Identify current or past attacker activity in your environment
The Mandiant Compromise Assessment service allows organizations to evaluate their environments for the presence of targeted attacker activity. The Compromise Assessment has helped many organizations identify or confirm security breaches that had existed for years and resulted in theft of valuable intellectual property, personally identifiable information, payment card information, or other sensitive information.
Attackers develop custom malware and use advanced tactics that are difficult or even impossible to detect using conventional detection mechanisms. The Compromise Assessment service applies our intelligence on how threat actors operate and our experience gained from hundreds of investigations. We apply the same leading technologies we use to respond to incidents to identify indications of present or historical attacker activity.
The major activities our consultants perform during a Compromise Assessment include:
Deploy proprietary network, host, and log inspection technology
We place investigative technology at Internet egress points and on host systems such as servers, workstations, and laptops.
Assess your environment using intelligence from prior investigations
We apply our comprehensive library of indicators of compromise to evaluate network traffic, servers, workstations, laptops, and critical log data for evidence of current and past attacker activity.
Our consultants perform host and network forensic analyses as well as malware and log analyses to conduct the assessment. We confirm initial findings to minimize false positives prior to reporting them.
We provide a detailed report that summarizes the steps taken during the assessment, the major findings, and any appropriate recommendations for next steps.