Cybersecurity Services: Compromise Assessment
Comprehensive threat defense
CRA combines deep cyber breach experience with leading edge threat detection capabilities to help organizations detect, contain, and eradicate threats and improve overall cyber hygiene. Our professionals include information security experts and incident responders who live and breathe the tactics, techniques, and procedures ("TTPs") of current threat actors:
- Advanced Persistent Threats ("APTs") use sophisticated techniques to gain and maintain access to systems for prolonged period of times. They can either be state-sponsored attackers, or financially motivated cyber criminals.
- State-sponsored attackers are often after information and seek to gain sustained access to victim organizations. They usually have access to significant resources, making them difficult to detect and eradicate. Some state-sponsored attackers are financially motivated.
- Financially motivated threat actors may attempt to steal personally identifiable information (PII) such as social security numbers, credit cards and banking information, or to ransom critical digital resources.
- Insider threats are people within the organization that either deliberately or unknowingly introduce cyber risk to the organization. Examples include (disgruntled) employees, former employees, contractors or business associates.
To combat these threats, CRA’s professionals have access to the following capabilities:
- Inbound, outbound and internal network traffic visibility and analytics;
- Network packet capture ("PCAPs") and log file analysis;
- Endpoint visibility enabling threat detection, hygiene reporting and more;
- Industry leading threat intelligence, file reputation information and Indicators of Compromise ("IOCs");
- Triage analysis of registry, process and memory and full disk forensics analysis;
- Malware reverse engineering;
- Governance, risk, and compliance assessments.
Approach and methodology
CRA offers bespoke visibility and detects both real-time and historic threats. We achieve this by applying an approach that includes end point analysis and threat detection, network surveillance, and data analytics. Our experts collect and analyze data across all dimensions of a compromise assessment. Our detection methodologies are closely aligned with the industry standard Cyber Kill Chain and MITRE ATT&CK™ framework.
A proper evaluation of whether malicious activity has occurred in your environment can’t be accomplished without comprehensive, historical, forensics-based context, combined with dynamic monitoring. Every environment is distinctive; CRA collaborates with our client’s team to understand network topology and what systems comprise your environment. With this knowledge, the team can understand and leverage the tools in your organization. Our methodology allows us to identify malicious activity, deliver you with an industry leading forensics capability, network monitoring, and endpoint detection and response (EDR) effort.
CRA works with our clients to identify their sensitive and mission-critical systems and data, commonly known as “Crown Jewels” that are high-risk within your environment.
CRA conducts active research concerning potential cyber threats targeting your organization. We provide insight into internal or external attackers and potential motivations so organizations know if they are being targeted.
CRA combines real-time threat detection and threat hunting with continuous data collection and analysis allowing for anomaly detection. We can quickly triage hits, pivot across the entire environment, and perform active remediation if needed.
Recent client examples
Issue: A global data processing company requested a compromise assessment after a large competitor suffered a widely publicized breach.
Action: CRA obtained endpoint visibility and performed threat hunting across the environment. CRA found several instances of malware as well as shortcomings in the environment’s security posture such as unmanaged assets and outdated software.
Impact: The client was quickly able to remove the malware from their environment, update the outdated software, and improve their security posture.
- Tanium: Certified Incident Responder
- Gigamon: Network Forensics and Incident Response
- Cylance: Incident Response
- Carbon Black: Incident Response
- Recorded Future: Certified Threat Intelligence Partner
- CISSP, CISM, GCFA, GCIH, GREM, GFNA, EnCE, CCE, QSA
- Combined decades of experience specializing in providing incident response, internal affairs investigations, compromise assessments, and post response services for organizations across a wide spectrum of industries.
- Previous incidents include Nation State actors, Advanced Persistent Threats (APT), SWIFT heists, theft of Payment Card Information (PCI), Personally Identifiable Information (PII), Protected Health Information, and Intellectual Property, Ransomware, Extortion, Business Email Compromise (BEC), Phishing, and Denial of Service.
- CRA Forensic Services is ISO27001:2013 certified, the best-known international standard for information security.
- CRA International, Inc. holds private investigator licenses in Illinois (License No. 117.001795 115.002511), Indiana (Private Investigator Firm License No. PI21600025), Massachusetts (License Number LP1045A), and Michigan (Professional Investigator Agency License No. 3701207037).