By clicking “Check Writers’ Offers”, you agree to our terms of service and privacy policy. We’ll occasionally send you promo and account related email
No need to pay just yet!
About this sample
About this sample
Words: 973 |
Pages: 2|
5 min read
Published: Jun 6, 2019
Words: 973|Pages: 2|5 min read
Published: Jun 6, 2019
Can an organization truly prevent a sophisticated cyber-attack or is it inevitable that a targeted organization will eventually fall victim to a threat agent. Many say it’s not a matter of if but when. This has often made the possibility of a proactive approach to Information Security a hot topic for debate amongst security professionals. With sophisticated cyber-attacks on the increase, a reactive approach to information security is no longer considered to be enough.
In addition to measures such as security controls measurement, baselining, secure system and device configuration, periodic security assessments be it phishing exercises, vulnerability assessments or penetration testing are regarded as one of the best means to defend an organization’s network. By conducting periodic assessments, an entity is able to proactively identify vulnerabilities within its environment and perhaps manually provide proof that these vulnerabilities could be easily exploited.
One such security assessment which is relatively unknown in comparison to the VAPT is the Compromise Assessment. The security atmosphere is usually littered with buzzwords and one must be careful as newly bandied terms often refer to well-known activities conducted in a different way.
So given that a VAPT exercise could reveal an entity’s susceptibility to compromise, what would make a compromise assessment different and does it provide any added value?
A compromise assessment is an evaluation of the organization’s network and systems for artifacts of a compromise i.e. resident malware communication with a command & control server, proof of data exfiltration via insecure ports or perhaps through DNS, lateral movement across the network.
The Compromise Assessment provides proof of previously unidentified footprint of an attacker or of the existence of several indicators of compromise, whether successful or not, ongoing or dormant. This would usually involve some level of forensic capability as it is important to be able to detect post breach activity.
Using the scenario of man trying to protect valuables in his house, a vulnerability assessment is like an assessment which reveals weaknesses such as missing door locks, unlocked doors, weak burglary fences, inattentive security guards. The penetration test is physically verifying through force or social engineering that these weaknesses can be exploited i.e. sneaking past the inattentive security guards and going through unlocked doors into areas of the house.
The compromise assessment is combing through corners of the building for evidence of intrusion or attempted intrusion i.e. footprints not belonging to any house occupant, tools for further break-in left behind, CCTV footage of intruders jumping in and out without detection.
Going by the example above, it is easy to dismiss the value of assessing the state of compromise of an entity since compromise could have already occurred, however, it is important to note that many a times the attacker may be unable to further their attack and would exercise patience, staying in the network, until the right moment presents itself
As cyber attackers now operate with different agenda/motives – political, nation-state, financial - and organizations deploy advanced detection solutions, cyber criminals have adapted their attacks to become more evasive, stealthier and persistent.
According to a recent FireEye report, Firms in Europe, the Middle East and Africa take nearly six months to detect cyber-attacks on average. An average attacker dwell time of six months is alarming and shows that a Comprise Assessment at any time could potentially prevent an attacker from claiming the prize jewel.
How is a Compromise Assessment conducted? Approaches to a Compromise Assessment will usually vary by engagement firm and client environment, however, an assessment of this type would usually involve the deployment of advanced diagnostic listening tools with behavioral analysis and forensics capability for a period of time to look for Indicators of Compromise (IOCs) or Advanced Persistent Threats (APTs). IOC’s could consist of malware hashes, filenames of files in wrong folders, malware execution pattern etc.
Utilizing the right approach and deploying best-in-class technologies is a critical part of conducting a thorough and effective compromise assessment, however, the analysis of the data captured during the listening phase is the most critical. Organizations should always place emphasis on engaging companies with the right human competencies for threat hunting and forensics capability in order to provide linkages between various IOCs.
HELP AG provides a number of services provided individually or merged as a unit to provide clients with end-to-end compromise assessments delivering value through highly competent resources who have won regional awards in their areas of expertise.
The first step to assessing how secure an infrastructure is, is to perform a vulnerability assessment / penetration test on it. Our security analysts are seasoned ethical hackers who will perform attacks on your infrastructure.
In contrast to our competitors, we don’t solely rely on tools but instead follow a stringent manual methodology that provides a 360-degree view of your security controls.
This requires the deployment of intelligence source in the infrastructure under investigation, such as sensors for network traffic monitoring of anomalous events and agents on endpoints for malware and digital forensic analysis
HELP AG analysts have proven experience in forensics analysis. Incident and response handling procedures, including determination of the incident source and digital forensics investigations are among the top services we offer to our customers.
Upon completion of the forensic analysis exercise, Help AG analysts will provide you with a thorough report of the findings, signatures of any malware extracted, an assessment of the potential damage that could have been sustained from the identified IOCs, and recommendations to avoid a potential breach.
Our trained experts have a wealth of experience in identifying and addressing the latest known threats within varied client premises. Our engineers will assist in providing the right remediation for compromise indicators found during the assessment.
Browse our vast selection of original essay samples, each expertly formatted and styled