EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.
How EY can Help
-
Our Privacy & Cyber Response professionals can help your business navigate through complex cyber attacks. Learn more.
Read more
Identifying incidents where an attacker has slipped past security defenses
A compromise detection harnesses the same forensic strategies used in a cyber breach investigation to identify which endpoints and systems have been compromised. By closely monitoring system and network activities to identify unusual patterns and indicators of compromise (attacker footprints), forensic teams will either find hidden attackers or (hopefully) provide comfort that the organization is not facing a breach.
During the assessment, forensic teams deploy solutions in the IT environment, where they collect telemetry data on system and network activities. Digital forensic professionals then analyze these activities to spot red flags suggesting that compromise may have occurred.
Evidence gathered from forensic methodologies is likely admissible in a court of law. Should there be a need to file or defend against a suit arising from the incident, organizations can turn to experienced forensic experts to issue expert reports or provide expert testimonies in court. Forensic teams also prepare forensic reports to support regulatory submissions or insurance claims.
Expanding function of compromise detection
For years, compromise detection has been seen as a niche service as a critical part of cyber forensic investigations to trace and eliminate threats. It is also increasingly conducted under special conditions:
- When senior IT personnel are terminated for misconduct, digital forensic teams are often called in to check whether the disgruntled party has planted any back doors, time bombs or other malware in the IT environment.
- Compromise detection is also increasingly conducted in M&As, where acquisition value resides in patents, trade secrets or proprietary technology. In addition, any advanced persistent threats must be investigated and eradicated before interconnecting the acquiring and target entities’ IT networks.