A compromise assessment is a penetration test focused on identifying if undetected threat actors are currently or have ever been in your network. Testing includes both automated and manual inspection conducted across firewalls, endpoints, and servers to ensure a thorough examination of your IT infrastructure systems and applications. Our ethical hackers uncover threats like zero day malware, trojans, ransomware, and other anomolies that may go undetected in standard automated vulnerability scans.
Why conduct a Compromise Assessment?
- Discover and identify any indicators of compromise or threat actors in your current IT environment
- Identify gaps that may weaken the ability to spot a breach
- Uncover ongoing or past intrusions
- Assess your system based on industry trends, local, and global threats
- Ensure attackers haven’t already penetrated your defences
- Attain a thorough examination of your systems – ethical hackers will comb through your archived traffic to find anomalies
- Determine the efficiency of current security controls and processes from endpoint to endpoint
- Gain confidence in your company’s security posture
- Prove security effectiveness to customers and other stakeholders.
- Avoid unnecessary risks or expenses before a Merger & Acquisition transaction is made
- Evaluate potential cybersecurity impact of merging two IT infrastructures and data
Most frequent questions and answers - Compromise Assessment
A Compromise Assessment is a service to identify past/present compromises. It is a validation exercise to identify whether you have been breached and includes high-level testing across security controls to identify the likelihood of a breach. If you have been breached, it is our recommendation to trigger your Incident Response process and invoke your Breach Response, potentially with the support of a third-party vendor with forensic capabilities.
A Compromise Assessment can be an add-on to your annual penetration test and is often part of due diligence exercises during any M&A activity. We recommend completing a Compromise Assessment before integrating networks with an acquired entity.