HomeIntelligenceBrief
BREACH BRIEF🟠 High ThreatIntel

Compromise Assessments Reveal Missed High‑Severity Threats Persisting Months in Enterprise Environments

Kaspersky’s 2025 compromise‑assessment engagements found that ≈ 60 % of high‑severity incidents were missed due to inadequate alerting, with many persisting over three months. The findings underscore the need for continuous monitoring and auditable evidence to satisfy SOC 2 requirements.

LiveThreat™ Intelligence · 📅 July 02, 2026· 📰 securelist.com
🟠
Severity
High
TI
Type
ThreatIntel
🎯
Confidence
High
🏢
Affected
4 sector(s)
Actions
3 recommended
📰
Source
securelist.com

Compromise Assessments Reveal Missed High‑Severity Threats Persisting Months in Enterprise Environments

What Happened – Kaspersky’s 2025 compromise‑assessment engagements uncovered that ≈ 60 % of high‑severity incidents went undetected because existing tools failed to generate high‑confidence alerts. Nearly one‑third of the discovered compromises persisted for more than three months, including long‑standing crypto‑mining on domain controllers and in‑memory malware that evaded conventional endpoint protection.

Why It Matters for Compliance & Audit Readiness

  • Missed detections indicate gaps in the continuous‑monitoring controls required by SOC 2 CC6.1 (Security) and CC7.1 (System Operations).
  • Prolonged, undetected compromise erodes the evidentiary trail auditors expect for “monitoring and response” controls, making it harder to demonstrate reasonable assurance.
  • Mapping detection tools and threat‑hunting activities to a verifiable control framework (e.g., Verisq’s Control‑Mapping capability) provides the audit‑ready evidence needed to close these gaps.

Who Is Affected – Large‑scale enterprises across technology/SaaS, financial services, healthcare, and manufacturing that rely on legacy detection stacks or ad‑hoc audits.

Recommended Actions

  • Conduct a formal compromise‑assessment or continuous threat‑hunting program to surface hidden artifacts.
  • Map each detection control (EDR alerts, log‑aggregation rules, GPO configurations) to the relevant SOC 2 criteria and capture evidence in a centralized Trust Center.
  • Integrate automated evidence collection for alerts, containment actions, and forensic artifacts to maintain a defensible audit trail.

Source: Kaspersky – Compromise Assessment Findings 2025

Technical Notes – The report highlights root causes such as overly permissive GPO‑based software distribution, lack of high‑confidence alerting logic, and absence of continuous monitoring. No specific CVEs are cited; the issue is systemic detection and configuration weakness. Source: same as above

📰 Original Source
https://securelist.com/compromise-assessment-findings-2025/120542/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Misconfigurations are control gaps in disguise.

Verisq AI Trust Operations turns findings like this into mapped controls with continuous evidence, keeping your audit readiness current instead of point-in-time.

Map your controls with Verisq AI Trust Operations →