The threat landscape has never been more challenging. Significant numbers of highly skilled and motivated threat actors present a real danger. They have many potential goals such as penetrating your defences to steal sensitive data, deliver malware into your network or disrupting your business through destructive attacks such as ransomware or data wipers. As soon as you believe or suspect you have been compromised, a fast and efficient response is needed to understand the depth and impact of the incident on your critical business functions.
Incident Response (IR) Services
We work with you to help mitigate against disruption, brand damage, and data loss, whilst reducing the operational impact to critical business functions. 24/7 we’re a phone call away.
More info on IR is available here.
Security breach hotline: 0203 095 0520
Do you know if you have been breached? Are malicious actors embedded in your network? Is your business undertaking a merger or acquisition, maturing your cyber incident management plan or simply seeking to understand where the gaps in your security configuration are?
A concise and effective Compromise Assessment will provide the answers you need.
IR Retained Service
Available 24/7 we provide experienced forensic consultants when you need them most. There’s more detail on our incident response retained service here.
The foundation of a good response is effective IR policies and processes – we use our experience to assist in reviewing or creating strategies that actually work for your business. More information on incident response policy, assessment, and development can be found here.
IR Table-Top Exercises
Test and improve your IR response capabilities in ‘mock’ real world tabletop exercises.
Incident Response & Digital Forensics Training
Your internal staff work with our experienced consultants to understand the Incident Response Process. Learn to effectively perform basic collection and forensics triage functions giving you a speed advantage at the outset of a critical cyber incident.
Details on our IR training services can be found here.
Incident Response Lifecycle
Planning for incident response is critical to the effective management of a suspected data breach. Within each phase, there are specific areas to address as the incident progresses.
Digital forensic investigation services
Digital forensic investigations are important because done properly, they can save your business time and money. In this highly connected world, digital devices provide a wealth of evidence sources that can be used to prove or disprove certain facts
Whether you are looking for investigation support in a civil or legal dispute, complex litigation, financial fraud, internal disciplinary matter or a potential insider threat we are able to assist.
Your response plan should aim to be well documented, explaining everyone’s roles and responsibilities. The plan must be tested to ensure your employees will perform as expected. The more prepared your employees are, the less likely they’ll make critical mistakes.
Early identification of the nature of the attack is critical to determine if you have been breached, and how. Once the nature of the attack is known, forensic investigation can be used to increase your situational awareness. Identification processes will answer questions such as when an event occurred, how was it discovered, have any other areas been compromised, will the attack impact operations and has the point of entry of the attack been identified?
Upon discovery of a breach, you may be tempted to delete and reimage everything to remove the problem. That may not be the best course of action. Instead, contain the breach to minimise the impact. That way, any compromised data is preserved. Create short-term and long-term containment strategies such as updating and patching systems, reviewing access protocols, changing user and administrative access credentials and harden passwords.
Once the incident is contained, the next step is to identify and eliminate the root cause of the compromise. All malware should be effectively removed, systems hardened and patched, and updates applied.
Recovery & Lesson Learned
Recovery is the process of restoring affected systems and devices back to a clean state. The aim is to get business operations functioning normally again. At this stage you should also analyse and document the facts of the breach and conduct a critical review of the incident response process. This will help to strengthen your procedures and enhance your ability to deal with future attacks.