Skip to content Skip to footer
Search

Loading Results

Compromise Assessment

Do you know if threats are hiding in your network?

Threat actors with varying motivations organisations’ networks undetected and gain unauthorised access to critical data. Advanced attackers can maintain access to compromised environments for years without being detected. Research from PwC’s Digital Trust Insights (COVID-19) Pulse Survey 2020 shows that over 50% of businesses have observed increases in the numbers of successful intrusions since February 2020, including from phishing attacks, business email compromises and ransomware.

Organisations need to take a proactive stance towards threat hunting,and seek to identify threats in their IT estate -- and respond quickly and effectively-- to mitigate potential impact.

Our approach to Compromise Assessment

The most sophisticated threat actors dedicate their time to finding ways of evading detection from traditional defence mechanisms, such as antivirus; we are focused on identifying the cyber attacks that these first lines of defence may have missed. Our service is really about working with you to identify evidence of malicious activity within your IT estate. We do this by:

  • Analysing data pulled from three distinct sources: your endpoints, your network layer and external threat sources;
  • Augmenting these datasets with our proprietary threat intelligence to gain unique insights into signs of historic or active compromises in your environment; and,
  • Providing clear, pragmatic advice for remediation.

This service is particularly relevant to organisations that:

  • Have been recently compromised and are looking to detect further signs of threat activity
  • Are concerned they may have been breached but don’t see any signs of compromise
  • Are looking to hunt proactively for indicators of compromise and advanced threats
  • Are going through a major organisational change (merger or acquisition, a change to supply chain, change in leadership etc.) and need to assess security risks and potential intrusions
  • Are concerned about tool capability gaps, that lead to reduced visibility across their IT estate

Data sources we analyse

Endpoint

  • Real-time behavioural detection using PwC’s industry leading ruleset, mapped to the MITRE ATT&CK® framework.
  • Analysis of persistence mechanisms that may be employed by attackers to maintain a foothold into your environment.
  • Automated scanning of indicators of compromise developed from the PwC’s threat intelligence research into over 200 advanced threat actors.
  • En-masse analysis of forensic artefacts and system logs to identify evidence of a historic compromise.

Network

  • Constantly evolving real time detection developed from PwC's research and engineering, covering hundreds of advanced threat actors and a wide range of other activity.
  • Our Network Threat Hunting platform is automatically updated as new detection logic becomes available.
  • Offline heuristic detection and machine learning powered by rich metadata.
  • We record a wide range of hygiene points to help inform your risk management programme.

External

  • Analysis of your externally visible infrastructure, to identify compromises of vulnerable and exposed services/endpoints.
  • We search for corporate email accounts in our database of leaked credentials accumulated from hundreds of third-party breaches, and threat actor credential dumps to identify corporate email exposure.
  • Malware repository analysis, to seek out malware and phishing documents that appear to be targeting your organisation.
  • Monitoring of 'paste' and 'dump' sites for any references to your brand that could indicate malicious activity or a data leak.

For situations that require a sustained period of response activities, you will have rapid on-demand access to our global Cyber Incident Response team to help you contain and investigate the incident. Our procedures are grounded in industry best practice, and years of practical experience.

Our service also provides visibility into a range of security risk, health and hygiene indicators that may be placing your environment at an elevated risk. The insights gained from this exercise include the identification of:

  • Misconfigured user accounts and groups that would present a path for an attacker to access your most valuable assets
  • OS and application vulnerabilities that attackers can abuse to infiltrate your systems and maintain a foothold in the environment
  • Compliance configuration drift that may be undermining the protections in place designed to prevent a successful cyber attack

Custom packages available to augment the assessment

Email log analysis

PwC investigates many business email compromises, which predominantly consist of attackers gaining access to one or more corporate email accounts to facilitate a financially motivated attack. We investigate email logs for any anomalous activity which could suggest that your organisation is victim to an ongoing business email compromise.

Dark web monitoring

PwC has access to over 600 dark web forums, thousands of chat channels and groups, anonymous message boards, paste sites, and blogs. We investigate these for information related to your company. This could include any evidence that your organisation is being targeted or that sensitive documents are already being leaked or sold on the dark web.

Web server log analysis

Compromising a website can mean different things, from performing common web-based attacks to expose client data to installing a backdoor granting access to the underlying network. Analysis is performed on an enterprise-wide scale in order to identify any evidence that vulnerabilities in your websites and web applications are being exploited to leak confidential data, or indeed being used as a gateway into your environment.

What are the benefits?

  • Identification of previously unknown, hidden threat activity allows for effective remediation before it causes further damage.
  • Helps you to gain a state of confidence in your security infrastructure.
  • Industry-leading technology layered with our advanced threat detection rulesets to provide high-confidence visibility across the attack chain and insight into attacker techniques.
  • Action-based recommendations for effective improvements to your IT security posture, through a combined executive and technical report prioritised into tactical, operational and strategic recommendations.

Case Study

The client issue

A global entertainment organisation had recently suffered from a cyber breach, which they were only able to detect after the threat actor had achieved their objectives. They wanted to understand whether the threat actor was still present in their environment, or whether there was any evidence to suggest there were signs of another compromise.

The solution

We delivered our Compromise Assessment to address the client’s requirements. As part of the service, we delivered our proprietary threat detection methodology combined with a market-leading endpoint detection solution, which sat on top of their existing security infrastructure, to provide an extensive view of any historical and current malicious activity.

The benefits

During the assessment, we found live evidence of the early stages of a WastedLocker ransomware attack. We were able to rapidly analyse the malicious activity for additional indicators of compromise, and sweep the entire environment for any signs that the threat actor had moved laterally across the network. We then transitioned the investigation to our Incident Response Team who performed additional forensic analysis and initiated remediation steps with the client to ensure that the threat was removed from the environment.

Follow us

Required fields are marked with an asterisk(*)

By submitting your information, you acknowledge that we may send you business insights that we consider relevant to your interests. Please see our privacy statement for details of why and how we use personal data and your rights (including your right to object and to stop receiving marketing communications from us). To stop receiving marketing communications from us, click on the unsubscribe link in the relevant email received from us or send an email to uk_emailconsent@pwc.com.

Contact us

Oliver Smith

Oliver Smith

Threat Detection & Response - Director, PwC United Kingdom

Tel: +44 (0)7718 339124

Paul Bottomley

Paul Bottomley

Endpoint Threat Detection and Response Lead, PwC United Kingdom

Tel: +44 (0)7808 799134

Hide