With an increasingly complex cyber threat landscape, companies need to understand the effectiveness of their cyber defense strategies. A Breadcrumb Compromise Assessment combines real-world experience responding to a breach and industry-leading threat intelligence to deliver an assessment that identifies current or past network intrusions. If a compromise is detected, Breadcrumb reporting distills complex information into a clear chain of actionable insights and recommendations.
Security is more than a static state – there is always something to learn from a compromise assessment. If our assessment points to a clean house, we take the opportunity to identify steps your organization can take to improve resiliency and breach readiness.
Breadcrumb engineers use advanced threat detection techniques to search endpoints, monitor network traffic, and analyze logs from security devices for evidence of attacker activity. In addition, Breadcrumb consultants use signatureless data analysis techniques to find previously unseen attack activity.
Our compromise assessment methodology validates whether or not attackers have infiltrated your environment, and provides actionable steps you can take to keep them out with considerations that include (but are not limited to) the following:
Operating system-specific malware persistence mechanisms and process injection methods:
We review currently running processes, scheduled tasks, and common hiding places to detect anomalies in behavior and communications.
Attacker lateral movement:
We apply threat intelligence and user behavior analytics to uncover the attacker pathway in real-time. Our threat intelligence is garnered from industry and proprietary sources, as well as our threat intelligence team.
Common attacker tools:
We find evidence of attacker activity, including modified registry keys or executable files left behind, to validate suspected compromise.
Indicators derived from investigations:
We evaluate an exhaustive list of compromise indicators, such as privileged user account anomalies, geographical irregularities, or suspicious registry changes.
We take the time to understand your environment and the relationships between users, hosts, and processes to identify any artifacts in the kill chain.