Identify Advanced Threats
The Ashkelon Group’s Threat Assessment is a unique service that allows organizations to evaluate their networks for the presence of advanced attack group activity. Threat Assessments have helped organizations identify and address issues that, in some cases, had existed for years and resulted in the theft of valuable intellectual property.
Overview of Services
Designed for Targeted Organizations
Over the past several years advanced attack groups – often backed by organized crime syndicates and nation states – have targeted government agencies, defense contractors, financial services firms, research labs, retailers, law firms, energy companies, transportation companies and many others. These advanced attackers develop custom malware and use tactics that can often be difficult to detect using conventional approaches.
The Ashkelon Group’s Approach
The Ashkelon Group has conducted hundreds of investigations where advanced attack groups have compromised well-guarded networks and removed valuable information. During the course of these investigations, The Ashkelon Group has developed specialized knowledge about how advanced attack groups operate. The Threat Assessment couples that intelligence and experience with The Ashkelon Group’s proprietary technology to determine if attackers are currently in the environment or have been active in the past.
Deploying Network- & Host-Based Inspection Technology
Proprietary technology is deployed at Internet egress points and on host systems such as servers, workstations and laptops.
Assessing Environment Using Intelligence from Prior Investigations
The Ashkelon Group has developed a detailed library of Indicators of Compromise (IOCs) that utilize host-based artifacts and network traffic signatures to identify the presence of attackers. The Ashkelon Group consultants apply these IOCs to evaluate servers, workstations and laptops within the network for evidence of current and past attacker activity.
Assessing Environment for Anomalies
The Ashkelon Group consultants use their knowledge of the attack groups and their tendencies to assess the hosts and network traffic for evidence of attacker activity. In this case the focus is on “edge analysis” – systems that have different attributes than the vast majority of other similar systems in the environment.
When The Ashkelon Group identifies Indicators of Compromise or anomalies, consultants draw on skills that range from forensic imaging to malware and log analysis to either confirm it reflects malicious activity or eliminate it as a false positive.
At the conclusion of the Threat Assessment, The Ashkelon Group provides a detailed report that summarizes the approach taken and the findings.