What is an indicator of compromise ?

Indicators of compromise are technical artifacts or behaviors whose presence indicates malicious activity on the information system.

What are the most common indicators of compromise ?

Examples include: Traces of failed authentication attempts on a set of servers Abnormal behavior of conventional Windows processes

How does PwC's Compromise Collector solution work ?

PwC's collector is based on the DFIR-ORC utility developed by the ANSSI. It can be launched via various execution methods, the preferred method being deployment via GPO. Running the collector generates a zip file containing artifact exports in text format, which is then retrieved from a file server for analysis by PwC. The collection does not require any remote access from PwC, once configured by the client.

What types of analyses are performed by PwC in its platform ?

The Compromise Analytics platform is a modular environment, continuously updated with new tests and analyses. It is based on several types of processing : Enrichment with internal or external Threat Intelligence databases (comparison based on signatures or technical indicators, customer data is not sent to third parties) Search for known suspicious behaviors (technical) or behaviors that deviate from the nominal operation of a system Statistical analysis of the entire fleet (uncommon behaviors or files, divergent behavior compared to the rest of the fleet) Once these tests have been performed, the discrepancies are manually analyzed by a PwC expert in order to eliminate false positives and investigate the data to understand the extent of a potential compromise.

Cybersecurity

IT and Cybersecurity

Asset-based expertise

Compromise Discovery

Hunt for compromissions from your Information System

Book a demo

Your challenge

Computer attacks have grown exponentially, targeting both businesses and governments.

Benefits of Compromise Discovery

Agentless

Easy to deploy at scale. No specific agent to install.

Threat analysis

Identify risky behaviors and suspicious traces that may indicate an ongoing or past attack.

Compliance validation

Provide an accurate analysis of the compliance of your IT assets.

"We developed the Compromise Discovery solution in response to a question frequently asked by our clients following our security assessments : "I now know that I am at risk, but is it already too late ?". Our approach has allowed us to identify discrete attacks on our clients' most at-risk perimeters : for example, the presence of banking malware on a branch treasurer's workstation, remote access to an executive assistant's environment, or the presence of unsecured remote access solutions left on a critical server by a supplier."

Jamal Basrire, Cybersecurity Partner, PwC France and Maghreb

Compromise Collector : Automated data collection

Collection of data related on the ongoing activities and configuration of the machines in your IT environment.

Compromise Analytics: Automated pre-processing and forensic analysis by our PwC experts

Identification of traces of compromise thanks to a detailed analysis of systems, our experience of cybersecurity incidents and cross-checking with public (OSINT) or private (PwC network) Threat Intelligence databases.
Statistical, frequency and behavioral analysis to identify attack techniques.
Scoring of technical artifacts based on identified weak signals.
Knowledge base following previous investigations, capitalization on false positives.

Compromise Explorer : Reporting

Visualization of raw data and generated indicators : highlighting the most suspicious artefacts
Health Check on IS hygiene processes : detection of anomalies and compliance gaps to help you improve your existing processes.

Pricing

Initial Assessment

Definition of the perimeter of the IS machines to be analyzed
First collection of data necessary to detect a compromise
Analysis limited to 500 endpoints
Detection of suspicious behaviors & weak signals
Delivery of a report with a global view of the IS

20.000€

Discovery Pro / SME - ISE

Initial Assessment + annual subscription

Definition of the perimeter of the IS machines to be analyzed
Initial collection + monthly collection for one year
Analysis limited to 500 endpoints
Detection of suspicious behaviors & weak signals
Delivery of an initial report with a global view of the IS, followed by a monthly update allowing to follow the evolution

38.000€

Discovery Premium / SME - ISE

Initial + subscription + incident response retainer

Definition of the scope of the IS machines to be analyzed
Initial collection + monthly collection for one year
Analysis limited to 1000 endpoints
Detection of suspicious behaviors & weak signals
Delivery of a report with a global view of the IS
Access to our Incident Response service (available 7 days a week), first 2 days of analysis included
Access to our Threat Watch platform

50.000€

Discovery Expert / SME - ISE

Ransomware White Paper

Ransomware attack : how to deal with it ?

Download

Global Economic Crime and Fraud 2022

How do companies react to the increase in external fraud?

Download

Global Digital Trust Insights 2022

Simplify and optimize your cybersecurity

Download

These products might interest you

Game of Threats : Raise employee awareness and identify your defences in the event of a cyber attack

Discover

Threat Watch : Anticipate threats and strengthen your organization’s security

Discover

Identity and Access Management Monitoring : Secure and monitor your Microsoft environment

Discover

Compromise Discovery

Your challenge

Benefits of Compromise Discovery

Features

Compromise Collector : Automated data collection

Compromise Analytics: Automated pre-processing and forensic analysis by our PwC experts

Compromise Explorer : Reporting

Pricing

Initial Assessment

20.000€

Initial Assessment + annual subscription

38.000€

Initial + subscription + incident response retainer

50.000€

FAQ

Downloads

Ransomware White Paper

Global Economic Crime and Fraud 2022

Global Digital Trust Insights 2022

These products might interest you

Can't find what you're looking for?

Your challenge

Benefits of Compromise Discovery

Features

Compromise Collector : Automated data collection

Compromise Analytics: Automated pre-processing and forensic analysis by our PwC experts

Compromise Explorer : Reporting

Pricing

Initial Assessment

20.000€

Initial Assessment + annual subscription

38.000€

Initial + subscription + incident response retainer

50.000€

FAQ

What is an indicator of compromise ?

What are the most common indicators of compromise ?

How does PwC's Compromise Collector solution work ?

What types of analyses are performed by PwC in its platform ?

Related publications

Director M&A: Make cybersecurity a reflex in the context of your transactions

Securing supplies: when relocation is a solution

Relocating and re-industrialising

Data leaks: how can you avoid them?

Downloads

Ransomware White Paper

Global Economic Crime and Fraud 2022

Global Digital Trust Insights 2022

These products might interest you

Can't find what you're looking for?