessment Methodology
The goal of endpoint analysis is to identify any malicious activities, Indicators of Compromise (IoC) by analysing the Operating System logs. In Windows, the commonly used log files are Security, Application & System log files.
Network audit logs must include the means for identifying, journaling, reporting, and assigning accountability for potential compromises or violations of network integrity. Network audit logs must be sufficient in detail to facilitate reconstruction of security-related events if a compromise or malfunction is suspected or has occurred.
Monitor traffic between the client network and the Internet and analyze for the presence of indications of compromise and malicious lateral movement. Applying forensic methods on the Ethernet layer is done by eavesdropping bitstreams with tools called monitoring tools or sniffers. The most common tool on this layer is Wireshark (formerly known as Ethereal) and tcpdump where tcpdump works mostly on Unix-like operating systems.
value driven service
WHEN DO YOU NEED IT?
It starts with your objective. If your main goal is to eliminate unknown security breaches because you suspect a possible security breach in your system, then you’ll need a compromise assessment service.
Usually, there are a few reasons companies do a Compromise Assessment.
1) To comply with local laws & regulations (E.g. Bank Negara of Malaysia’s Risk Management in Technology).
2) To identify the presence of any security breaches.
3) Identify security weaknesses in the current system.