Share with your friends
Compromise assessment

Compromise assessment

Compromise assessment

In an increasingly complex and dynamic threat landscape, now more than ever, organizations need to understand the effectiveness of their cyber defenses in proactively protecting, detecting and responding to threats.

  • Are you confident that your organization does not have existing breaches that have gone undetected?
  • Has your organization maintained visibility and controls sufficient to detect a compromise?

KPMG’s compromise assessment is a tailored, objective technical review of your organization’s network to find instances of compromise, backdoors, unauthorized access, and anomalous activity. This helps identify opportunities to further improve incident detection and response capabilities.

The methodology used by cyber adversaries to covertly penetrate environments and steal data

Containing and eradicating compromises is key to managing risk during an incident. To do this efficiently, measures must address the way in which an attack progresses. KPMG’s Information Protection Services team evaluates the common steps of an attack to assess if existing compromises are present in the environment. KPMG assists clients in detecting threats at varying stages of an attack with the aim of removing the adversary from the organization. Typical stages of an attack include:

  • Reconnaissance
  • Initial foothold
  • Establishment of a command and control channel
  • Exploitation of vulnerabilities
  • Persistence
  • Lateral movement
  • Theft/destruction of data or perturbation of systems.

We assist clients in determining where in the attack life cycle an organization’s defenses are failing to detect an attack.

Our approach

Scoping and identifying systems of interest

We work with you to identify sensitive and mission-critical systems and applications that are high-risk within your environment.

Hunting for compromises

We work with you to deploy endpoint and/or network sensors to monitor high-risk networks, systems and applications for compromise activity with industry-leading technology.

Response and recovery

These services can be provided on a case-by-case basis as needed.


Our team proactively identifies existing gaps and limitations that will hinder an actual breach investigation. This is a critical component of building a mature cyber security program.

Other services that can be included as part of a compromise assessment:

  • Asset inventory, data discovery and classification
    Confirm high-risk systems are known and classified accordingly.
  • Assessment of security controls
    Identify potential gaps in controls and processes.
  • Tabletop or purple team exercise
    Confirm people, process and technology function as expected by testing the environment from an adversary’s perspective in either a tabletop scenario or live simulation.
  • Incident response maturity assessment
    Review the incident response strategy, plan and supporting components to identify potential gaps. 

KPMG in action

Recently, multiple major retailers were targeted by sophisticated attackers who attempted to compromise their Point of Sale (POS) systems used to conduct credit card transactions. Many of these attacks were successful, causing losses estimated in the hundreds of millions of dollars and thrusting the victimized retailers into the national news. During the height of these Point of Sale (POS) breaches, a major retailer contacted KPMG’s Information Protection Services to give its board of directors a level of comfort that it didn’t have an ongoing breach as well. KPMG deployed a team of highly trained and seasoned experts that completed proactive enterprise forensics on approximately 30,000 POS terminals and critical payment card processing systems looking for indicators of compromise. In less than 14 days, KPMG was able to provide the organization’s board and internal stakeholders with a level of comfort that they were not victims of an active threat campaign targeting the retail industry. In addition to being able to give them peace of mind about their current breach status, KPMG also provided advice on preventative security controls and detection processes to mitigate the risk of POS malware going forward, thus ensuring that the retailer was not only secure today, but had the capability to detect and respond to any potential breaches in the future.

About KPMG Information Protection Services

KPMG member firms employ over 2,500 cyber professionals globally who are available to help you with your cyber needs. Many of these professionals are leaders in the cyber community, helping to develop the tools and methodologies used to combat cyber-crime on a daily basis.

Our professionals have experience working on a variety of cyber-crimes, including insider threats, data breaches, hacktivism, and advanced persistent threat intrusions by highly motivated adversaries. Our services include a variety of strategy and investigation offerings to support your needs.

KPMG is also heavily involved in the information security community. This involvement provides us with early insight into emerging issues, which we share with our clients and our project support teams, as a component of our advisory role. The pragmatic advice and the services we can offer your organization are shaped from the experience we have gained and relationships we have developed serving clients of various size, scope, and complexity.

Keep it simple—the right balance of information protection and accessibility. 

The KPMG Information Protection approach is designed to be simple and effective, and most importantly, aligned with the business needs of our clients.KPMG Information Protection assists global organizations in transforming their security, privacy, and continuity controls into business-enabling platforms, while maintaining the confidentiality, integrity and availability of critical business functions.

We believe cyber security should be about what you  can do—not what you can’t.


KPMG named a Leader in information security consulting services

Recognized by as having the clearest and most direct vision.

KPMG International has been named a Leader in the Forrester Research Inc. report. The Forrester Wave™; Information Security Consulting Services, Q3 2017.

According to the report: “KPMG has the clearest, most direct vision… [asserting] its desire to help CISOs and boards of directors come together on information security as a business issue, not an IT issue. The company’s go-to-market approach leads with vertical expertise, while it is also applying investments across global member firms in areas like data analytics to cyber security engagements.”

“Client references consistently mentioned one area of differentiation for KPMG that provides high value: consultants with operational experience who have deeper insights on the day-to-day battles clients fight than typical service delivery personnel with just a consulting background,” wrote the report’s authors in The Forrester Wave™: Information Security Consulting Services, Q3 2017. 


Contact us

Related content