Our Incident Response Services handle critical security incidents, resolve immediate issues and apply long-term solutions to address systemic causes of the incident. Threat Actors/Attackers achieve results through persistence and patience. They gain access to your systems and remain hidden, waiting.
We have extensive experience modeling and executing attacks on different types of environments. We understand how the modern attacker thinks, acts and reacts. We specialize in investigating intrusions performed by the most advanced threat groups. Our collective incident response experience provides expertise and threat intelligence that enables its consultants to identify the actions of the attacker along with the scope of the compromise and what data was lost. We draw on a range of unique skills, experience, tools, TTPs and technology to resolve each incident, remove the attacker and re-secure the network.
Our experts focus on helping your organizations recover from computer security events while minimizing the impact of the event on the organization. We help you develop new and effective ways that are forensically sound. Additionally, we assist you in developing effective programs so that you can identify what the attackers are looking for, what they have gotten, and how to remove them for future security counter-measures.
Common activities we perform during an investigation:
Assess the situation
Each investigation begins by gaining an understanding of the current situation. How was the issue detected? What data has been collected? What steps have been taken? What does the environment look like?
Verify client objectives
The next step is to define objectives that are practical and achievable. The goal may be to identify data loss, recover from the event, determine the attack vector/exploit, identify the attacker—or a combination of the stated objectives.
Our consultants collect information with forensically sound procedures and document evidence handling with chain-of-custody procedures that are consistent with law enforcement standards and regulatory requirements.
Based on the evidence that is available and the client’s objectives, we draw on skills that range from forensic imaging to malware and log/event analysis in order to determine the attack vector, establish a timeline of activity and identify the extent of the compromise.
Provide management direction
During each investigation, our experts work closely with client management to provide detailed, structured and frequent status reports that communicate findings and equip its clients to make the right business decisions.
Develop remediation plans
Remediation plans vary depending on the extent of the compromise, the size of the organization and the tactics/objectives of the attacker. As part of an investigation, we deliver a comprehensive remediation plan and assist with the implementation.
Develop investigative reporting
We provide a detailed investigative report at the end of every engagement that addresses the needs of multiple audiences including senior management, technical staff, third party regulators, insurers and litigators.