Devon Ackerman
Global Head of Incident Response
Cyber Risk
New York
Cybersecurity Compromise Assessments
Unrivaled incident response expertise and frontline threat intelligence fuel elite investigators to uncover if your organization has been previously compromised, ongoing incidents have gone undetected and if unmonitored assets are at risk.
Kick Off an AssessmentCybersecurity Compromise Assessments
A key component in understanding the total valuation of a company is determining its security profile and associated risks, even from within its network. Any compromise assessment should revolve around the following questions:
- Has the organization been previously compromised and, worse, was it undetected?
- Are obscure malicious events or incidents active within the enterprise IT environment?
- Do shadow IT networks exist within the enterprise that contain unmonitored assets?
With Kroll’s cybersecurity compromise assessment, our world class experts investigate to detect past and ongoing cyber incidents within an organization’s internal environment and provide mitigation steps to resolve any security events. This assessment can help facilitate better-informed business acquisitions and help determine whether an organization is currently at risk or has been previously compromised.
What Is a Compromise Assessment?
A compromise assessment is an exploratory incident response investigation in which experts use specialized forensic tools and investigative tactics to analyze an organization’s environment, pinpointing signs of attacker activity, both past and present.
This assessment can also enable organizations to highlight critical weaknesses in their cybersecurity controls and practices and put mitigation steps in place where necessary.
Why Perform a Compromise Assessment?
- An Independent Security Health Check
An effective and comprehensive compromise assessment can provide a deeper understanding of current and past activity on your network and help prevent future breaches. - More Informed Business Acquisitions
When acquiring a business, gaining an accurate and up-to-date picture of its cybersecurity status is critical. As well as helping to validate a merger or acquisition, the insights provided by a compromise assessment can contribute to establishing the value of the target company.
Compromise Assessment Steps
Kroll’s compromise assessment process includes:
Initial Triage
A preliminary review of an organization’s IT environment from an endpoint sensor deployment perspective, establishing a baseline for the network.
Telemetry Analysis and Review
This stage is vital for determining whether there is any evidence of known indicators of compromise (IOCs), such as signs of active intrusions or malware that could enable remote access and data exfiltration capabilities.
Endpoint Detection and Response
If appropriate, this stage involves high-level health assessments of endpoints, powered by Redscan’s remote enterprise-wide managed detection and response (MDR) capability.
Advice and Guidance
Once the initial review is complete, our experts provide support for any active security events that may be present on the network.
Summary findings of the assessment may include, but are not limited to, the following:
- End-of-life operating system reporting
- Remote access software and related tool reporting
- File transfer software and related tool reporting
- Egress network traffic reporting
- Relevant endpoint software CVE reporting
- Active directory account reporting
We leverage our forensic and incident response expertise in responding to 3,000+ engagements every year to assist in addressing current threats and advising on further incident response actions and any other additional investigative steps required.
What If Activity Is Detected During a Compromise Assessment?
A cybersecurity compromise assessment can uncover both past and current activity on a network. If this type of activity is actively identified during the course of the compromise assessment, Kroll can immediately pivot, leveraging the same tooling and endpoint coverage, into incident response and undertake forensic analysis on affected hosts. This involves:
- Containment and threat actor ejection
- Remotely collecting relevant forensic artifacts
- Determining the time frame and scope of potential sensitive data exposure, data exfiltration or compromised accounts
- Providing recommendations for containment and remediation to ensure your organization is more secure going forward
Compromise Assessment vs. Vulnerability Assessment
Performing a compromise assessment differs from a vulnerability assessment in a myriad of ways. While both are crucial, each serves a different purpose in ensuring the security of a network.
