Home > Expertise > SOC&CERT > Sanity Check

Sanity Check: Verify the health of your IT infrastructure!

Check the integrity of your information system with our Sanity Check offer. A complete health assessment of your assets to detect hidden threats and identify any cyber risks that could lead to the compromise of your IS.

The minimum number of checkpoints conducted by Formind to ensure that an asset remains uncompromised.

Sanity Check: Secure, anticipate, and monitor the state of your IS.

When a cyberattack strikes, the priority is to contain the incident to prevent its spread. A part of the Information System (IS) is then isolated, but how can you ensure the rest of the IS is secure before restarting? A mistake at this stage can lead to a further compromise, amplifying the impact of the initial intrusion and extending the crisis.
The Sanity Check precisely addresses this need. Thanks to our expertise and advanced tools, we analyze your entire IS to detect any persistent threat or risk that could compromise your assets again. Unlike other approaches with limited scope, our Sanity Check can be quickly deployed across thousands of assets, without constraints.

Beyond a post-cyberattack response, the Sanity Check adapts to other strategic contexts: ensuring MCS continuity during a corporate merger by securing newly integrated environments, or performing a routine check-up to regularly verify the state of your IS and prevent any latent threats.
The goal: to allow you to restart your business with confidence, ensure a secure transition during a merger, and maintain a high level of cybersecurity through proactive monitoring.

Control and detect threats and anomalies.

Complete and scalable coverage.

The Sanity Check adapts to all types of environments, whether On-Premise, Cloud, or Hybrid. It facilitates large-scale analysis of your digital environment (Servers, Workstations, Identity) by considering the current threat landscape to ensure the most efficient and comprehensive detection of cyber threats possible.

Rigorous and tool-supported methodology.

An agent is deployed on each asset to collect indicators of compromise. The data is then analyzed by our experts through a dedicated infrastructure, following a precise control plan that covers the main artifacts (Files, processes, registries, network connections, accounts).

In-depth analysis and structured follow-up.

The results are consolidated into a detailed analysis report, accompanied by regular updates for transparent tracking. This approach allows for a controlled production restart, prioritizing critical services and ensuring a secure business recovery.

A secure business recovery

Rapid detection of persistent threats.

Identify any malicious presence still active or dormant in your IS.

Complete coverage without asset limits.

Analysis of thousands of assets (workstations, servers, etc.) without volume constraints.

Reduction of the risk of further compromise.

The Sanity Check guarantees the absence of risks that could affect the security of your IS.

Time-saving for a secure restart.

Optimized verification process to minimize the impact on your business and accelerate recovery.

Proven and automated methodology.

Use of advanced tools and high-level expertise for reliable control.

Peace of mind and guaranteed compliance.

Restart with confidence with a sanitized IS that complies with security requirements.

Our customer references

Context & Objective:
A transportation company, operating across multiple geographic regions, suffered a compromise of one of its Information Systems. With the risk of the attack spreading to other interconnected systems, there was a strong suspicion of lateral movement. At the same time, a migration and merger project of their systems to the cloud was underway. Before interconnecting these environments and ensuring a secure transition, it was imperative to restore trust in the entire IS.

Mission Description:
Formind deployed a Sanity Check across a large scope to verify the integrity of the IT infrastructures:

Scope: 83,000 users across 17 countries,
800 devices (Windows & Linux),
Duration: 3 months.
Activities performed:
1. Technical audit of compromised systems.
2. Network analysis to detect any anomalies or persistent threats.
3. Identity analysis to identify any account compromises.
4. Vulnerability scanning to assess exploitable flaws.
5. In-depth digital investigations to track any signs of persistence and potential compromise.

Results & Benefits:

Validation of the integrity of other IS, preventing a rebound of the attack.
Secured cloud migration project, ensuring a risk-free transition.
Reduced the risk of further compromises by identifying and fixing critical vulnerabilities.

Thanks to this intervention, the client was able to reintegrate its IS with confidence and carry out the cloud migration smoothly.

Context & Objective:
A major player in the cinema industry needed to merge two information systems. The CISO, lacking a history of the system to be integrated, required a precise assessment before the merger. The objective was to identify any malicious elements or vulnerabilities that could compromise the security of the entire new environment.

Mission Description:
Formind deployed a Sanity Check across a perimeter of more than 2,400 devices, with continuity constraints for critical servers. More than 50 checkpoints were performed on each asset in the perimeter to identify any potential threats.
The analysis revealed over 200 compliance or malicious issues, resulting in more than 50 security recommendations. A weekly committee was established to track the progress of the applied fixes and ensure effective handling of the identified risks.
Thanks to this mission completed in 2 months, the CISO gained full visibility into the status of the unknown IS, ensuring a secure and controlled merger.

Context & Objective:
A public service was the victim of a ransomware attack that compromised a large portion of its information system. After digital investigations conducted by Formind’s FIR, the attack vector was identified, and the incident was contained. To restore the IS securely and prevent further compromise, it was essential to ensure the integrity of servers and workstations before reconnecting them. A Sanity Check across the entire IS was urgently carried out.

Mission Description:
Formind’s FIR implemented a Sanity Check to ensure the security of the restart. Administrators restored the servers in a quarantine zone, where they were meticulously analyzed by our experts to detect any residual traces of compromise. Once the checks were completed and validated, FIR gave its approval for the gradual reintegration of assets into the production zone.
To ensure a controlled restart, a detailed analysis report and daily updates were set up. This approach allowed, in less than a week, for the progressive reconnection of 2,700 critical assets and services, ensuring the continuity of activities in complete safety.

FAQ

Is there a limit to the number of assets that can be analyzed?

No, we can deploy an analysis infrastructure capable of processing thousands, or even tens of thousands, of assets.

How many checkpoints are performed in a Sanity Check?

More than 50 checkpoints are verified on all assets within the scope to ensure their integrity.

Which systems can be included in the scope of the Sanity Check?

All operating systems, including Windows, Linux, and macOS, that support the analysis agent are supported.

Is there a need to deploy a tool?

Yes, an agent must be deployed on each asset within the scope of the Sanity Check. This agent then connects to the analysis server.

Does the IS need to be connected to the internet?

No, the analysis server can be deployed directly within your IS. The only condition is that the agents must be able to communicate with this server, and analysts should have access to it.

Is the Sanity Check limited to verifying assets?

No, we can also analyze identities, verify the integrity of a domain, conduct an architecture audit, perform penetration testing, and audit the attack surface to identify all weaknesses within an IS.

Let's stay in touch

Our experts can provide you with ongoing support for your cyber issues. Do you have a question? You’ve come to the right place, and we’ll get back to you within 24 hours!