Last week Infocyte was doing a product demo for a partner who wants to do compromise assessments (like these guys). They chose an existing client to do a limited scan using our product, selecting a handful of systems… and we found something interesting.
Now that’s not the interesting part; we find things all the time. In fact, more than half of organizations that our product is run on (i.e. compromise assessments) have some unauthorized or malicious code in their network. The interesting part here was the evolution of this particular assessment and follow on incident response engagement + the fact that they didn’t ask for privacy or an NDA (which we usually do), so I get to talk about it (which I usually don’t).
As with many incident response engagements, this one was full of audible facepalms, raised eyebrows, excitement, and then deflation… all in about a 4 hour period.
More from our blog
Despite the rich data provided by SIEMs, organizations find themselves drowning in false positives, making it difficult to focus on high-priority events. This problem of alert fatigue prevents cyber security teams from identifying and addressing real threats – impacting small teams with no SOC, large enterprise teams with a SOC, and MSSPs overseeing the security for many SOCs/customers.Read More »
In 2018, the U.S. Healthcare Industry Remained a Hot Target for Data Breaches. Last year alone, over 15 million patient records were affected with an average of one data breach occurring every 24 hours in the healthcare industry. It goes without saying that hackers and cyber attackers are finding ways around/through/past security defenses—exploiting vulnerabilities and…Read More »
A Brief History of Forensic State Analysis Prior to starting Infocyte, our co-founders, Chris Gerritz and Russ Morris, created the first enterprise-scoped threat hunting team for the entire U.S. Department of Defense. Their teams were responsible for hunting, detecting, and responding to highly sophisticated attacks across an 800,000-node network. With virtually unlimited resources and access…Read More »