Compromise Assessment Services ( CAS)
The first step to any cyber security strategy involves knowing your current security posture and state. Attackers are often resident inside a network for months, sometimes years, before being detected using malware to infect endpoints. As evidenced by the growing number of breaches, existing prevention technologies are no longer enough to stop all threats from penetrating the perimeter.
Proactive risk assessment strategies such as vulnerability assessments and penetration tests look for security gaps and vulnerabilities, but they only answer half of the security paradox; “Can I be hacked?”. They do not answer the more vital question; “Am I already breached?” Today’s enterprises need to add compromise assessments to their security practices to proactively verify whether a network has already been breached to more effectively measure risk, reduce dwell time and business impact.
Any proactive cyber security strategy needs to include an assessment of your current security posture and state. Attackers are often resident inside a network for months, sometimes years, before being detected using malware to infect endpoints. As evidenced by the growing number of breaches, existing technologies are no longer enough to stop all threats from penetrating the perimeter.
Since a Compromise Assessment focuses on identifying previously unknown, successful or ongoing compromises, the tools and techniques used to perform the assessment must be able to identify post compromise activity, dormant and hidden malware, malicious use of credentials, and Command and Control (C2) traffic. This differs from traditional solutions which focus on early detection of attacks, exploits, malware installation events which attempt to prevent an attack from succeeding or catching an attack early enough to reduce damage during a breach.
Our networks will always have a degree of vulnerability as organizations struggle to keep determined attackers out of their networks, and skilled attackers can successfully remain hidden for months, sometimes years, before being discovered. Unless you can measure the current compromise state of your network, your cyber security risk profile is incomplete.