Compromise Assessment

Identify Advanced Threats

Mandiant’s Compromise Assessment is a unique service that allows organizations to evaluate their networks for the presence of advanced attack group activity. The Compromise Assessment have helped organizations identify and address issues that, in some cases, had existed for years and resulted in the theft of valuable intellectual property.

Overview of Services

  • Designed for Targeted Organizations

    Over the past several years advanced attack groups – often backed by organized crime syndicates and nation states – have targeted government agencies, defense contractors, financial services firms, research labs, retailers, law firms, energy companies, transportation companies and many others. These advanced attackers develop custom malware and use tactics that can often be difficult to detect using conventional approaches.

  • Mandiant’s Approach

    Mandiant has conducted hundreds of investigations where advanced attack groups have compromised well-guarded networks and removed valuable information. During the course of these investigations, Mandiant has developed specialized knowledge about how advanced attack groups operate. The Threat Assessment couples that intelligence and experience with Mandiant’s proprietary technology to determine if attackers are currently in the environment or have been active in the past.

    • Deploying Network- & Host-based Inspection Technology

      Deploying Network- & Host-based Inspection Technology

      Proprietary technology is deployed at Internet egress points and on host systems such as servers, workstations and laptops.

    • Assessing Environment Using Intelligence From Prior Investigations

      Assessing Environment Using Intelligence From Prior Investigations

      Mandiant has developed a detailed library of Indicators of Compromise (IOCs) that utilize host-based artifacts and network traffic signatures to identify the presence of attackers. Mandiant consultants apply these IOCs to evaluate servers, workstations and laptops within the network for evidence of current and past attacker activity.

    • Assessing Environment For Anomalies

      Assessing Environment For Anomalies

      Mandiant consultants use their knowledge of the attack groups and their tendencies to assess the hosts and network traffic for evidence of attacker activity. In this case the focus is on “edge analysis” – systems that have different attributes than the vast majority of other similar systems in the environment.

    • Analyzing Evidence

      Analyzing Evidence

      When Mandiant identifies Indicators of Compromise or anomalies, consultants draw on skills that range from forensic imaging to malware and log analysis to either confirm it reflects malicious activity or eliminate it as a false positive.

    • Summarizing Findings

      Summarizing Findings

      At the conclusion of the Threat Assessment, Mandiant provides a detailed report that summarizes the approach taken and the findings.