Incident response is an organized approach to addressing and managing the cyber-attack (during the attack) and the aftermath of a security breach. The goal is to identify and contain the attack, bring you back to business and handle the situation in a way that limits damage and reduces recovery time and costs.
Sensitive data could be compromised by any employee, either accidentally or on purpose, such as corporate espionage. If the threat internal, we can also assist in discovering the identity of the culprit, and help determine if the breach was accidental or intentional.
These threats may be internal or external. Our Computer Emergency and Response team (SRS-CERT) can rapidly formulate an action plan and response to any such threats:
- Once we start handling the case, we deploy the necessary hardware and software that will uncover the breaches in your environment.
- Once we have enough information about the type and tactic of the attack, entry point and which systems are effected, we will then move on to containment.
- During containment stage, we will quarantine and focus on the effected systems, remove any and all malware and hardware devices that the malicious parties could have used to access the system.
Incident Response Services:
- Incident management and organization
- Threat hunting
- Threat containment
- Digital forensics (disk/memory/logs/network)
- Malware analysis
- Phishing mail analysis
- DDoS analysis and mitigation
- Incident communications to management level
- Reports tailored for your organization
Mitigate Future Risks
External threats can include attack vectors such as; phishing scams, where the malicious party tries to gain access to the system / sensitive information by copying a legitimate source website or e-mails (such as a bank, phone provider and so on), to social engineering schemes to try to get the employees to disclose sensitive information or private data, to Advanced Persistent Threats (APTs).
The APTs are a kind of malware that usually don’t cause any visible damage to a system, but instead steal all kinds of data, ranging from financial data, to personal data and extremely sensitive business data. These kinds of attacks are not necessarily carried out by lone individuals but rival companies and / or governments. What makes APTs hard to deal with is the fact that these kind of malware are very persistent, and hard to eradicate. If they’re found, they can simply come back via a back door or some other type of vulnerability. This is why once we make sure your system is clean, we monitor the breach points closely and use the necessary countermeasures to ensure your system is safe.