What is a Compromise Assessment?
A Compromise Assessment is a technical review of your network aimed at identifying previously undetected vulnerabilities. The assessment covers a wide range of potential threats, including suspicious user activity from both Admin and Standard User accounts, vulnerable cyber-policies, use of potentially dangerous software, and evidence of previous breaches or Brute Force Attacks.
Compromise Assessment is essentially a Cyber Audit of a network; however, a Compromise Assessment goes much deeper than a cyber audit that is based on a questionnaire.
Too often cyber-crime investigations reveal that digital evidence and attack indicators were available prior to the breach being detected. If these previously undetected vulnerabilities are identified early, companies can intervene to minimize risk and avoid future breaches.
When and how does a company need to conduct a compromise assessment?
The cyber landscape is always evolving – and it’s doing so at a rapid pace. With organizations forced to implement remote working, it’s vital they improve and intensify their cyber defenses to safeguard against an attack.
Although businesses make every effort to protect their infrastructure, there may have been breaches that have gone undetected. A well-known example of this was in 2018 when the Marriott-owned Starwood hotel group discovered that it had been compromised. Attackers had actually had access since 2014 – four years before it was spotted.
Remote Compromise Assessment reduces the chances of this happening. By delivering an independent audit of an organization’s network, a Compromise Assessment will identify Indicators of Compromise (IOC), suspicious user behavior, weak password strength policies and any unauthorized software while also delivering a full asset discovery.
To help visualize where a Compromise Assessment can be added to an existing Cybersecurity strategy, consider the following analogy.
Imagine that you are Head of Security working for a large Sea Port:
One day you discover thieves are stealing packages from an isolated part of the port. (You’ve been breached)
What would your response look like?
Most probably you would consider the following steps:
- Employ an investigator (pen tester) to figure out how it is possible for the theft to take place.
- Purchase cameras and alarm systems in an attempt to monitor every container.
- Hire more security staff.
- Replace/repair all broken locks and fences.
- Build a detailed map of your port and measure reaction times for reaching each location within the port.
But in what order those steps are completed is crucial. GuardYoo’s team believes there is a sequence that needs to be followed to ensure that the breach is not only contained but that the risk of future breaches is also minimized.
Step 1: Compromise Assessment. Build a detailed map of your Port.
Step 2: SIEM (More cameras & alarm systems)
When you know your port like the back of your hand, you know which “streets” (Servers) are more vulnerable and should be monitored by cameras, and within these “streets”, which containers (data sets) should be equipped with an alarm system.
This approach will also help reduce costs by reducing the size of your Attack Surface.
Read more about the difference between SIEM and Compromise assessment in our knowledge base.
Step 3: Incident Response (Hire more security staff)
Step 4: Vulnerability Assessment (Fix/Replace broken fence & locks)
If you attempt a vulnerability assessment before deploying a SIEM, you won’t understand how a breach takes place.
Step 5: Pen-Test (Hire Investigator)
The main objective for hiring a pen-tester should be to watch the pen-testers techniques and then use the data to improve your SIEM.
It’s not just to identify “how” someone has the ability to steal something or breach the network.
You need to identify what parts of your port are not fully under your control.
That is the main goal of a pen test – to detect “blind spots” in the monitoring process.
All evidence from each previous step should be analyzed and understood, and all actions completed to perfection. Do not rush these steps, it is too important to skip through the process.
Benefits of a compromise assessment
Regular Compromise Assessment can help companies fully understand how their network is operating and which areas within it are most vulnerable.
Once cybersecurity teams have this information they can deploy their resources to achieve maximum benefit.
If this information is helpful to you read our blog for more interesting and useful content, tips, and guidelines on similar topics. Contact the team of COMPUTER 2000 Bulgaria now if you have a specific question. Our specialists will be assisting you with your query.
Content curated by the team of COMPUTER 2000 on the basis of news in reputable media and marketing materials provided by our partners, companies, and other vendors.
Follow us to learn more
Let’s walk through the journey of digital transformation together.