Like a pandemic, a security incident cannot be sat out. At the latest, when there is a suspicion of compromise, this is the last chance to take immediate stock of hidden attack activities. Only in this way is it possible to generate visibility at an early stage and effectively limit negative effects - while later the only option is usually to radically reset the entire IT environment - while at the same time causing massive damage to business operations and reputation.
Classic IT security defenses such as vulnerability management or penetration testing are no longer sufficient as the sole response to current attack strategies. Traditional IT security measures reveal known cyber threats, but fail to detect attacks. Unknown security vulnerabilities (zero day gaps), are therefore consistently exploited by cybercriminals and can cause significant damage as attackers infiltrate, spread and manipulate and tap into your network without being detected.
Why do I need a Compromise Assessment?
A Compromise Assessment is an effective method to detect acute or past compromises of your network at an early stage and avert serious reputational damage.
What do I get from a Compromise Assessment by Allgeier secion?
You will receive a detailed overview of existing risks and vulnerabilities in your company infrastructure from our IT security consultants. The weaknesses of your current security concept are comprehensively analyzed and evaluated, and recommendations for action to improve your company's preparedness are developed.Download sample report here!
Research approach of the Compromise Assessment
When conducting a Compromise Assessment, our IT security consultants use techniques from the fields of forensics and threat hunting that are specifically designed to effectively and reliably uncover traces of attack activities. These so-called Indicators of Compromise (IOC) are inevitably left behind during cyber attacks - and detected by our Compromise Assessment. By analyzing and evaluating the IOCs, the systems affected by attacks can be identified on the one hand, and the exploited IT vulnerabilities can be revealed on the other. Based on this, our IT security consultants provide target-oriented recommendations for action to close the detected security gaps. Any attacks that are still in progress are reliably stopped - and future attacks are prevented.Read sample report now!
Goal and process of our Compromise Assessment
As part of a Compromise Assessment, our IT security consultants conduct a detailed examination of your corporate infrastructure and identify indicators that point to current or past attack activities. The network analyses performed and tools used depend on your individual initial situation:
- Suspicionless audit.
Goal: Detect existing attack activities in the network.
- Suspicion-based audit assuming that a specific system has been hacked.
Goal: Confirmation and indications of extent.
- Analysis after confirmed compromise of a system.
Goal: Identify extent (reconstruction of and indications of subsequent attack activity, e.g., propagation in the network).
Depending on the initial situation, the following activities and techniques from the areas of forensics and threat hunting are used, among others:
- Placement of network sensors; live network threat hunting (including C2/beaconing detection, client signatures, network anomalies, DNS analysis)
- Conversion, preparation, and, if necessary, indexing of source data
- General AV & IOC scans
- Log analysis including derivation of specific attack activities and investigation of potential follow-up activities
- Integrity and plausibility check of log data
- Examination for artifacts regarding lateral movement, privilege escalation, credential access, etc.
- Iterative custom scans based on threat intelligence and internal findings
- Code deobfuscation & analysis/malware analysis
Depending on the initial situation, scope and implemented activities, you will receive from us:
- A comprehensive analysis and evaluation of the identified security incident.
- Recommendations for action developed by our IT security consultants with the aim of closing the identified security gaps quickly and comprehensively.
- A list of recommended strategic measures to be optimally positioned against future attacks (e.g. logging configuration, adjustment of network monitoring, etc.).
The quality and scope of our report goes far beyond the industry standard. In addition to a detailed list of identified attack activities, such as IOCs and infiltrated systems, you will receive an analysis of your endpoint, network, e-mail and possibly other log files. Furthermore, we show the chronological course of the attack in a comprehensive analysis.Free Compromise Assessment Report!