Compromise assessment is meant to answer whether the network or systems are compromised. Through identification of footprints left by attackers, suspicious indicators in the network as well as abnormal usage computer resource, all could lead to the discovery of a potential compromise within your organization.
Such activities usually involve some degree of forensic investigation and analysis in order to detect anomalies within network and endpoints. Activities that may indicate the system is compromised includes but not limited to:
Suspicious lateral movements in the network
Escalation of user privileges
Abnormal amount of network traffic
Anti-virus configuration being tampered
Unusual files and/or folders in protected directories
While Penetration Testing and Vulnerability Assessment allows you to understand the security loopholes within the organization, it does not answer the question of whether your system has been and is in the process of being hacked.
Compromise assessment done by an accredited professional service provider can effectively assist your company to identify if any of your assets are compromised.
If you suspect that your system may be compromised due to a variety of unexplainable reasons, it is recommended that you reach out to a professional service provider for a compromise assessment.
Here in LGMS, we specialize in performing a comprehensive assessment on your endpoint via digital forensic investigation methods. An attack usually starts with a single endpoint and ends on another. We believe that if these endpoints are thoroughly analysed in addition to building the chronology of the incident, the root cause of an attack can be identified. This essentially allows us provide recommendations in moving forward to our client so that they can successfully contain, eradicate, and prevent similar incidents from reoccurring.