The average time between a breach of an organisation and the detection of the event is over 200 days in New Zealand, and many will never know they have been attacked
Today’s organisations are under consistent threat from attackers, malware and insider threats. Many organisations have already been breached and are not yet aware of this fact.
Attackers will often work in multiple stages. The initial breach is often used as a foothold to quietly read and steal information for sale over many months before eventually selling the access itself to another malicious actor.
More often than not once the access is sold the next attacker will initiate a targeted ransomware attack, often taking the time to disable or corrupt the backups first.
A compromise assessment is an ideal way to identify malicious malware, actors or unauthorised access in your environment.
Advantage have partnered with world leading security technology and services company Cylance to bring a unique offering to the New Zealand market.
Using the same technology that detected and defeated the USA Office of Personnel Management ATP actors, multiple fortune 500 ATP breaches and more recently the Victoria Health hospital attackers Advantage and Cylance analysis all endpoints and servers, both on premise and in the cloud, looking for indicators of a compromise.
A Compromise Assessment utilises a methodology for identifying environmental risks, security incidents, and ongoing threat actor activity in a network environment. The assessment identiﬁes ongoing compromises and uncovers the malicious access and usage of the environment.
The goal is to detect and stop any active security incidents quickly and quietly. The assessment is composed of three phases — with each phase more targeted.
Phase 1 — Initial Assessment
In this phase, data collection scripts are deployed throughout the entire environment leveraging existing software deployment software. These scripts and software assist in gathering key data that helps in searching for anomalous behaviors and conditions that are indicative of malicious activity or correlate to risks in the environment. The output from the scripts and software is then forwarded to the cloud for both manual and automated analysis to determine hosts of interest.
Phase 2 — Targeted Assessment
Targeted standalone executables are deployed to hosts of interest identiﬁed in Phase 1 to gather more in-depth data and analysis related to the behaviors and activity previously identiﬁed. It is also determined whether the ﬁndings from Phase 1 were false positives or indicate malicious activity. Data is forwarded to the cloud for analysis; however, it includes forensic artifacts to facilitate the validation that attacks have taken place or are underway. Containment strategies and other options moving forward are identiﬁed and communicated to the organization.
Phase 3 — Forensic Assessment
If certain computers are identiﬁed that according to internal corporate policies require retention for legal or other purposes or if more scientiﬁc/technical analysis is necessary, then activities will include a full bit-by-bit disk copy of those computers, including memory dump, for related analysis. As with Phase 2, any new information is utilized to identify additional Systems of Interest from the Phase 2 data collection and subsequent analysis is conducted.
As a business owner, your success is deeply rooted in how well you leverage your technology; and as such, you also understand that the slightest hiccup in your IT infrastructure can derail your entire business.
When it comes to IT, the details are the most important. This is why Advantage provides IT consultations for businesses like yours.