Kaspersky Targeted Attack Discovery
A comprehensive compromise assessment
Kaspersky Targeted Attack Discovery
Get a Quote!
The latest attacks are aware of the protection tools their victims have in place, - and are developed accordingly, bypassing existing automatic security controls. If they remain undiscovered, these kinds of attacks can lurk within your organization for months. Running a compromise assessment is an effective way of understanding if your existing detection and prevention systems are sufficient. It helps to uncover past and ongoing attacks, enabling the most effective response.
Kaspersky Targeted Attack Discovery will be useful if you are concerned about attacks directed at your industry, if you have noticed suspicious behavior in your own systems, or if your organization simply recognizes the benefits of regular preventative inspections.
The service helps discover:
Detects compromise attempts using a combination of approaches, including threat intelligence, vulnerability assessment and incident investigation
Timely identification of security incidents mitigates their impact before it becomes apparent and protects your resources from similar attacks in future
How the service works
Kaspersky experts detect, identify and analyze ongoing incidents as well as those that occurred in the past, and compile a list of systems affected by those attacks. We help you uncover malicious activities, identify the possible sources of an incident and plan the most effective remedial actions.
Kaspersky do this by:
- Analyzing the specific threat landscape of your organization
- Conducting in-depth inspections of your IT infrastructure and data (such as log files) to identify possible signs of compromise
- Analyzing your outgoing network connections for suspicious activity
- Uncovering probable sources of an attack and other potentially compromised systems
According to recent research, a high proportion of security incidents are undetected. Relying on automated detection and prevention mechanisms alone, you run the risk of failing to detect:
Gathering and analyzing data on attacks from external sources
The aim at this stage is to obtain a snapshot of the attack surface of a company whose assets are, or were, being targeted by intruders. We tap into a variety of intelligence sources, including underground cybercriminal communities, as well as internal Kaspersky’s monitoring systems. Analyzing this intelligence allows us to identify weaknesses in a company’s infrastructure that are of interest to cybercriminals, compromised accounts, stolen data and much more.
Onsite or remote data collection and early incident response
This stage sees data collected from workstations, servers, SIEM systems and other equipment in the customer’s infrastructure. Data can be collected onsite or remotely using software provided to the customer within the framework of the service. In case of suspicious activity Kaspersky experts collect any type of evidence related to the incident, which may include: log files of operating systems, applications and network equipment, web traffic logs (for example, from proxy servers), network traffic dumps, HDD images, memory dumps and any other types of information, which could be useful for investigation. Interviews with the customer’s representatives and of any other entities involved into the incident can also be organized. At this stage Kaspersky provides interim recommendations for initial incident response.
Kaspersky performs analysis of all available information (including malware analysis if needed) in order to recreate the picture of the incident. The customer may be asked to provide additional data (via email or various network resources, depending on the type and amount of data requested).
The work carried out within the framework of the service culminates in a final report. It contains the results of data analysis from external sources, as well as descriptions of detected attacks based on analysis of the data collected in the customer’s infrastructure. The report also contains remediation recommendations for the detected attacks.
If necessary, our experts will analyze the symptoms of an incident, perform deep digital analysis for certain systems, identify a malware binary (if any) and conduct malware analysis. These optional services report separately, with further remediation recommendations. We can also, on request, deploy the Kaspersky Anti Targeted Attack (KATA) platform onto your network. This platform combines the latest technologies and global analytics in order to detect and respond promptly to targeted attacks, counteracting them at all stages of their lifecycle in your system.
How It Helps
Reveal any current or past cyberattacks quickly
- Discover if you’re currently under attack – and understand the nature of the attack and the attacker
- Detect on which of your systems the attack is present
- Understand how the attack is affecting your systems
Plan your response based on detailed reporting
- Analysis of the intelligence gathered about threats and Indicators of Compromise
- Description of possible attack sources and compromised network components
- Response recommendations to mitigate the incident’s impact and prevent future attacks
Put Kaspersky’s unique expertise at your service
- A proven track record of effective targeted attack research
- Cloud reputational network, uniting more than 100 million nodes worldwide
- Dozens of security assessment engagements across all verticals every year
Download the Kaspersky Targeted Attack Discovery Datasheet (PDF).
- Pricing and product availability subject to change without notice.