Blue Team Alpha - Alpha Risk Logo

Cybersecurity Risk Assessment Services

Most attackers remain active in an organization’s network and applications for a significant period of time before acting or being discovered. Unfortunately, the average dwell time (the time between an attack penetrating a network’s defenses and being discovered) ranged from 43 to 895 days for SMBs, according to a recent report. The same report found that the average dwell time for confirmed, persistent malware was 798 days. Dwell time for riskware—including unwanted applications, web trackers, and adware—averaged 869 days. The longer an attacker dwells in your network, the greater the risk of compromise and ransomware.

Compromise Assessments Services

The Compromise Assessment service from Blue Team Alpha assesses your environment for Indicators of Compromise, helping to answer the question: “Is an attacker in my environment?” The main purpose and goal of the assessment service is to identify if there has been a breach of your system. If our team discovers there has been a breach, we can act rapidly and seamlessly transition over to our Incident Response and Remediation service.

Our Compromise Assessment team is composed of highly-skilled individuals with extensive knowledge and real-world experience in cybersecurity attacks and threats. An appropriate team will be built for your business risk and needs, and may contain some or all of the following types of individuals:

These assessments are conducted on one or both of the below environments:

1. On-premises network environment
2. Cloud email service

We follow a rigorous methodology when conducting each type of Compromise Assessment.

Schedule a Compromise Assessment

On-premises Network Compromise Assessment

An on-premises network compromise assessment includes the following phases and deliverables:

1. Discovery

  • Assist and support development of action plan-based business environment, business operations, business needs, resource availability, and current state of environment
  • Gain network/host access
  • Gain access to all hardware devices (i.e. firewalls, routers, switches, etc.) and perform preliminary analysis
  • Compare configuration of hardware devices to known “good” configuration
  • Determine the logs available for harvesting, retention, and review
  • Determine the size and date range of logs to audit
  • Conduct a preliminary analysis
  • Determine adversary lateral movement vectors within the environment
  • Monitor tooling to identify currently unknown adversary implants and persistence capailities
  • Analyze proccess chain, file system modifications, and network connections
  • Utilize Custom SQL queries to characterize all assets being monitored
  • Monitor contest into user access, schedule tasks, and network activity
  • Place machines into appropriate mode (policy controlled, monitor, by-pass)

2. Identification / Assessment

  • Perform custom queries on all endpoints to identify any malicious behaviors
  • Review current configurations for network architecture device(s) such as switchers, routers, firewalls, and other identified hardware

3. Analysis

  • Perform analysis on hardware configurations and logs
  • Perform analysis on suspicious behaviors identified using industry vetted watchlists and threat profiles

4. Reporting

  • Creation of final report
  • Gather all relevant data, findings, and information related to the incident
  • Present final report to client and any other appropriate parties
compromise_robot

Cloud Email Service Compromise Assessment

A cloud email service compromise assessment covers the same phases and deliverables and includes:

1. Discovery

  • Support development of action plan-based business enviroment, business operations, business needs, resource availability, and current state of environment
  • Gain access to email service and perform preliminary analysis
  • Compare to known “good” configuration, if available
  • Determine the logs available for harvesting, retention, and review
  • Determine the size and date range of logs to audit
  • Conduct preliminary analysis
  • Analyze logins, user activity,  and connections
  • Monitor content into user access and email activity

2. Identification/Assessment

  • Perform custom queries on all email mailboxes to identify any malicious behaviors

3. Analysis

  • Perform analysis on email service configurations and logs
  • Perform analysis on suspicious behaviors identified using industry vetted watchlists and threat profiles

4. Reporting

  • Creation of final report
  • Gather all relevant data, findings, and information related to the incident
  • Present final report to client and any other appropriate parties

Don’t allow an attacker to go unnoticed in your network. Take the necessary steps now to make sure your network and systems are safe and secure.

compromise_city
Contact Blue Team Alpha today and answer the question: "Is there an attacker in my environment?"