Threat Indicator Assessment

Threat Indicator Assessment

You are doing everything right! You provide cyber security awareness training to your employees. You have a cyber security team. You invest in perimeter cyber security technologies… And still, the bad guys are defeating your defenses and infiltrating your network.

Regain confidence in your endpoints.

HAS YOUR NETWORK ALREADY BEEN COMPROMISED?

High profile investigations and news headlines show that even large organizations, with dedicated cyber security resources, are susceptible to cyber-attacks. The actual breach of a computer network typically happened months, sometimes years, before it is discovered. The time between the actual breach and detection – or dwell time – is critical.

Our Threat Indicator Assessment service utilizes sophisticated, enterprise grade cyber threat hunting technologies to quickly and cost-effectively determine if an adversary has infiltrated your network.

The Proactive Discovery Threat Indicator Assessment service will:

  • Identify all endpoints on your network and scan them to discover the presence of unknown vulnerabilities (0-day), active/dormant malware or uncover suspicious code
  • Provide a report containing gathered intelligence to allow your team to take immediate action to eliminate/isolate threats and preform incident response tasks
  • Confirm if existing cyber security initiatives are successful or require improvement
  • Provide recommendations, based on findings, on immediate investigative needs, threat containment and long-term security considerations

REGAIN TRUST IN YOUR NETWORK

To build a sound foundation of defense against a cyber threat, it is necessary to understand your current network, to understand the tactics of attackers, and understand the maturity of your cyber security program.

Performing proactive threat indicator assessments empowers your organization to determine if existing security efforts are successful and if endpoints show signs that an attacker has been successful in bypassing your perimeter defenses. Having visibility into endpoint risk profiles within minutes gives you the advantage of focused threat containment and risk mitigation efforts.

Data breach reports confirm that perimeter defenses are no longer enough to defend against cyber threats and that a breach typically occurred months, sometimes even years, before it is detected. Organizations must make a fundamental shift from reactive cyber security event models to proactive security initiatives. Cyber security experts agree; it’s not a question of if anymore, it’s a question of when.

Our Threat Indicator Assessment service determines whether endpoints have been compromised. It serves as a proactive tool to determine the presence of unknown vulnerabilities (0-day), known malware; as well as active or dormant persistent threats. The easy to read executive reports allow for immediate and focused actions.

Threat Indicator Assessments conducted by Proactive Discovery show results within days and are more comprehensive and cost-effective than alternative approaches.

Use Cases

Risk Management & Mitigation

Regulatory requirements and data breach disclosure laws are causing difficult conversations in C-level suites and board rooms. Compounding the risk are civil actions that claim organizations should be liable for not detecting cyber threats that persist for long periods of time. Threat indicator assessments aid in organizational due diligence efforts and provide real-time risk profile information.

Third party & vendor risk assessment

Sharing sensitive data, intellectual property, or customer data with vendors and partners is a significant risk for organizations. A current threat indicator assessment should be requested to ensure the integrity and confidentiality of vendor and partner networks.

Mergers & Acquisitions

Before M&A transactions are finalized, a threat indicator assessment of the acquisition target should be done to ensures the buyer is not accepting the risk and associated cost of an existing network compromise. A threat indicator assessment should be conducted during the due diligence phase.

Security program validation / audit

A threat indicator assessment serves to validate the effectiveness of current security controls and identify threats that may have circumvented existing defenses. It also provides insight into which security mechanisms are functioning effectively and which are outdated or obsolete.

THE CYBER BREACH ASSESSMENT

Proactive Discovery partners with technology companies to provide its Threat Indicator Assessment service on a scalable, sophisticated and enterprise grade platform. The platform identifies endpoints on your network (workstations, laptops, or servers). Once the endpoint inventory is completed, the process utilizes File Intelligence Services and Digital Forensic Analysis Services to determine the risk profile of each endpoint discovered.

The technology deployed is agentless, meaning executables do not stay resident on the endpoints. The process evaluates everything currently running or schedule to run on endpoints. Each endpoint’s volatile memory is investigated for signs of manipulation or hidden processes. It uses standard networking protocols already in place to manage a network domain; therefore, eliminating the need to pre-install or deploy software to the endpoints or make changes to network configurations. A typical scan of an endpoint completes within a few minutes. To ensure untarnished threat intelligence, the process does not rely on the potentially compromised host operating system to deliver the results but instead looks “beneath” the operating system where malware can escape typical detection from anti-virus products

The scans are orchestrated from a central control panel and leverage built-in automation to perform the aggregation of the compromise assessment data received from the endpoints.

Proactive Discovery’s cyber intelligence professionals analyze the obtained threat indicator assessment information and prepare an actionable report to facilitate decisive actions against identified threats.

The Process

1. Deploy host-based inspection technology

Proprietary, dissolvable and agentless technology is deployed from a central system to endpoints (laptops, desktops and servers)

2. Assess environment for anomalies

Endpoint survey results are aggregated and analyzed across the entire environment to allow machine-assisted and human-driven Indicators of Compromise (IOCs) identification.

3. Analyze evidence

Proactive Discovery professionals use their knowledge and gathered threat intelligence to assess the risk profile of endpoints within the environment.  Proactive Discovery performs these activities to confirm if the discoveries represents malicious behavior or false positives.

4. Summarize findings

The Threat Indicator Assessment is concluded with a detailed report that provides a summary of endpoint risk profiles, details of findings during the assessment and, if appropriate, recommendations for next steps.

Benefits

  • Transparent to network operations and end user
  • Proactive approach to shorten dwell time of adversary inside the network
  • Disrupt adversary objectives earl on
  • Validate existing cyber security technologies and workflows
  • Impartial 3rd party threat indicator assessment
  • Regain confidence in endpoint integrity by answering the question if endpoints in your network are compromised
  • Perform forensic state analysis on endpoints and obtain instantaneous feedback for signs of compromise
  • Report with threat information allows for targeted risk mitigation efforts by IT and security teams
  • Assessment of endpoint does not rely on the potentially compromised operating system; resulting in unblemished assessment data
  • Fast results – provides active threat intelligence within hours; followed by a full review and report within days
  • Effective identification of unknown attacks, hidden backdoors or Remote Access Tools
  • Agentless scans – surveys – gather system information and scan volatile memory with no pre-installation of software for seamless deployment and minimal impact on your systems