TrustedSec’s Breach Assessment service combines proprietary methods for discovering compromises within an environment in an efficient and proactive manner.
We focus on core areas of the network, endpoints, and server infrastructure as well as analyze network traffic, servers, and workstations to determine if a breach has occurred prior or is actively in progress within the organization. TrustedSec relies heavily on the ability to replay traffic data and perform behavioral recognition to uncover techniques utilized by attackers.
This method is often referred to as “hunt teaming”, which aims at identifying existing intrusions into the organization.
TrustedSec’s correlation engine extends beyond traditional methods.
The correlation engine analyzes large volumes of data, identifies both known and unknown indicators of compromise (IoC), Focuses on several behavior patterns used for compromising systems, performing lateral movement, and conducting C2 communications.
The correlation engine focuses on rapidly identifying threats within vast amounts of data and focuses on identifying root causes of the potential compromise. Upon completion of the assessment, you will have a clear understanding of prior and potentially ongoing breaches, the threat it poses to the organization, and a defined remediation strategy.
Included in the report is a comprehensive review of the infrastructure to determine breach patterns and to ensure a full threat profile on the attacker.
TrustedSec will perform the following exercises to determine whether a breach has transpired:
- Perform threat and, as needed, forensic analysis of peripheral environment
- Understand the how, who, when, where, and why of the incident threat
- Classify current and residual risk from the incident
- Assess the flow of data within the client environment to determine potential related issues of security concerns
- Identify command and control (C2) infrastructure as data exfiltration is occurring
- Provide any evidence discovered that indicates the likeness of the threat of concern
- Develop incident summary and recommendations on risk management options