Adversary Detection Services

Adversary Detection services are designed to identify and remove adversaries operating in your network. Advanced adversaries are often already operating in critical networks, effectively avoiding many of the defensive solutions in place. In a constant cat and mouse game, you must rely on the expertise of your people to stay ahead of the adversaries.

Our Breach Assessment Methodology

Our breach assessments utilize a heuristic-based approach to identify adversary activity operating within your network. Leveraging known adversary actions outlined in MITRE’s ATT&CK Framework, our analysts and toolsets are focused on surfacing these indicators specific to the customer environment. Regardless of the adversary TTPs used, we will be able to detect some of the most sophisticated adversaries operating today.

Scan

Collect host-based data from endpoints based on customer requirements. Our capabilities can be supplemented with real-time collection.

Process

Enrich collected data through an automated enrichment pipeline and submit enriched data for SIEM ingestion.

Analyze

Perform analysis on the results using industry recognized attack models and analytical techniques including MITRE’s ATT&CK Framework, Threat Intelligence feeds, Least Frequency of Occurrence, and First Seen analysis.

Diagnose

Triage indicators/statistical anomalies through memory or disk analysis to make a benign or malicious declaration.

Evaluate

Define the scope of a potential compromise to provide high fidelity findings to the customer's Incident Response process.

Active Incident Response Support

Whether you are experiencing an active breach, or you are looking to determine what happened after the fact, our team will be able to assist in resolving even the most devastating of compromises. Our experts are trained in timeline creation, forensics support, and log analysis to trace an adversary’s actions and provide a full picture of the actions taken. We will integrate into your incident response methodology and assist as needed.

What This Includes

A full planning exercise, tailored to achieve maximum impact

Real-time communication and collaboration during the assessment execution window

Executive- and technical-level briefings with your staff to outline our findings, observations and the attack chain

Recommendations of areas to increase visibility so that a future breach will not be missed

Comprehensive write-ups in a full report detailing every facet of the engagement

Ready to get started?