Our Incident Response service is designed for organizations that have experienced or are currently experiencing a data breach.
Incident Response
While Digital Forensics is about debriefing a cyber-attack, Incident Response is focused on immediate action and containment. For the efficient performance of this service our security team should be granted full access and support by their technical peers within the organization.
The service combines an initial investigation of the specific incident and an assessment of the risk, extent and impact of consequences. The main objective is to reliably contain the threat.
The service achieves this objective through the following steps:
Preparation
Detection & Analysis
Containment Eradication & Discovery
Post-Incident Activity
At a more granular level, the steps consist of the following:
Step 1:
Develop and approve a security incidents management and prevention plan.
Step 2:
Encompasses a range of activities, including monitoring of potential, scanning for indications of an incident and prioritization of detected incidents.
Step 3:
Develop a containment strategy, identify the hosts and systems under attack, mitigate the impacts on the affected hosts and systems, develop and execute a recovery plan.
Step 4:
Review the lessons learned, develop and implement an evidence retention plan.
Remediation paths vary depending on the particular situation that has developed. For the Incident Response service to be efficient, our experts should be promptly provided with as much information as possible. This would facilitate the analysis and set the ground for the next steps of the service.
In most cases, Incident Response requires only short-term data sources such as latest access logs, file timestamps and other technical information.
Importantly, when a breach occurs, staff members should seek instructions from a cybersecurity expert before they undertake any action. Any spontaneous/feverish responses may jeopardize the investigation and/or overwrite essential data.
Mitigation of impacts and reliable containment are the highest priorities of this service.
We are experienced and ready to help you take your cybersecurity to the next level.