Incident response services are targetted towards organizations that have experienced or are currently experiencing a data breach. In contrast to digital forensics incident response is meant to offer immediate action in response to a cyberattack. The nature of this service implies that the security team should be granted full access and cooperation on behalf of the corresponding technical parties within the organization.
The service combines a short-term investigation of a specific incident with risk and impact assessment of the consequences. Its goal is to ensure reliable containment of a threat and as such the service includes the following stages:
The steps, more specifically, are comprised of the following:
The remediation path may vary depending on the particular scenario that is encountered. For a service such as incident response it is mandatory that our experts are initially presented with as much information as possible. This would aid the analysis and serve as a stepping stone for all other phases of the service.
In most cases, incident response requires only short-term data sources such as latest access logs, file timestamps and other technical information. It is important to note that in case of a breach, actions should not undertaken without the presence of a cybersecurity expert as this may hinder the investigation and overwrite vital data.
Limiting impact and providing reliable isolation is of utmost importance for this service. However, for a thorough and in-depth analysis we suggest reading up on our digital forensics services.