If you suspect an active attack, call us now at 612-399-9680.
If you suspect an attack, call us at 612-399-9680
Alpha Comply Login »
Blue Team Alpha Logo
GET HELP NOW
Blue Team Alpha - Alpha Risk Logo

Compromise Assessment

Most attackers remain active in an organization’s network and applications for a significant period of time before acting or being discovered. Unfortunately, the average dwell time (the time between an attack penetrating a network’s defenses and being discovered) ranged from 43 to 895 days for SMBs, according to a recent report. The same report found that the average dwell time for confirmed, persistent malware was 798 days. Dwell time for riskware—including unwanted applications, web trackers, and adware—averaged 869 days. The longer an attacker dwells in your network, the greater the risk of compromise and ransomware.

The Compromise Assessment service from Blue Team Alpha assesses your environment for Indicators of Compromise, helping to answer the question: “Is an attacker in my environment?”. The main purpose and goal of the assessment service is to identify if there has been a breach of your system. If our team discovers there has been a breach, we can act rapidly and seamlessly transition over to our Incident Response and Remediation service.

Our Compromise Assessment team is composed of highly-skilled individuals with extensive knowledge and real-world experience in cybersecurity attacks and threats. An appropriate team will be built for your business risk and needs, and may contain some or all of the following types of individuals:

  • Scrum Leaders
  • Penetration Testers
  • Certified Information Security Professionals
  • Security Analysts
  • Certified Incident Handlers
  • Compromise Assessment Experts

These assessments are conducted on one or both of the below environments:

1. On-premises network environment
2. Cloud email service

We follow a rigorous methodology when conducting each type of Compromise Assessment.

On-premises Network Compromise Assessment

An on-premises network compromise assessment includes the following phases and deliverables:

1. Discovery

  • Assist and support development of action plan-based business environment, business operations, business needs, resource availability, and current state of environment
  • Gain network/host access
  • Gain access to all hardware devices (i.e. firewalls, routers, switches, etc.) and perform preliminary analysis
  • Compare configuration of hardware devices to known “good” configuration
  • Determine the logs available for harvesting, retention, and review
  • Determine the size and date range of logs to audit
  • Conduct a preliminary analysis
  • Determine adversary lateral movement vectors within the environment
  • Monitor tooling to identify currently unknown adversary implants and persistence capabilities
  • Analyze process chain, file system modifications, and network connections
  • Utilize custom SQL queries to characterize all assets being monitored
  • Monitor context into user access, scheduled tasks, and network activity
  • Place machines into appropriate mode (policy controlled, monitor, by-pass)

2. Identification / Assessment

  • Perform custom queries on all endpoints to identify any malicious behaviors
  • Review current configurations for network architecture device(s) such as switches, routers, firewalls, and other identified hardware

3. Analysis

  • Perform analysis on hardware configurations and logs
  • Perform analysis on suspicious behaviors identified using industry vetted watchlists and threat profiles

4. Reporting

  • Creation of final report
  • Gather all relevant data, findings, and information related to the incident
  • Present final report to client and any other appropriate parties
compromise_robot

Cloud Email Service Compromise Assessment

A cloud email service compromise assessment covers the same phases and deliverables and includes:

1. Discovery

  • Support development of action plan-based business environment, business operations, business needs, resource availability, and current state of environment
  • Gain access to email service and perform preliminary analysis
  • Compare to known “good” configuration, if available
  • Determine the logs available for harvesting, retention, and review
  • Determine the size and date range of logs to audit
  • Conduct preliminary analysis
  • Analyze Logins, user activity, and connections
  • Monitor context into user access and email activity

2. Identification/Assessment

  • Perform custom queries on all email mailboxes to identify any malicious behaviors

3. Analysis

  • Perform analysis on email service configurations and logs
  • Perform analysis on suspicious behaviors identified using industry vetted watchlists and threat profiles

4. Reporting

  • Creation of final report
  • Gather all relevant data, findings, and information related to the incident
  • Present final report to client and any other appropriate parties

Don’t allow an attacker to go unnoticed in your network. Take the necessary steps now to make sure your network and systems are safe and secure.

compromise_city
Take the first step now-Contact Blue Team Alpha today and have the peace of mind knowing your company is ransomware ready.
CONTACT US TODAY
blue team alpha logo bta
Elite Cybersecurity Services
General Number: 612-888-9674
Cybersecurity Line: 612-399-9680
Contact Us | General Number: 612-888-9674 | Emergency Cybersecurity Hotline: 612-399-9680
cyberxchange logo
linkedin logo
Blue Team Alpha, 755 Prior Ave. North, Suite 002A, St. Paul, MN 55104
© Copyright 2020 Blue Team Alpha. All Rights Reserved. Privacy Policy & Terms of Service
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.