Compromise assessment

Be proactive. Be cyber resilient

In an increasingly complex and dynamic threat landscape, now more than ever, organizations need to understand the effectiveness of their cyber defenses in proactively protecting, detecting and responding to threats.

  • Are you confident that your organization does not have existing breaches that have gone undetected?
  • Has your organization maintained visibility and controls sufficient to detect a compromise?

KPMG’s compromise assessment is a tailored, objective technical review of your organization’s network to find instances of compromise, backdoors, unauthorized access and anomalous activity.

The methodology used by cyber adversaries to covertly penetrate environments and steal data.

Containing and eradicating compromises is key to managing risk during an incident. To do this efficiently, measures must address the way in which an attack progresses. KPMG’s Cyber Security Services team evaluates the common steps of an attack to assess if existing compromises are present in the environment. KPMG assists clients in detecting threats at varying stages of an attack with the aim of removing the adversary from the organization. Typical stages of an attack include:

  • Reconnaissance
  • Initial foothold
  • Establishment of a command and control channel
  • Exploitation of vulnerabilities
  • Persistence
  • Lateral movement
  • Theft/destruction of data or perturbation of systems.

We assist clients in determining where in the attack life cycle an organization’s defenses are failing to detect an attack.

Our approach

Scoping and identifying systems of interest

We work with you to identify sensitive and mission-critical systems and applications that are high-risk within your environment.

Hunting for compromises

We work with you to deploy endpoint and/or network sensors to monitor high-risk networks, systems and applications for compromise activity with industryleading technology.

Response and recovery

These services can be provided under attorney-client privilege as needed.


Our team proactively identifies existing gaps and limitations that will hinder an actual breach investigation. This is a critical component of building a mature cyber security program.


Other services that can be included as part of a compromise assessment:

Asset inventory, data discovery and classification – Confirm high-risk systems are known and classified accordingly.

Assessment of security controls – Identify potential gaps in controls and processes.

Tabletop or purple team exercise – Confirm people, process and technology function as expected by testing the environment from an adversary’s perspective in either a tabletop scenario or live simulation.

Incident response maturity assessment – Review the incident response strategy, plan and supporting components to identify potential gaps.

KPMG in action

Recently, multiple major retailers were targeted by sophisticated attackers who attempted to compromise their Point of Sale (POS) systems used to conduct credit card transactions. Many of these attacks were successful, causing losses estimated in the hundreds of millions of dollars and thrusting the victimized retailers into the national news. During the height of these Point of Sale (POS) breaches, a major retailer contacted KPMG Cyber Response Services to give its board of directors a level of comfort that it didn’t have an ongoing breach as well. KPMG deployed a team of highly trained and seasoned experts that completed proactive enterprise forensics on approximately 30,000 POS terminals and critical payment card processing systems looking for indicators of compromise. In less than 14 days, KPMG was able to provide the organization’s board and internal stakeholders with a level of comfort that they were not victims of an active threat campaign targeting the retail industry. In addition to being able to give them peace of mind about their current breach status, KPMG also provided advice on preventative security controls and detection processes to mitigate the risk of POS malware going forward, thus ensuring that the retailer was not only secure today, but had the capability to detect and respond to any potential breaches in the future.

Related content

Get the latest updates from KPMG Cyber Security Services.


Explore KPMG Cyber Security careers

Explore KPMG Cyber Security careers