Texture Top Right Grey 01

Compromise Assessment

Identify ongoing or past attacker activity in your environment

Mandiant Compromise Assessment combines extensive experience responding to intrusions carried out by advanced threat actors, industry-leading threat intelligence and FireEye technology. This helps you identify your ongoing or past intrusions, assess risk by identifying weaknesses in your security architecture, vulnerabilities, improper usage or policy violations and system security misconfigurations, and increase your ability to respond effectively to future incidents.


Compromise Assessment Overview


We built this assessment to meet your business objectives with speed, scale, and efficiency. In addition to identifying evidence of ongoing or past attacker activity in your environment, the assessment offers:

Context derived from threat intelligence

Provides insight into attacker attribution and motivation so organizations know if they are being targeted.

Identification of risks

Identifies security architecture and configuration weaknesses, including missing patches or security software.

Facilitation of future investigations

Recommends strategic options that can better prepare your organization's security team to respond to intrusions.

What we provide you with

  • Comprehensive analysis of your environment—focused on finding evidence of ongoing or past compromises
  • A view into your organization’s systemic risks and exposures
  • Identification of your security program’s hygiene issues
  • Best practice recommendations for furthering your organization’s ability to effectively respond to future incidents
  • Options to deploy on-premise or cloud-hosted technology

What you get

  • Analysis of endpoint, network, email and log data
  • Identification of compromised systems
  • Report of attacker activity
  • Summary of findings


“A compromise assessment answers the all important question: Have you been breached?”

- Benefits of Compromise Assessments


White Paper
Benefits of compromise assessments and why security-conscious firms use them

Our approach

The major activities our consultants perform during a Compromise Assessment include:

Deploy proprietary technology

Deploy proprietary technology

We place investigative endpoint, network, email and log inspection technology at Internet egress points and on host systems such as servers, workstations, and laptops.

Assess your environment

Assess your environment

We apply our comprehensive library of indicators of compromise to evaluate network traffic, servers, workstations, laptops, and critical log data for evidence of current and past attacker activity.

Analyze evidence

Analyze evidence

Our consultants perform host and network forensic analyses as well as malware and log analyses to conduct the assessment. We confirm initial findings to minimize false positives prior to reporting them.

Summarize findings

Summarize findings

We provide a detailed report that summarizes the steps taken during the assessment, the major findings, and any appropriate recommendations for next steps.

Related resources

Professional affiliations and certifications


Ready to get started?

Our security experts are standing by to help you with an incident or answer questions about our
consulting and managed detection and response services.

+1 888-227-2721 +61 281034308 +32 28962867 +1 877-347-3393 +971 45501444 +358 942451151 +33 170612726 +49 35185034500 +852 3975-1882 +91 80 6671 1566 +353 (0)216019160 +39 0294750535 +81 3 4577 4401 +03 77248276 +52 5585268207 +31 207941289 +64 32880234 +48 223072296 +7 4954658084 +65 31585101 +27 105008408 +82 7076860238 +34 932203202 +94 788155851 +46 853520870 +886 2-5551-1268 +27873392 +44 2036087538 +842444581914