BREACH RESPONSE

Compromise Assessment

Systematic identification of current or past malicious threat activity within your organization.

------ SERVICE OVERVIEW

With an increasingly complex cyber threat landscape, companies need to understand the effectiveness of their cyber defense strategies.

A Breadcrumb Compromise Assessment combines real-world experience responding to network intrusions, and industry-leading threat intelligence strategies to deliver an assessment that identifies current or past network intrusions. If a compromise is detected, Breadcrumb reporting distills complex information into a clear chain of actionable insights highlighting what has been breached and how to resolve it.

Security is much more than a static state – there is always something to learn from a compromise assessment. If our assessment points to a clean house, we take the opportunity to identify steps your organization can take to improve resiliency and breach readiness.

"91% of cyberattacks begin with a spear phishing email, which is commonly used to infect organizations with ransomware." - KnowBe4

Breached?

If your organization needs immediate assistance for a possible incident or security breach, don’t delay. 

Our Approach

Breadcrumb engineers use advanced threat detection techniques to search endpoints, monitor network traffic, and analyze logs from security devices for evidence of attacker activity. In addition, Breadcrumb consultants use signatureless data analysis techniques to find previously unseen attack activity.

Our compromise assessment methodology validates whether or not attackers have infiltrated your environment, and provides actionable steps you can take to keep them out with considerations that include (but are not limited to) the following:

Operating system-specific malware persistence mechanisms and process injection methods: 

We review currently running processes, scheduled tasks, and common hiding places to detect anomalies in behavior and communications.

Attacker lateral movement: 

We apply threat intelligence and user behavior analytics to uncover the attacker pathway in real-time. Our threat intelligence is garnered from industry and proprietary sources, as well as our threat intelligence team.

Common attacker tools: 

We find evidence of attacker activity, including modified registry keys or executable files left behind, to validate suspected compromise.

Indicators derived from investigations:

We evaluate an exhaustive list of compromise indicators, such as privileged user account anomalies, geographical irregularities, or suspicious registry changes.

Environment-specific considerations:

We take the time to understand your environment and the relationships between users, hosts, and processes to identify any artifacts in the kill chain.

Assessment Categories

Malware Analysis

We conduct systematic malware analysis to develop techniques for blocking malware, which improves organizations’ resilience against further intrusions.

Network Analysis

Packet and log data collected by Breadcrumb advanced detection agents help identify suspicious communications that traditional, signature-based cybersecurity systems miss.

Host Forensics

Our incident response team uses advanced memory analysis techniques, executables, files, and libraries to identify unauthorized services and processes running on endpoints.

Cyber Threat Intelligence

Breadcrumb conducts extensive research into cybercriminals’ attack infrastructure, tools, and techniques, and monitors cyber threat intelligence feeds from a range of sources, including the FBI and industry ISACs (Information Sharing and Analysis Centers).

Comprehensive Cyber Forensic Framework

This framework guides our forensic analysis and helps ensures the incident response process includes data from multiple sources, including in-house systems, open-source research, the FBI, DHS, and various threat intelligence feeds.
"Breadcrumb has a thorough understanding of what would happen if hackers found their way into our systems and how to minimize that risk. I highly recommend Breadcrumb for any organization looking to ensure compliance and improve their security.”
— Scott Sells, Administrative Operations Director | CCENT