Incident Response

Their goals are clear. Penetrate your defences to steal your data, deliver malware to your network, or disrupt your business through destructive attacks such as ransomware or data wipers.

What is it?

When you have been breached, a fast and efficient response is needed to understand the depth and impact of the incident on your critical business functions.

The impact of a breach is directly proportional to how quickly and how well it is responded to. As a CREST-accredited incident response team, we can help you minimise the impact of any breach or incident and maintain business continuity by providing services in line with your company’s specific needs regardless of your cyber maturity level.

Incident response retainer 

We have an incident response retainer service, which is a proactive service that allows you to get immediate access to our full suite of Digital Forensic and Incident Response (DFIR) services and our experienced and motivated team when you need them. The agreement avoids roadblocks such as contracts, MNDAs, service provider due diligence, and raising purchase orders. Things that you just can’t afford when you need emergency assistance. 

Without a retainer, it can be more challenging to get support because your systems have been compromised.  Taking out that hassle and time is key to saving you money and getting you back to business as usual faster after a breach.  However, if you haven’t got a retainer with us, we are still committed to rapidly identifying, containing, and eradicating cyber threats while assisting your IT team in recovering systems and data affected by such incidents.

You can expect a holistic approach that not only resolves the immediate issue but also equips them with the knowledge and strategies to enhance their defences against future threats.

What does our incident response service involve?

Our Digital Forensic Incident Response (DFIR) Team works within a framework that ensures the clients will undergo the following process and outcomes:

Immediate actions

• Initial assessment: A swift, preliminary analysis to ascertain the scope and impact of the incident.
• Containment and eradication: Immediate actions to limit the incident and prevent further damage, followed by strategies to completely eradicate threats from the environment.
• Identification of ingress points and IoCs: Determining the methods attackers used to access the systems and identifying Indicators of Compromise (IoCs) to understand the attack vectors employed.
• Intelligence gathering: Collection and analysis of intelligence related to the incident to provide context and insights into the attackers’ methods and objectives.
• Remediation and recovery: Assistance in restoring affected systems and data, coupled with implementing measures to prevent similar incidents.
• Bespoke defence strategies: Provision of customised information and techniques to reinforce clients’ cybersecurity posture.

This includes recommendations for security enhancements and preventive measures based on industry standards.

Outcomes

As a result of our investigation, you will receive a comprehensive package that includes:

• A detailed incident report, outlining the findings from the analysis and forensic investigation.
• A timeline of the incident, providing clarity on the sequence of events and the extent of the breach.
• Identification of the methods of ingress used by attackers, along with a list of IoCs for ongoing monitoring.
• Strategic advice and actionable recommendations tailored to your environment, aimed at preventing future incidents.

Modular approach

We use a modular approach that covers all aspects of intrusion and Software and Data lifecycle. The DFIR team uses several tactics to identify and remediate the incident.

DFIR eDiscovery:

Identifies, collects, and analyses digital evidence to support legal proceedings and internal investigations. It helps understand the incident, pinpointing the data, and providing insights for legal compliance and decision-making.

Root cause and impact assessment:

A thorough investigation to determine the root cause of the incident and assess its impact. This helps understand the vulnerabilities exploited and the extent of the damage, crucial for future risk management and mitigation strategies.

Business email compromise:

Covers incidents where corporate email accounts have been compromised to facilitate malicious activities. W analyses breach methods, identifies the actors, and provides guidance to prevent future compromise.

Data exfiltration investigation:

In cases of unauthorised data transfer, we investigate to identify the pathways of data leakage, understand the motives behind it, and implement controls to safeguard sensitive information from future incidents.

Mobile device forensics:

We extract, analyse, and preserve data from mobile devices. This service includes recovering lost data, investigating malicious activities on mobile platforms, and providing evidence for legal and disciplinary actions.

Data recovery service:

We can recover lost or corrupted data due to cyber incidents, ensuring minimal disruption to business operations. Our DFIR team can retrieve data from damaged or compromised devices.

Forensic analysis:

A detailed examination of the incident and relevant forensic artefacts to establish the nature and extent of the breach. This includes the identification and analysis of malicious binaries and scripts, constructing a timeline of events, and comprehensive system, network, and user analysis.