Incident Response

A quick and efficient response to an attack on your network can save an untold amount of time, money and staff hours. Determine the source, cause and extent of a computer security breach quickly with our incident response services. We will create an Incident response plan and will help you to recognize the indicators of a compromise and respond appropriately using our incident readiness services. Our team and business partners have extensive experience working with different types of breaches, such as ransomware, denial of service, and theft of Payment Card Industry (PCI) data, personally identifiable information (PII), industry trade secrets, sensitive corporate information, classified data and other types of protected assets.

Organizations large and small select us to take full control, or augment their team, through our incident response and readiness expertise. This includes:

  • Free consultation to assess your business environment, risk and needs
  • Integrated security technologies through a single source
  • 24 x 7 x 365 support and dedicated security and compliance analysts
  • Access to our cloud-based management portal
  • “Follow the Threat” global Security Operations Centers

Our Incident Response Analysts are responsible for ongoing and extended response operations in coordination with you in the event of a widespread attack. Potential response operations may include:

  • Process or file blacklisting on the endpoint(s)
  • Endpoint(s) quarantine or user account lockout
  • Remote software programs on the endpoint for forensic operations
  • File / tool download to the endpoint
  • File or memory process deletion
  • Other solution specific options (product vendor specific)

Explanation of Cybersecurity terms can be found here.

Features Include:

Incident Response: Our experts have responded to incidents including direct hacks, denial-of-service attacks and social engineering and phishing schemes. As a result of our response services, we attempt to identify the source of the incident, isolate the affected systems, minimize the repercussions through containment and, finally, establish a removal and remediation strategy. In addition to our technical analysis, we provide insightful guidance on managing an incident in terms of media relations, corporate communications and working with law enforcement agencies.

Incident Readiness Services: We’ve developed repeatable response methodologies that deliver consistent results. We can teach you to recognize the indicators of compromise and how to respond most efficiently and effectively to limit the impact of a breach while preserving the evidence and its chain of custody. Simulated exercises will help you develop or tweak your response strategy and prepare staff to respond appropriately to a real-world scenarios. Deliverables include a documented and tested Computer Security Incident Response (CSIRP) plan, development and training for a Computer Incident Response Team (CIRT), forensic analysis training and personal training exercises scored using a customized rubric.

Forensic Data Acquisition: We identify accessible, recoverable and relevant data to locate and index all computer, and user-generated evidence up to and including the recovery of content from non-functioning storage devices. Forensic data can be gathered from physical devices, logical volumes, memory, volatile data and network traffic. We handle all data in accordance with proper digital evidence handling procedures to ensure evidence admissibility in court.

PCI Forensic Investigations: We are a certified PCI Forensic Investigator and have more than seven years of experience investigating security breaches at physical locations, e-commerce sites, payment processors and payment gateways.

Computer and Network Forensic Analysis: Through our Forensics methodology, developed by our own experts, we perform a comprehensive analysis within a wide variety of scenarios and on a wide range of devices. Having worked some of the largest security breaches in the world, we’re intimately familiar with the network-based indicators of compromise (IOCs) left behind by attackers or malware. With the evidence we collect, we can tell a complete story about what happened.

Mobile Device Forensic Analysis: By performing a forensic analysis of tablets, smartphones and other mobile devices, we can create a forensic image of that device, build a geographical and/or chronological profile and recover lost, deleted or corrupted data.

Malware Reverse Engineering and Containment: Our experts can quickly identify and extract malware for detailed analysis in a laboratory environment. By dissecting malware at the lowest level, we work to determine its purpose, propagation method, and functional components. Using what we learn, we can minimize the malware’s propagation, eradicate it and prevent future outbreaks.

Benefits:

Limit Exposure with a Quick Response: Reduce the potential of extensive damage to your bottom line, reputation and team’s productivity. Our experts can remotely and immediately provide guidance and, if necessary, arrive on site in just days to limit the impact of an attack on your network and preserve the integrity of any associated hardware, data or other digital evidence.

Understand the Full Story of a Breach: No matter the complexity of your operations, whether they be a single site or a network of nationwide locations, we will work to determine the cause of a security breach, identify the targeted data and tell a complete story of the intrusion.

Reduce the Time Period if takes to Detect and Respond: In our investigations of data compromises last year, we found that the median number of days a business took to detect a breach was 87. The longer an intrusion goes undetected and unidentified, the more time its perpetrators have to wreak havoc. We can help you to dramatically shorten that time period.

Litigate with Confidence: We have the expertise in digital evidence handling, which ensures the protection of chain-of-custody for the evidence of a digital crime.

Understand Exactly What’s Required of You: Having investigated and guided clients through hundreds of data compromises, we will serve as your advocate in informing third parties and law enforcement, and in handling public relations.