Compromise Assessments: Wide-Ranging Insight Into Past and Present Malicious Activity | Vulnerability Assessments: Proactive Evaluation for Identifying Weaknesses |
|---|---|
A compromise assessment determines the current security status of a network, including any active threats or indications of past malicious activity. This provides organizations with wide-ranging insight into their security, allowing them to reduce the risk of future attacks and identify ineffective security practices that could be compromising their security. | A vulnerability assessment is performed to proactively evaluate a network for weaknesses through assessment tools and manual attack techniques. This can help improve an organization’s security posture and make it less susceptible to a breach. While these types of engagements are designed to search for security vulnerabilities, unlike compromise assessments, they do not detect existing compromises and related underlying attacker activity. |
Compromise Assessment in a Retainer
A compromise assessment delivered by proven experts can provide critical insight into the security of your network—and assure the continued security of your organization. Kroll clients can include a compromise assessment in Kroll’s cyber risk retainer, as part of M&A due diligence review, or a network merger, post-acquisition. A cyber risk retainer provides prioritized access to elite investigators and the flexibility to allocate credits to all other cybersecurity solutions offered by Kroll.
Talk to a Kroll Expert
Kroll is ready to help, 24x7. Use the links on this page to explore our services further or speak to a Kroll expert today via our 24x7 cyber hotlines or our contact page.
24x7 Incident Response
Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.
Cyber Risk Retainer
Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.
Cyber Vulnerability Assessment
Proactively identify vulnerable systems and devices that may be exploited by an attacker or malicious software, often resulting in data loss or breach.
Computer Forensics
Kroll's computer forensics experts ensure that no digital evidence is overlooked and assist at any stage of an investigation or litigation, regardless of the number or location of data sources.
Data Recovery and Forensic Analysis
Kroll's expertise establishes whether data was compromised and to what extent. We uncover actionable information, leaving you better prepared to manage a future incident.
Kroll Artifact Parser And Extractor (KAPE)
Find, collect and process forensically useful artifacts in minutes.
Mobile Device Forensics
With a global mobile device forensics team and a proven track record in investigation and litigation support, Kroll enables key digital insights to be accessed quickly and securely.
Penetration Testing Services
Validate your cyber defenses against real-world threats. Kroll’s world-class penetration testing services bring together front-line threat intelligence, thousands of hours of cyber security assessments completed each year and a team of certified cyber experts — the foundation for our sophisticated and scalable approach.
Events
Cyber
Cyber
Kroll at RSA Conference 2024
May 6 - 9, 2024|Conference
Join Kroll experts at the RSA Conference in San Francisco May 6-9, 2024. Stop by booth 2239 in the South Expo Hall to meet our team.
Threat Intelligence
Q1 2024 Cyber Threat Landscape Virtual Briefing
May 29, 2024|Online
Join the Q1 2024 Cyber Threat Landscape Virtual Briefing as Kroll’s cyber threat analysts outline notable trends and insights from our incident response intelligence.
Explore Insights
Cyber
Cyber
KAPE Quarterly Update - Q4 2023
February 14, 2024
by Andrew Rathbun, Eric Zimmerman
Cyber
Data Breach Outlook: Finance Surpasses Healthcare as Most Breached Industry in 2023
February 7, 2024
by David White
Threat Intelligence
CVE-2024-0204: Authentication Bypass Vulnerability in Fortra GoAnywhere MFT
January 25, 2024
by George Glass
Threat Intelligence
Inside the SYSTEMBC Command-and-Control Server
January 19, 2024
by Dave Truman
News
Press Release
Press Release
Kroll named as Major Player in IDC’s Worldwide Cybersecurity Consulting Services 2024 Vendor Assessment
April 25, 2024
Press Release
Kroll Appoints Dave Burg as Global Head of Cyber Risk to Bolster World-Leading Business
March 12, 2024
Press Release
Kroll Expands Cyber Partner Program with MSP Specialization
October 17, 2023
Press Release
Kroll Responder Named as Overall Leader in The KuppingerCole Leadership Compass for Managed Detection and Response Services
August 16, 2023
Kroll is headquartered in New York with offices around the world.
55 East 52nd Street 17 Fl
New York NY 10055
Sign up to receive periodic news, reports, and invitations from Kroll.
Our privacy policy describes how your data will be processed.
© 2024 Kroll, LLC. All rights reserved.
Kroll is not affiliated with Kroll Bond Rating Agency,
Kroll OnTrack Inc. or their affiliated businesses. Read more.