What is an indicator of compromise ?

Indicators of compromise are technical artifacts or behaviors whose presence indicates malicious activity on the information system.

What are the most common indicators of compromise ?

Examples include: Traces of failed authentication attempts on a set of servers Abnormal behavior of conventional Windows processes

How does PwC's Compromise Collector solution work ?

PwC's collector is based on the DFIR-ORC utility developed by the ANSSI. It can be launched via various execution methods, the preferred method being deployment via GPO. Running the collector generates a zip file containing artifact exports in text format, which is then retrieved from a file server for analysis by PwC. The collection does not require any remote access from PwC, once configured by the client.

What types of analyses are performed by PwC in its platform ?

The Compromise Analytics platform is a modular environment, continuously updated with new tests and analyses. It is based on several types of processing : Enrichment with internal or external Threat Intelligence databases (comparison based on signatures or technical indicators, customer data is not sent to third parties) Search for known suspicious behaviors (technical) or behaviors that deviate from the nominal operation of a system Statistical analysis of the entire fleet (uncommon behaviors or files, divergent behavior compared to the rest of the fleet) Once these tests have been performed, the discrepancies are manually analyzed by a PwC expert in order to eliminate false positives and investigate the data to understand the extent of a potential compromise.

Cybersecurity

IT and Cybersecurity

Asset-based expertise

Compromise Discovery

Hunt for compromissions from your Information System

Book a demo

Your challenge

Computer attacks have grown exponentially, targeting both businesses and governments.

Benefits of Compromise Discovery

Agentless

Easy to deploy at scale. No specific agent to install.

Threat analysis

Identify risky behaviors and suspicious traces that may indicate an ongoing or past attack.

Compliance validation

Provide an accurate analysis of the compliance of your IT assets.

"We developed the Compromise Discovery solution in response to a question frequently asked by our clients following our security assessments : "I now know that I am at risk, but is it already too late ?". Our approach has allowed us to identify discrete attacks on our clients' most at-risk perimeters : for example, the presence of banking malware on a branch treasurer's workstation, remote access to an executive assistant's environment, or the presence of unsecured remote access solutions left on a critical server by a supplier."

Jamal Basrire, Cybersecurity Partner, PwC France and Maghreb

Compromise Collector : Automated data collection

Collection of data related on the ongoing activities and configuration of the machines in your IT environment.

Compromise Analytics: Automated pre-processing and forensic analysis by our PwC experts

Identification of traces of compromise thanks to a detailed analysis of systems, our experience of cybersecurity incidents and cross-checking with public (OSINT) or private (PwC network) Threat Intelligence databases.
Statistical, frequency and behavioral analysis to identify attack techniques.
Scoring of technical artifacts based on identified weak signals.
Knowledge base following previous investigations, capitalization on false positives.

Compromise Explorer : Reporting

Visualization of raw data and generated indicators : highlighting the most suspicious artefacts
Health Check on IS hygiene processes : detection of anomalies and compliance gaps to help you improve your existing processes.

Pricing

Ransomware White Paper

Ransomware attack : how to deal with it ?

Download

Global Economic Crime and Fraud 2022

How do companies react to the increase in external fraud?

Download

Global Digital Trust Insights 2022

Simplify and optimize your cybersecurity

Download

These products might interest you

Game of Threats : Raise employee awareness and identify your defences in the event of a cyber attack

Discover

Threat Watch : Anticipate threats and strengthen your organization’s security

Discover

Compromise Discovery