Incident Response Retainer

We have dealt with data breaches and incidents within many different industry sectors and organisations. It’s only when an incident happens that the true value of advanced preparation is fully appreciated.

Our Retained Incident Response service puts us at your side, day and night, with the extensive knowledge and experience needed to support your business through a critical cyber incident.

What is our incident response retainer?

Our Incident Response Retainer (IRR) Service is an agreement that allows you to get immediate access to our full suite of Digital Forensic and Incident Response (DFIR) services and our experienced and motivated team when you need them. The agreement avoids roadblocks such as contracts, MNDAs, service provider due diligence, and raising purchase orders. Things that you just can’t afford when you need emergency assistance.

Our IRR service includes an optional annual Compromise  Assessment and an initial IR Maturity Assessment, with the option to agree on preauthorised hours at a preferential day rate, ready to use for any digital forensics or incident response requirement.

What do you get?

You have 24/7 access to our incident hotline, enabling us to provide you with the necessary help and support.Whether you need us to respond to an active ongoing cyber security incident or just want some advice and guidance, we are on hand to help.

If an agreement is already in place, service terms agreed upon well before you need to engage us. No hassle of having to look through legal terms during a time critical event.

Prepaid days that can be used for other consulting services should you not require the hours for any incidents.

Service level agreements will be in place so that you know the timeframes you can expect to have us standing by and ready to participate in a call, become hands on or send consultants to your sites.

As your provider, we will want to learn and conduct a review of your environment and maturity level via different techniques and methodologies, learn your tools, logs and systems to understand what is in place and where, and to help guide your team to decide at what point you would be making the call to bring help in.

Experience counts

We can respond immediately to your incident using advanced remote incident response tooling. We can deploy agents in your environment to directly address the core of the attack. We can collect data back to our lab for analysis without having to wait for somebody to be on-site.

From our DFIR Lab we can search for threats, gather vital data for further analysis, search for identified indicators of compromise to uncover additional impacted systems, and in some cases we can assist with containment of an active breach by neutralising malicious services and rogue processes.

Service levels

The retained service is flexible to your requirements. However, as a baseline, we offer a standard Incident Response Retainer which encompasses pre-paid days, maturity assessment, and an optional compromise assessment.

Alternatively, you have the option to take our managed detection and response (MDR) service included in the retainer.

What does it look like?

The Incident Response Service includes a massive variety of services that aren’t limited to:

• Advanced targeted attacks
• Malware Attacks
• Ransomware Attacks
• Loss or compromise of data
• Unauthorized access to networks and/or data
• Improper usage of systems or information
• Network analysis
• End-point analysis
• Malware analysis
• Log file analysis
• Computer  forensics, including mobile device and preservation
• Crisis management
• Communications support such as Media/Legal
• Expert witness services
• Network recovery service
• Cyber threat and business intelligence
• Implementation of any technologies to remain on the network
• Personnel security review
• Physical security review
• Testing of any business partner systems
• Transmission security within any service provider’s network
• Specific review of systems and internal controls
• Proactive scanning for APT activity
• Proactive scanning based on IOCs from threat intelligence