7 Things To Know About Compromise Assessment

cffong July 6, 2021

A Compromise Assessment is to find out if there are any unwanted guests living in your house.
Imagine you have an IT infrastructure as your house, and Compromise Assessment may help detect unwanted guests!

Having critical IT infrastructures in your business is like having a property full of jewelry. You would be paranoid and keep checking around your house for any sign of breached doors or windows. Well, compromise assessment serves the same purpose too! 

1. What is Compromise Assessment?

Find Out What is Hiding Inside Your House 

Compromise assessment helps to identify whether the network security or systems are compromised. 

Potential compromise can discover within your organization from identifying footprints left by attackers, suspicious attack indicators in the network, and the discovery of abnormal usage of computer resources.

The presence of unwanted guests will threaten the security of your business. Once the attackers are in our network and systems, it is difficult to predict when they will make the next move; they may be staying dormant or actively exfiltrating critical information assets from your organizations. As long as they decide to stay persistent within your network, they will remain a threat. 

Any unauthorized activities can bring tremendous financial losses and damages to your company; conducting an effective Compromise Assessment may assure that your environment is clean.

Learn more about LGMS Compromise Assessment.

2. Compromise Assessment VS Vulnerability Assessment

vulnerability-assessment-compromise-assessment

Not All Assessments are Equal

Vulnerability Assessment checks on weaknesses of a specific subject; Compromise Assessments hunt for any signs or potential evidence of compromises in your entire infrastructure. Imagine your infrastructure as a house. 

Vulnerability Assessment checks for the security of the doors, windows, and the design of your fence, but whether or not any rodents or pests live in the house, we will not be able to tell. Vulnerability Assessment focuses on testing the effectiveness of Controls security (e.g., “Door locks, Windows, etc.).

To find out if unwanted rodents or pests are living in your house, we need to apply a Compromise Assessment: We will check behind the walls, under the floor tile, space in between the roof and ceiling, even the pipes under the kitchen sink, hunting for any unwanted rodents and pests. The same analogy applies to a professional Compromise Assessment on business infrastructure. A professional compromise assessment shall cover all business infrastructure angles, from endpoints, network devices, servers, IoT devices, and more.

Vulnerability Assessment and Compromise Assessment serve a different purpose of security scanning, engaging with a professional cybersecurity consultant to carry out the specific tasks to meet your organization’s business objectives.

3. What are the cyber security skills needed to do Compromise Assessment?

compromise-assessment-test

Don’t Let Your Gardener Teach You How To Fly an Aircraft

Compromise Assessment is a fusion of both manual and automated analysis work. Software alone is not enough to identify compromise or signs of compromise. We need human intelligence to uncover even the tiniest bits of clue during compromise assessment, to ensure that we do not miss out on any potential hidden threats.

Only engage with Professional assessors who have extensive experience, particularly in Incident Response, Threat Hunting, Digital forensic, and Malware Analysis. View more for Standard of Achievement.

4. Compromise Assessment is Not About Deploying EDR Tools

edr-scanner

Catching Unwanted Rodents & Pests Will Take More Than Just a Mouse Trap

This is the biggest myth about Compromise Assessment: Deploying EDR Solution. 

Compromise Assessment is NOT just about deploying another brand of EDR Scanner. Many factors need to be considered before bringing another brand of EDR to deploy into a business environment. 

The followings are the business-critical questions that we need to address:

  • Will the new EDR create any conflicts with our existing EPP or EDR solutions?
  • Do conflicts lead to impacts on our system and network stability?
  • If there are two different brands of EDR running on our laptop, are we going to expect a computer performance impact?

Compromise Assessment may be a new form of exercise in the local market. Many vendors simply assume that by deploying EDR tools they will be able to deliver a compromise assessment. This is misleading and dangerous; it creates the illusion that can do a compromise assessment by bringing in branded EDR products or product principles.

Simply deploying another brand of EDR software may potentially bring impact in the following perspectives:

  • Performance impact on existing endpoints
  • Software conflicts with existing EDR solutions that lead to crashing or system stability issues

Organizations are recommended to have the following in place to have an effective compromise assessment effective: 

  • Endpoint Detection & Response (EDR) software
  • Network Detection & Response (NDR) software or hardware, 
  • Logs from Security Incident and Event Monitoring (SIEM) systems
  • Network Architecture Diagrams
  • Past Incident records etc.

