Implementation methods
Depending on the scope of the number and priority of the system, the Compromise Assessment process will be implemented in different methods, including:
- The NCS Specialist will have direct access to the systems for evaluation or will evaluate copies of the evidence on the systems.
- Deploy agents on each system to be evaluated to collect information and push back to the centralized management system. The NCS Specialist will evaluate each system from the interface provided by this centralized management system.
- Implement an Endpoint Detection & Response (EDR) solution on each system to be evaluated. The EDR solution provides early monitoring, forecasting, and threat detection to provide alerts. The NCS Specialist will analyze the alarms, assess them, and develop appropriate solutions for each case.
- If the customer has a centralized SIEM log storage system, the NCS specialist will perform Threat Hunting on the entire log collected on SIEM.