Compromise Assessment

Compromise assessment service helps organizations evaluate if they have been compromised by advanced attack groups and if attackers are currently active in their environment.

Compromise Assessment is a unique service that allows organizations to evaluate their networks for the presence of advanced attack group activity. The Compromise Assessment has helped organizations identify and address issues that, in some cases, had existed for years and resulted in the theft of valuable intellectual property.

Designed to identify targeted attacks

Over the past several years, advanced attack groups — often backed by organized crime syndicates and nation states — have targeted government and private sector organizations. These advanced attackers seek to remain undetected so that they can steal data over an extended period of time. They develop custom malware and use tactics that can often be difficult to detect using conventional approaches.

Evidence of attack groups

We work with Fireeye team, use experience gained over hundreds of investigations when assessing networks for the presence of various indicators of compromise including:

Re-used custom malware: Custom malware is often developed at great expense to the attack group. Consequently, they prefer to reuse it — or variants that have similar characteristics. Attack groups can oftentimes be discovered by identifying malware analyzed during prior investigations

Persistence mechanisms: A number of techniques can be used to establish persistence in a system. Windows registry entries can store malware execution parameters, malware can be placed in the Start Up folder and legitimate system binaries can be trojanized. Knowing what attack groups commonly do allows us to look for instances of those persistence mechanisms.

Lateral movement techniques: Most advanced attack groups obtain valid privileged credentials and use them to assess the environment. Knowing how they obtain those credentials and what tools they use to access other systems enables our expert to search for log and forensic evidence that is indicative of that attacker activity.


Investigative skills
Technical & investigative skills developed over the course of hundreds of investigations.
Threat intelligence
Profiles of key attack groups including their tools, practices and objectives along with corresponding Indicators of Compromise.
Proprietary tools that automate investigative tasks and enable network traffic and host-based artifacts to be rapidly evaluated — even across networks that contain hundreds of thousands of systems.
Management experience
Experience providing guidance and advice on the business impact of computer security decisions.
Dedicated malware team
A team focused solely on reverse engineering malicious software and researching the latest exploits.