For the best user experience please upgrade your browser

Incident Response Retained Service

Incident Response Retained Service

Forward strategic planning is key to minimising the negative impact that a cyber threat or data breach can have on a business.

Pen Test Partners has dealt with data breaches and incidents within many different industry sectors and organisations. It’s only when an incident happens that the true value of advanced preparation is fully appreciated.

Pen Test Partners Retained Incident Response service puts us at your side, day and night with the extensive knowledge and experience needed to support your business through a critical cyber incident.


Due to the ever-changing security landscape, organisations of all sizes are simply unable to rely on technology alone to combat sophisticated threat actors and advanced persistent threats.

The year-on-year increase in the number of cyber-attacks globally has meant it is now accepted that a significant number of businesses will be attacked or have been attacked already. They are simply unaware of it yet!

As a part of a robust security strategy, businesses will not only have the correct technology but also the correct people, processes and information on hand when an incident occurs.


Pen Test Partners offers an Incident Response retained services agreement whereby for an annual fee, you can gain ready access to an experienced forensic consultant around the clock.

Pre-agreed Service Level Agreements (SLAs), Non-Disclosure Agreements (NDAs), consulting rates and logistics issues remove the time overhead of having to start your negotiations and due diligence at the outset of a critical incident.

By adopting this service, Pen Test Partners experienced IR consultants are on hand to provide immediate support and guidance to address your situation without delay.

Incident Response Lifecycle

Planning for incident response is critical to the effective management of a suspected data breach. Within each phase, there are specific areas to address as the incident progresses.


Your response plan should aim to be well documented, explaining everyone’s roles and responsibilities. The plan must be tested to assure that your employees will perform as expected. The more prepared your employees are, the less likely they’ll make critical mistakes.


Early identification of the nature of the attack is critical to determine if you have been breached, and how. Once the nature of the attack is known, forensic investigation can be used to increase your situational awareness.

Identification processes will answer questions such as when an event occurred, how was it discovered, have any other areas been compromised, will the attack impact operations and has the point of entry of the attack been identified?


Upon discovery of a breach, you may be tempted to delete and reimage everything to remove the problem. That may not be the best course of action.
Instead, contain the breach to minimise the impact.

That way, any compromised data is preserved. Create short-term and long-term containment strategies such as updating and patching systems, reviewing access protocols, changing user and administrative access credentials and harden passwords.


Once the incident is contained, the next step is to identify and eliminate the root cause of the compromise. All malware should be effectively removed, systems hardened and patched, and updates applied.

Recovery & Lesson Learned

Recovery is the process of restoring affected systems and devices back to a clean state.

The aim is to get business operations functioning normally again.
At this stage you should also analyse and document the facts of the breach and conduct a critical review of the incident response process.

This will help to strengthen your procedures and enhance your ability to deal with future attacks.

Experience Counts

We have a significant amount of incident response and digital investigation experience.

Our forensics and incident response consultants have Masters level education and SANS Institute training.

They are more than qualified to deliver a broad range of cyber incident investigation and planning services across your entire business.

PTP Security Consultancy Services