Finding Indicators of Compromise

We start the assessment process by monitoring and checking your network, endpoints and security log data for IoCs. To do this, we use both the security tools you already have in place including Intrusion Detection, Intrusion Prevention and SIEM tools, and deploy additional monitoring and detection solutions for deeper analysis.

Identifying assets affected by the attack

The next step is identifying all the systems and applications affected by the breach or malware using the information collected in the previous step.

Analyzing the nature of the attack

Step 3 is when we analyze the nature of the attack and try to determine the attacker’s process and method of operation. Our security experts carry out an in-depth analysis of the attack and try to find the weak spots in your security infrastructure that may have provided an entry-point to the attacker(s).

Assessing the attack’s impact

We then conduct an impact assessment exercise which involves ascertaining if and how much of your company’s sensitive data was exposed or affected due to the attack and how severe its legal and financial repercussions can be. This is followed by working out the best course of action to deal with the impact of the breach.

Preparing the final report

Finally, our security team prepares a comprehensive report detailing the:

• Nature of the compromise 
• The systems and data affected by the breach
• Its possible repercussions 
• The immediate action necessary for damage control 
• The remediation steps to plug the security holes that allowed the attack
• Recommendations for preventing malicious activity in the future.