Compromise Assessment

Find Cybersecurity Compromises and Prevent Attacks with BlackBerry Cybersecurity Services.

We can help you rapidly determine if your organization is compromised or shows signs of past cyber incidents. And we deliver expert guidance to improve cybersecurity and prevent future attacks. Request a quote or call us now at +1-888-808-3119.
What Is Compromise Assessment?

What Is Compromise Assessment?

Compromise assessment is a type of cyber risk assessment that identifies threats lurking in an organization’s network. First, cybersecurity experts identify indicators of compromise (IOCs). Then, they investigate in-depth the risk-prioritized findings. A report shares these findings and identifies ways to reduce the attack surface.

Compromise assessment analyzes cyber risk exposure, such as data exfiltration and sabotage, command and control activities, user authentication abnormalities, malware persistence mechanisms, and vulnerable network host and application configurations. Compromise assessment is part of cyber incident response.

Compromise Assessment Services

A compromise assessment by BlackBerry Cybersecurity Services has two phases. The first phase is data collection and initial threat hunting. The second phase is a targeted cybersecurity assessment based on the initial findings.

Data Collection and Threat Hunting

In the first phase, you are provided a lightweight package of software and scripts that captures data for the BlackBerry® Cybersecurity Services compromise assessment team. Collected data includes filesystem metadata from endpoints, log data from network devices, event and alert data from ancillary security systems, and more. Our cybersecurity experts then use cloud-based compromise tools and best-practices methodologies to normalize, contextualize, enrich and format the data. A proprietary analytics engine processes the digital forensics artifacts, and the results are used to identify hosts of interest and suspicious activities for phase two, the targeted investigation.

Targeted Investigation

In the second phase, you receive standalone executables to deploy to the hosts of interest to collect in-depth digital forensics data about the suspicious activity flagged during the first phase. If we discover evidence of a past breach, BlackBerry Cybersecurity Services compromise assessment experts can identify when, where, and how it occurred, and recommend how to prevent recurrence. If a breach is in progress, our compromise assessment service can transition seamlessly to incident response (IR) to trace the kill chain, document exploited vulnerabilities, assess impacts, and develop remediation plans.

Use of AI in Cybersecurity Assessment

Best-practice, field-proven compromise assessment methodologies that leverage artificial intelligence (AI) produce results fast. By integrating BlackBerry® Cylance® AI-powered technology into our compromise assessment tools and processes, the BlackBerry Cybersecurity Services rapidly produces preliminary results, often detecting commodity attacks and advanced persistent threats (APTs) within hours of initial data collection.

Find the Best Cybersecurity Assessment Vendor for You

We help organizations of all sizes and in all industries identify cybersecurity risk and protect against cyberattacks. Our compromise assessment service can help you:

  • Determine if a network has been compromised.
  • Obtain cybersecurity results in weeks, not months.
  • Minimize the impact on your IT system resources through a scalable and efficient process that uses dissolvable scripts and a lightweight agent, such as that of CylancePROTECT®
  • Assess cybersecurity compromises of Windows®, macOS®, and Linux® operating systems.

BlackBerry Cybersecurity Services are available to every organization. There is no requirement to be an existing BlackBerry customer to receive our compromise assessment services.

Your Compromise Assessment Report

As part of the compromise assessment service, BlackBerry Cybersecurity Services provides a cybersecurity report for your executive team with two parts:
Your Compromise Assessment Report Your Compromise Assessment Report Your Compromise Assessment Report

Threat Hunting Report

If we detect a past or current compromise, the cyber assessment report details the findings, including the nature of the compromise, its extent and impact on your network environment.

Your Compromise Assessment Report Your Compromise Assessment Report Your Compromise Assessment Report

Attack Surface Reduction Report

Strategic and tactical recommendations provide a risk-prioritized assessment of how you can improve cybersecurity and reduce your attack surface.

Choose the expertise of a top cybersecurity vendor. Contact BlackBerry Cybersecurity Services to discuss your compromise assessment needs.


Structural Dependency
Compromise Assessment Use Cases: Achieving Cyber Resilience with BlackBerry Cybersecurity Services
Get the Use Case
Structural Dependency
Compromise Assessment: Identify and Assess Past Breaches to Proactively Prevent Future Incidents
Get the Data Sheet
Structural Dependency
Case Study: Investment Bank Takes on Cybersecurity
Read Now

Compromise Assessment FAQ

What is a compromise assessment report?

A compromise assessment report is a specific type of cyber risk assessment that identifies vulnerabilities, active threats, and threats that are lurking on an organization’s network. It gives security teams a clear view of the activity on the network in addition to a comprehensive analysis of the organization’s cyber risk exposure. 

Here’s how it works:

BlackBerry’s cybersecurity experts start by identifying indicators of compromise. Then, they use risk-prioritized findings to carry out in-depth investigations of specific threats. Finally, the compromise assessment report is delivered, sharing the investigation findings and providing guidance for reducing the network’s attack surface and mitigating risks from compromised data. 

A compromise assessment analyzes digital exposure to risks such as sabotage, data exfiltration, command and control activities, malware mechanisms, user authentication abnormalities, and configurations of the organization’s network and applications after an attack so that companies can respond appropriately. 

What is the relationship between compromise assessment and threat hunting?

Compromise assessments and threat hunting are both crucial aspects of mitigating cybersecurity risks. High-risk organizations in fields like healthcare often have a layered approach to security using one or more techniques. Both threat hunting and compromise assessments analyze cybersecurity controls and response protocols but at different points during the threat lifecycle. 

Threat hunting allows cybersecurity teams to detect threats before a data incident occurs. Compromise assessments are a technical review of the security controls enforced by an organization and their effectiveness. When used together as a part of a comprehensive incident detection and response plan, they help organizations recoup lost data and mitigate cybersecurity risks moving forward. 

What is the relationship between compromise assessment and incident response?

A compromise assessment is essential for organizations that want to improve their incident response protocols. Responding to incidents quickly and effectively is the key to retaining data. Compromise assessments give cybersecurity teams the information they need to prevent data loss in the future by responding to incidents more effectively. That’s why a compromise assessment report is a key part of cyber incident response.

BlackBerry integrates AI tools to produce results fast regarding environmental risks, security incidents, and threat activity. But they can also automatically transition to incident response protocols like tracing kill chains and attack techniques as soon as threats are detected.

What is the relationship between compromise assessment and vulnerability assessment?

Vulnerability and compromise assessments offer cybersecurity teams the information necessary to prevent incidents and data loss, but what’s the difference?

While a vulnerability assessment provides teams with visibility into potential attack vectors and weaknesses in security, it can’t tell whether or not a network has already been compromised. A compromise assessment also offers network visibility and insights about mitigating those risks, identifying attacks while they are happening, and responding to incidents accordingly. 

What is an indicator of compromise?

Indicators of compromise (IOCs) refer to data that indicates the potential that a system has been infiltrated by a cyber threat and company data has been compromised.

Indicators of compromise are often confused with indicators of attack, although they represent two different kinds of data. Indicators of attack identify activities associated with in-progress cyberattacks, while indicators of compromise examine activities associated with the data loss that occurs after a cyberattack. 

Common Indicators of Compromise

  • Geographic location irregularities
  • Numerous login attempts and other red flags
  • Large numbers of requests for the same file
  • Anomalies in privileged user account activities
  • Unusual outbound network traffic
  • Swells in database read volume
  • Mismatched port application traffic
  • HTML response size fluctuations
  • Suspicious registry changes
  • DNS request anomalies
  • System file changes