An effective compromise assessment shall cover all angles of hiding points of potential Hackers. This basically means that we will cover all different infrastructure layers: network, application, and servers even to study past events within the infrastructure. There will be the utilization of a combination of commercial and proprietary tools to make the compromise assessment complete.

Be careful not to be misled by vendors who advocate bringing different brands of EDR into your environment. Particularly the vendors who also happen to be the reseller of such EDR products. In this case, their intention is obvious.

Read more about cybersecurity providers that provide neutral professional services without any influence of third-party products or solutions.

5. How do I select a Compromise Assessment vendor?

cuber-security-expert

What Happen When Your Doctor is Not Really a Doctor

In any form of fair assessment, the assessor shall always be free from being a product or solution representative. This is to provide the highest level of assurance to the client that whatever advice and recommendation provided by the assessor will be accurate to the client’s environment and the client’s needs.

The assessor’s opinion shall always be objective, neutral, and product agnostic. This is only possible when the assessor does not have any affiliations in selling products and solutions directly related to the assessment work.

Critical points to remember: 

  • Cybersecurity assessment providers shall be free from any form of representations for security products or solutions to remain critical, unbiased, and truthful to the client.
  • When someone recommends that your organisation install a certain brand of EDR or anti-virus software, you have to weigh the necessity. If the party intends to sell cybersecurity products or provide a fair and unbiased assessment? 

Engage with neutral experts who do not sell any security products and solutions. Refer to the experience in handling actual cyber incidents.

6. How often do we do Compromise Assessment?

how-spring-clean-compromise-assessment

How Often Shall We Do Spring Cleaning on Our House?

Visibility is the key success factor in managing security. We cannot manage what we cannot see.

The closer we have in-between compromise assessments, the better visibility we will have on our infrastructure. We recommend you shall do a compromise assessment at least on an annual basis.

How often to conduct compromise assessment is based on your organization’s risk strategies. Hackers develop new techniques and tools to compromise systems at exponential rates. 

Get in touch with LGMS today. Our professional consultants will be able to provide a quick assessment of your needs. 

7. Who trusts LGMS for professional cybersecurity services?

lgms-partner

Alibaba Cloud

Alibaba is promoting LGMS Advanced Penetration Testing and Security Assessment worldwide. Read more

International Data Corporation (IDC)

IDC regards LGMS as one of the leading IoT pen test vendors in Asia Pacific, amongst others like Symantec, IBM, Huawei, and etc. Read More

TÜV Trust IT

TÜV Austria Cybersecurity Lab is established in Malaysia, as a joint venture between TÜV Austria and LGMS. The lab is to provide cybersecurity testing and certifications to organizations worldwide.

LGMS Reports are accredited by TÜV Austria, to be accepted as part of the certification compliance baselines for various TÜV TRUST IT certification programs. Read More

Understand Compromise Assessment Myths & Facts in 15-min.
Do you know that Compromise Assessment is not just about deploying another brand of EDR Scanner? From this video, you will learn what’s the biggest myth about Compromise Assessment. Let’s listen to the industry leader, #CEO of LGMS- Mr. Fong Chook Foong to talk about Compromise Assessment in the real world. Watch on YouTube


About LGMS
The leading cybersecurity expert in Asia trusted by multinational corporations around the world. LGMS is a cybersecurity consulting company focused on delivering specialized cybersecurity assessments, consultations, and advisory services.  Established in 2005, LGMS has since built a reputation for its integrity, values, and best practices by providing world-class professional services to local, regional, and international clients across various industries and backgrounds. Visit www.lgms.global for more information.

Click in for information about LGMS services

For more, follow us on
LGMS YouTube Channel: LGMS Penetration Testing Expert (LE Global Services)
LGMS Facebook Page : lgms.global
LGMS Linkedin Page: lgms-global
LGMS Instagram ID: lgms.global
LGMS TikTok: www.tiktok.com/@lgms.global

More news about LGMS: