Compromise Assessment Service

REDUCING DWELL TIME THROUGH FORENSIC-STATE ANALYSIS AND CYBER THREAT HUNTING


Cyber Assurance and Certainty


CyberStash begins with the hypothesis that an advanced persistent threat has already breached your network and gained full access to one or more of your business systems. By adopting this adversarial mindset, we effectively discover threats that circumvent your existing defences and maintain persistence on your network. Using forensic-state analysis, CyberStash systematically analyses your endpoints to determine whether your organization has been breached.

The quicker we hunt and detect breaches, the lower the financial impact. This embodies the value of the CyberStash Compromise Assessment Service. Delivered as either a security consulting service or a managed security service with flexible subscription options, CyberStash stays with you all the way to keep you safe and secure.

Download the datasheet, request a quote or contact us for additional information: Contact Us

BUSINESS CONTEXT


The behavioural aspects of attacks, such as the Tactics, Techniques and Procedures (TTPs), define how they are orchestrated and managed by hackers. These threat actors unswervingly leverage their arsenal of TTPs to circumvent defences that are contingent on intrusion signatures and irregular behaviour on the part of both the network and the user. They specifically focus on evading an organization’s ability to detect threats with the objective of compromising systems and stealing valuable or sensitive information.

In addition to malware, advanced threats also depend on fileless tactics and standard tools available on all operating systems. By leveraging malicious macros and ‘living-off-the-land’ techniques, hackers can operate in memory and can move laterally between systems and security zones to achieve their objectives ... and all this takes place without setting off a single alarm. The growing erudition of modern adversaries combined with the ineffectiveness of existing real-time security controls in detecting post-compromise activity means hackers continue to sustain their grip on your network and, in due course, accomplish their goals.

The security practices of vulnerability assessments, penetration testing and red-teaming, detect and test weaknesses that can be compromised, but they do not detect hosts that have been compromised already. An effective security program must retrospectively verify whether an organization has already been breached and answer the most important question, “Are we currently hacked?”

As defences often fail and no amount of security can prevent all attacks, organizations must take an offensive approach to security with the aim of providing their business with a higher level of assurance and certainty.

SERVICE BENEFITS


The CyberStash Compromise Assessment Service delivers an end-to-end outcome for organizations seeking to either co-manage or completely outsource the effort.

Reduces organizational IT risk

Reduces organizational IT risk

by limiting breach damage and cost to the business

Reduces the dwell time

Reduces the dwell time of adversaries inside your network
Cyber assurance

Answer definitively if you have been breached

thus increasing the level of cyber assurance

Advanced persistent threats

Keeps your network clean of adversaries

by hunting down malware and advanced persistent threats

Return on business investment

Provides a high return on business investment

by advancing existing defensive controls

Security program

Validates the effectiveness of your overall security program

OUR SOLUTION


Our service leverages Forensic State Analysis – an automatic approach to post-breach detection that assumes devices are already compromised and seeks to validate every endpoint as thoroughly as possible.

Forensic State Analysis operates independently of the host OS and uses dissolvable endpoint surveys to quickly collect live forensic data from both volatile and non-volatile memory. Non-memory-based information is also collected to identify persistence mechanisms.

CyberStash deploys in-depth memory analysis techniques to proactively discover the presence of known and zero-day malware and persistent threats. We detect active, dormant, file and fileless malware whether these provide hidden backdoors or act as remote access tools. If they exist, we will find them... it’s as simple as that.

Our Cyber Hunting Analysts conduct surveys of endpoint devices to discover unknown security breaches, malware, and signs of unauthorized access. Once the breach has been exposed,CyberStash raises the alarm with the appropriate security response team for further action.

New patterns and TTPs that we uncover during our surveys help to enrich future analysis. A final report provides collected intelligence drilled down into identified issues to allow response teams to take action immediately with swift remediation.

SERVICE DELIVERY


The CyberStash service leverages industry-aligned best practices and our consultants engage with your team to help design and document the service architecture in order to optimize risk and resources. We back up the service with SLAs for reporting advanced persistent threats with a less than 1% false positive rate for post-breach detection.

  • The Who, What, Where, When, Why and How of Effective Threat Hunting

  • Scalable Methods for Conducting Cyber Threat Hunt Operations

  • Compromise Assessment Service

    DID YOU KNOW?


    Threat hunting using forensic-state analysis is the most effective technique for post-breach detection.


    Threat hunting provides the business with assurance and certainly unlike any other cyber security program.


    Approximately 50% of all vulnerabilities are yet to be disclosed. When motivated adversaries target your organisation, they depend on these vulnerabilities to fulfill their primary objective.

    ITIL Aligned Service Management


    Service Level Reporting

    SERVICE LEVEL REPORTING & MEETINGS
    Dashboard with Delegated Administration

    DASHBOARDS WITH DELEGATED ADMINISTRATION
    Configuration Management

    CHANGE AND CONFIGURATION MANAGEMENT
    Incident and Problem Management

    INCIDENT AND PROBLEM MANAGEMENT
    Upgrades and Release Management

    UPGRADES AND RELEASE MANAGEMENT
    Service Level Account Management

    SERVICE LEVEL ACCOUNT MANAGEMENT