Identify ongoing or past attacker activity in your environment
Identify intrusions, assess risk and respond effectively to future incidents
Mandiant Compromise Assessment combines extensive experience responding to intrusions carried out by advanced threat actors, industry-leading threat intelligence and technology. This helps you identify your ongoing or past intrusions assess risk by identifying weaknesses in your security architecture, vulnerabilities, improper usage or policy violations and system security misconfigurations, and increase your ability to respond effectively to future incidents.
Context derived from threat intelligence
Provides insight into attacker attribution and motivation so organizations know if they are being targeted.
Identification of risks
Identifies security architecture and configuration weaknesses, including missing patches or security software.
Facilitation of future investigations
Recommends strategic options that can better prepare your organization's security team to respond to intrusions.
What we provide you with
- Comprehensive analysis of your environment—focused on finding evidence of ongoing or past compromises
- A view into your organization’s systemic risks and exposures
- Identification of your security program’s hygiene issues
- Best practice recommendations for furthering your organization’s ability to effectively respond to future incidents
- Options to deploy on premise or cloud-hosted technology
What you get
- Analysis of endpoint, network, email and log data
- Identification of compromised systems
- Report of attacker activity
- Summary of findings
Chief Information Security Officer, specialty chemicals manufacturer
The major activities our consultants perform during a Compromise Assessment include:
Deploy proprietary technology
We place investigative endpoint, network, email and log inspection technology at Internet egress points and on host systems such as servers, workstations, and laptops.
Assess your environment
We apply our comprehensive library of indicators of compromise to evaluate network traffic, servers, workstations, laptops, and critical log data for evidence of current and past attacker activity.
Our consultants perform host and network forensic analyses, as well as malware and log analyses, to conduct the assessment. We confirm initial findings to minimize false positives prior to reporting them.
We provide a detailed report that summarizes the steps taken during the assessment, the major findings, and any appropriate recommendations for next steps.
Cyber Security Compromise Assessment FAQ
A compromise assessment is an assessment performed to identify past or ongoing attacker activity in an environment.
Security experts search an organization’s endpoints (on-presmises and cloud deployments), monitor network traffic in strategic locations, inspect inbound and outbound email and analyze logs from other security devices to find evidence of attacker activity.
Reliable security vendors will immediately escalate the discovery of suspected evidence of a compromise to an incident response investigation.