For the best user experience please upgrade your browser

Incident Response Services

Security breach?

Call our hotline:

UK +44 203 095 0520

US +1 646 693 2501

Email us: [email protected]

Our CREST-accredited incident responders are on hand to help you recover quickly from any breach or incident.

Available around the clock, we’re only a phone call away when an incident occurs.

What should you do?

It’s easy to say but try not to panic. A cool head is one of your best assets. Start getting your house in order by doing these 10 things:

1. Preserve the state of any system before any action is taken

2. Record all IR and containment actions taken, including date, time, and the name of those taking the action

3. Turn on all logging facilities:

    • Windows – engage all security event logging and Sysmon logging
    • AWS – engage Cloud Watch
    • Google Cloud – turn on Flow logs
    • Azure – Enable Security Centre if not already in use
    • M365 – Unified Audit Logs must be enabled if not already set up

4. Retain all logs and prevent any log rotation or deletion

5. Change all domain administration passwords

6.  Consider resetting all user passwords

7. Enable multifactor authentication where possible

8. Restrict all external access to known IP addresses

9. Conduct an asset audit, ensuring that all systems and IP addresses are accounted for

10. Review all user accounts and disable any unknown or obsolete accounts

Download our full advice PDF here.

Incident Response

The threat landscape has never been more challenging. Significant numbers of highly skilled and motivated threat actors represent a real danger. Their goals are clear. Penetrate your defences to steal your data, deliver malware to your network, or disrupt your business through destructive attacks such as ransomware or data wipers.

When you are compromised, a fast and efficient response is needed to understand the depth and impact of the incident on your critical business functions.

The impact of a breach is directly proportional to how quickly and how well it is responded to. As a CREST-accredited incident response team, PTP can help you minimise the impact of any breach or incident and maintain business continuity by providing services in line with your company’s specific needs regardless of your cyber maturity level.

Typical incident response services fall under 5 common service types, and can be tailored to meet your specific needs:

Retained service – Ensure we can support as a priority, even if all of your systems are completely down and inaccessible! By pre-emptively securing a retained service, you have pre-approved days to use towards any response services, and we have prior knowledge of your networks so threat containment, eviction and recovery can be expedited to minimise the impact of any incident or breach.

Gap analysis – Do you have the right policies and procedures in place? When disaster strikes, people need to know what to do. PTP gap analysis will provide you with areas of improvement of your current policies and procedures to bring you in line with best practice.

Incident readiness simulation – Test your people, processes and technology against a real-world incident simulation to understand deficiencies and areas of improvement to bring you up to best practice so that when disaster does strike, you can rest assured that you are well prepared. Simulations can be run against your CSIRT team, your GOLD team, and we can even evaluate your SOC efficacy. The simulation can be as expansive or as compartmentalised as you require.

First responder training – up to best-practice standard with PTP training. By doing so you will ensure adequate forensic detail is captured, that the impact of any breach is minimised, and that post-breach analysis provides you with the most amount of detail to ensure remediations can maximise the chances of similar breaches being thwarted in future.

Digital Forensics – Give yourself piece of mind when you need it by using PTP’s CREST-accredited Incident Responders to capture the level of detail you need after any suspicious activity. PTP also have extensive experience of working with law enforcement and legal firms so we can be as discreet or covert as required.


Preparation and planning are key to minimising the negative effects that a security incident may cause and can reduce the likelihood of a breach occurring.

Pen Test Partners (PTP) has dealt with data breaches and incidents in many different industry sectors and organisations. We can help your business to effectively prepare itself to deal with a compromise. Its only when the incident occurs, that the true value of preparation is seen.

We have specialists in incident response, digital forensics and penetration testing whose skill sets are combined to provide a well-balanced program for assisting your business to be breach ready.

We tailor all of our readiness services to individual needs, so the assistance is targeted and relevant.


Effective incident response requires specific, measurable, repeatable, and time sensitive execution against a clearly defined plan.

PTP responds at pace, working with your business to mitigate as much as possible against business disruption, brand damage, and data loss whilst reducing the operational impact to critical business functions.

Our incident response consultants have longstanding industry experience, deep technical knowledge and a passion for helping our customers through what is likely to be the most significant event a company will face.

PTP Security Consultancy Services