RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2

Solar 4Rays: Compromise Assessment

Product
Developers: Solar (formerly Rostelecom-Solar)
Last Release Date: 2024/09/11
Branches: Information security
Technology: Information Security - Security Information and Event Management (SIEM),  IT outsourcing

The main articles are:

2024: Compromise Assessment Service Launch

The Solar 4RAYS Cyber ​ ​ Threat Research Center is launching the Compromise Assessment service - a search for the covert presence of attackers on the organization's network. Solar (formerly Rostelecom-Solar) announced this on September 11, 2024. Companies should order such a check at the first sign of suspicious activity on the network, as well as if they doubt the full coverage of the infrastructure with information security monitoring tools. This will identify the attack at the initial stage and prevent fatal consequences for business. Within the framework of the Compromise Assessment, you can also find traces of past hacks that have gone unnoticed by means of protection.

In the course of work, Solar 4RAYS experts study the infrastructure and, if it was really attacked, then analyze compromised systems and found malware (its functions, uniqueness, methods of bypassing protection). Upon completion of the study, experts prepare recommendations for "cleaning" the IT infrastructure from attackers and increasing the level of information security protection.

The effectiveness of the Compromise Assessment largely depends on how timely the company applied for the service. It is better to do this at the first sign of compromise. For example, in case of multiple antivirus trips, loss of access to corporate resources, the appearance of suspicious accounts or anomalies in network traffic.

Solar 4RAYS experts see attackers constantly expanding the set of techniques used to hide their presence in the infrastructure and bypass defenses. Moreover, the abundance of camouflage techniques is a characteristic sign of pro-Ukrainian groups, which Solar 4RAYS experts have encountered in the framework of investigations. Groups such as Shedding Zmiy and Lifting Zmiy adhere to a strategy of long-term covert presence in the attacked infrastructure to collect the maximum amount of confidential data. The threat is aggravated by the fact that, having collected the necessary data, attackers often destroy all the systems that they managed to "reach" during this time. That is why today it is extremely important to catch the attack at the earliest stage, even at the moment of initial compromise.

File:Aquote1.png
Sometimes companies are not sure that information security monitoring tools completely cover their network - in this case, Compromise Assessment will help make sure that the attackers did not use the "blind spots." We also always recommend Compromise Assessment in the event M&A of a deal, since this is the only way an organization can check the security of the absorbed infrastructure and prevent the connection of compromised systems, "said Anton Firsov, head of the incident response department at the Solar 4RAYS Solar Cyber ​ ​ Threat Research Center.
File:Aquote2.png

The effectiveness of the Compromise Assessment is proved by pilot projects conducted by the Solar 4RAYS team. For example, as part of a service in one of the Russian government agencies, it was possible to find an APT group that had been engaged in espionage in infrastructure for a long time. According to Solar, the effectiveness of Compromise Assessment is proved by pilot projects conducted by the Solar 4RAYS team.