This form of assessment provides clients with information as to whether their infrastructure is affected by an advanced persistent threat (APT). This targeted attack extends over several phases and can remain undetected upon infection. The further phases leading to data outflow or destruction (encryption, deletion) can take a long time, which makes detection even more difficult.
Using a specialized detection solution, the entire network traffic of a company is analyzed as to impact on predefined communication models in combination with machine learning and assessed using the risk assessment framework. Potentially affected systems are listed and flagged for in-depth analysis.
A case-specific APT assessment can be easily extended into a permanent monitoring solution, which can even be used for the automated isolation of affected devices.