Incident Response

Our team of cyber security engineers and analysts have a diverse set of skills and are specialized in areas such as digital forensics, malware analysis, network security, incident management, and threat intelligence. For each engagement, we bring the right team with the right talent, as well as reach back support, to enable an effective Incident Response strategy. We follow and tailor an 8-step framework that allows for flexibility and fosters collaboration and communication across the team and client organization:

1. Preparation: Develop an incident response plan that outlines roles and responsibilities and establishes procedures for reporting, responding to, and escalating incidents, as well as communication channels.
2. Identification: Detect potential security incidents through monitoring and analysis of network traffic, system logs, and other data sources; intake and analyze internally reported incidents within the organization (e.g., user encounters)
3. Containment: Take immediate action to prevent the incident from spreading, such as disconnecting affected systems from the network or blocking malicious traffic.
4. Investigation: Conduct a thorough investigation to determine the scope and nature of the incident, the data or systems affected, and the root cause.
5. Eradication: Remove the root cause of the incident, such as malware or unauthorized access, and identify/take steps to prevent the incident from recurring.
6. Recovery: Restore normal operations and verify the integrity of the affected systems and data.
7. Reporting: Document the findings and actions taken; prepare a final report.
8. Lessons learned: Conduct a post-incident review to identify areas for improvement and update the incident response plan accordingly.