includes security steps from Finding the compromised data to performing the remediation steps
EthicalHat’s Compromise Assessment Service is designed to find out if an organization’s IT environment has been breached and determining the scale and severity of its impact. If we do find Indicators of Compromise (IoCs) during the detection phase, we thoroughly analyse the nature of the attack and suggest remediation steps to contain the damage and prevent malicious activity in the future.
Finding Indicators of Compromise
We start the assessment process by monitoring and checking your network, endpoints and security log data for IoCs. To do this, we use both the security tools you already have in place including Intrusion Detection, Intrusion Prevention and SIEM tools, and deploy additional monitoring and detection solutions for deeper analysis.
Identifying assets affected by the attack
The next step is identifying all the systems and applications affected by the breach or malware using the information collected in the previous step.
Analyzing the nature of the attack
Step 3 is when we analyze the nature of the attack and try to determine the attacker’s process and method of operation. Our security experts carry out an in-depth analysis of the attack and try to find the weak spots in your security infrastructure that may have provided an entry-point to the attacker(s).
Assessing the attack’s impact
We then conduct an impact assessment exercise which involves ascertaining if and how much of your company’s sensitive data was exposed or affected due to the attack and how severe its legal and financial repercussions can be. This is followed by working out the best course of action to deal with the impact of the breach.
Preparing the final report
Finally, our security team prepares a comprehensive report detailing the:
- Nature of the compromise
- The systems and data affected by the breach
- Its possible repercussions
- The immediate action necessary for damage control
- The remediation steps to plug the security holes that allowed the attack
- Recommendations for preventing malicious activity in the future.