Objectives of Incident Response
Incident Response services are essential for effectively responding to cyber attacks. These services provide expert assistance to identify, contain, eradicate, and recover from a security incident.
In the event of a ransomware attack, our Incident Response service can help your business return to normal safely. In the case of a potential data breach, our Incident Response service can help you identify the exfiltrated data and contain any ongoing leaks.
Proactive or Reactive Approach
How to handle Incident Response
Incident response can be prepared in advance of events or addressed on a case-by-case and reactive basis, already under incident. In an incident situation, there is a big difference between organizations that have had time for adequate preparation and those that have not. Our service can respond to organizations in both situations:
Response with Prior Preparation
- Under an annual service mode, with the Incident Response team on retainer to minimize response times.
- Agile effectiveness, with maximum guarantees of identification and containment of the incident.
- Priority response 24x7x365, with a commitment to respond in less than 1 hour.
Response without Prior Preparation
- Service on demand and in an incident situation, where in the first moments of the response it will be necessary to properly enroll the Incident Response team.
- The start of the investigations is not as immediate as in the proactive approach.
- The response will still be 24x7x365, but without a dedicated retainer.
Proactive Incident Response Service
Anticipation is key to effectively responding to a security incident. Some tasks performed in advance include:
- Regular Readiness Assessments to ensure the immediate deployment of the Incident Response team when an incident occurs.
- Periodic Compromise Assessments to assist in identifying previously undetected malicious activity.
- Incident drills to improve the efficiency of the responses provided in the event of an incident.
- Threat analysis to identify Threat Actors that could cause an incident and make appropriate decisions to prevent it.
A well-crafted and up-to-date incident response plan can help organizations anticipate and respond effectively to security incidents.
Reactive Incident Response Service
Responding to a security incident without prior preparation requires solving challenges on the fly, such as:
- Gaining knowledge and context of the organization.
- Securing support from key organization personnel to enable remote access and grant permissions for the service to access relevant information.
- Deploying necessary tools and technologies to carry out the service.
The response with an unprepared Incident Response service is slower, thus requiring transparency and continuous communication of expectations in the face of any challenges not promptly resolved.
Our Incident Response Service
Our Incident Response service is available to address any incident 24 hours a day, 365 days a year. Once an incident is reported and the service is activated, we assume the leadership of the response for a quick return to normalcy.
This involves managing the incident through the following phases:
1 - Understanding the Security Incident
Contextualization of the incident and initial situation.
Gathering information about the incident and corporate resources that may be used during the investigation.
Requesting access to corporate systems necessary to consult relevant information during the incident response.
2 - Investigation of the Incident
Analysis of relevant information for the identification of suspicious activity.
Identification of the extent of the compromise and the permissions the malicious actor responsible for the incident has to cause further damage.
3 - Response to the Incident
Orchestration of tailored responses based on the potential risk of receiving a greater impact than what has been produced.
Expulsion of the malicious actor from corporate assets to prevent further compromise of the organization.
4 - Incident Response reporting
Disclosure of all confirmed malicious activity.
Establishment of a timeline with the main events of the incident.
Identification of exploited weaknesses and security controls that have not been effective.
Advice and suggestions for improvement to prevent recurrence.
How is our Incident Response team different?
Our Incident Response unit consists of experts in both offensive and defensive security, allowing us to achieve a combined approach and a comprehensive view of both the attacking and defending aspects of a compromise.
We respond in any scenario
- Understanding that each organization is unique, our Incident Response team will tailor the service to maximize information from available sources.
- We use any source of information relevant to the case, regardless of its location or technology.
- If necessary, we provide EDR technology at no additional cost to increase visibility of malicious activities that may be occurring in your company.
We study Malicious Actors before the incident
- Our continuous improvement processes come from our knowledge and experience and the experiences of our Red Team and Threat Hunting services.
- Even when security technology has not generated alarms about the incident, our experts are capable of identifying malicious activity from available telemetry, events, or logs.
- Our professionals have a strong offensive mindset, which helps them anticipate future activities that the Malicious Actors involved in the incident might undertake.
Threat Hunting Intelligence
We accelerate detection for a quick response and recovery
- Our Threat Hunting Intelligence consists of a vast amount of proprietary Threat Hunting rules, providing a decisive advantage in early detection of any malicious activity.
- We deploy our accumulated knowledge through Threat Hunting rules, which helps us to be on the right investigative track as soon as possible.
- Our Threat Hunting rules are continuously developed to facilitate the discovery of even the newest TTPs used by Malicious Actors.
Word class team
Expertise and acquired experience
- Our professionals bring high-level investigative capabilities to an incident, which facilitates obtaining detailed and precise information about the occurred incident.
- Lessons learned from the synergy between our Red Team and Threat Hunting services help us gain deep knowledge of both Malicious Actors and detection opportunities against the techniques, tactics, and procedures employed.
- If necessary, we collaborate with some of the leading forensic analysis companies to meet any requirement.