Compromise assessment is meant to answer whether the network or systems are compromised. Through identification of footprints left by attackers, suspicious indicators in the network as well as abnormal usage computer resource, all could lead to the discovery of a potential compromise within your organization.
According to BNM's RMiT policy document, large financial institutions shall conduct an independent compromise assessment on the technology infrastructure of its critical systems every year.
Such activities usually involve some degree of forensic investigation and analysis in order to detect anomalies within network and endpoints. Activities that may indicate the system is compromised includes but not limited to:
Suspicious lateral movements in the network
Escalation of user privileges
Abnormal amount of network traffic
Anti-virus configuration being tampered
Unusual files and/or folders in protected directories
I am not a financial institution, Do I need a compromise assessment?
While Penetration Testing and Vulnerability Assessment allows you to understand the security loopholes within the organization, it does not answer the question of whether your system has been and is in the process of being hacked.
Compromise assessment done by an accredited professional service provider can effectively assist your company to identify if any of your assets are compromised.
If you suspect that your system may be compromised due to a variety of unexplainable reasons, it is recommended that you reach out to a professional service provider for a compromise assessment.
COMPROMISE ASSESSMENT IS NOT DEPLOYING ANOTHER BRAND OF EDR SCANNER
Many vendors simply assume that by deploying EDR tools they will be able to deliver a Compromise Assessment. This is misleading and dangerous.
An effective Compromise Assessment shall cover all angles of hiding points of potential Hackers. This basically means that we will cover all different infrastructure layers: network, application, and servers even to study past events within the infrastructure.
Here in LGMS, we specialize in performing a comprehensive assessment on your endpoint via digital forensic investigation methods. An attack usually starts with a single endpoint and ends on another. We believe that if these endpoints are thoroughly analysed in addition to building the chronology of the incident, the root cause of an attack can be identified. This essentially allows us provide recommendations in moving forward to our client so that they can successfully contain, eradicate, and prevent similar incidents from reoccurring.