Calgary, Toronto
1 (800) 385-1632

Post-Compromise Assessment

Did You Know? In fact, during security reviews by DigitalDefence, 40% of our clients discover that they have already been compromised in the past!

DigitalDefence’s Compromise Assessment service allows organizations to evaluate their networks for signs of an ongoing attack, or one that has occurred in the past.  This is particularly relevant at a time when advanced persistent threat are designed to stay hidden on the network, and the average lag time between compromise and discovery is more than 200 days.

The high incidence of undiscovered compromises can be attributed to a variety of factors, including:

  • Organizations lack the personnel and available time to search for compromises
  • Organizations lack the specific knowledge of the threats that they face – objectives, attack methodologies, and tools used
  • Organizations lack specific detection tools and skills
  • Organizations lack analysis skills, particularly incident response, malware analysis, and data forensics

DigitalDefence’s Compromise Assessment Service addresses these limitations to ensure you can detect and respond to a compromise of your data.

Our Approach

The DigitalDefence Compromise Assessment combines our advanced knowledge of attacker methodologies and tools with our experience in responding to data security incidents.  The following activities will be performed:

    • Environmental review – DigitalDefence will review your organization’s network topology, especially the ingress and egress points. Typical network traffic and activities will be baselined

    • Conduct endpoint analysis – Using automated tools and manual inspection, DigitalDefence will review the network, data systems, and applications against our library of Indicators of Attack (IOA; present when there is an active attack on-going) and our library of Indicators of Compromise (IOC; present when an attack has been completed). We will conduct an advanced search for malware, including ransomware and advanced persistent threats (APTs).  Finally, we will examine the network for covert channels permitting connections of your network to unauthorized third parties

    • Evidence analysis – DigitalDefence investigators will manually verify to eliminate any false-positive results. At this stage, forensic techniques may be applied, such as bit-level imaging to preserve evidence for study and litigation.  Malware may be reverse-engineered, especially to verify if it is targeted against the client organization.  Advanced log analysis may also be completed.

    • Re-Assessment – Once the relevant IOAs and IOCs have been identified and verified, the network environment (wired, wireless, backed-up data) will be re-assessed to ensure that all instances of compromise have been identified

    • Targeted remediation – Once the specific threats have been identified, DigitalDefence will recommend immediate steps to eradicate the threat. These recommendations will include controls to prevent a return of the threat

    • Presentation of findings – DigitalDefence will provide an executive summary and full documentation of the compromise assessment that has been completed, including major findings, and recommendations to address any remaining risks. If litigation is being pursued, additional documentation may be prepared
Benefits of a Post-Compromise Assessment by DigitalDefence

Our consultants have completed hundreds of ethical penetration tests, malware analyses, and incident response investigations; this unique knowledge allows them to rapidly and effectively assess a potential compromise

Commercial, open-source, and proprietary tools are used where necessary to complement manual testing in an investigation methodology that is customized for your organization. This provides the most effective means to identify a possible compromise

An objective third party response by experienced professionals assures key clients, auditors, and management as to your organization’s commitment to security