COMPROMISE ASSESSMENT

Purpose

  • With the Compromise Assessment service, NCS searches identify ongoing or past traces of attacks and intrusions in the customer’s IT infrastructure, assess the scale of damage, and identify affected assets and how they occurred.

Test list

  • Depending on the number of devices, log sources need to be evaluated.

Implementation methods

Depending on the scope of the number and priority of the system, the Compromise Assessment process will be implemented in different methods, including:

  • The NCS Specialist will have direct access to the systems for evaluation or will evaluate copies of the evidence on the systems.
  • Deploy agents on each system to be evaluated to collect information and push back to the centralized management system. The NCS Specialist will evaluate each system from the interface provided by this centralized management system.
  • Implement an Endpoint Detection & Response (EDR) solution on each system to be evaluated. The EDR solution provides early monitoring, forecasting, and threat detection to provide alerts. The NCS Specialist will analyze the alarms, assess them, and develop appropriate solutions for each case.
  • If the customer has a centralized SIEM log storage system, the NCS specialist will perform Threat Hunting on the entire log collected on SIEM.

Outcomes Result

  • Detailed reports on the implementation process (from tool deployment, information collection, data analysis, and testing of computers and servers).
  • List details of detected security issues, including IOC (Indicator of Compromise) evidence.
  • Propose a radical remediation plan or a plan to minimize risks, as well as a temporary remediation plan for found security issues.

Human resources for project implementation

  • Each device (including services, applications, and log sources on the device) needs one or more senior-level personnel to perform the assessment. The duration of each equipment CA will depend on the specific case.

Other Services