Incident Response Service
Our 12-month program improves your reaction to a breach by proactively learning your environment, mapping what data lives where, reviewing your policies with a critical eye, and then practicing chaos.
Your plan for the unplanned.
You’ll never be able to predict the type of breach that will hit, but you can predict how you respond.
Kick off with a deep dive into your infrastructure with environment discovery, data mapping, and developing or reviewing your incident response plan.
We conduct both tactical/operational and executive tabletop exercises throughout your program to ensure the players, from the bottom up, understand the processes and the roles in which they play.
Monthly Readiness Review
Regular testing confirms we have the proper login access to all systems as well as logs from all expected event sources. This ensures we can respond immediately when a breach hits with the proper data to perform forensic analysis.
Quarterly Status Review
We’ll conduct quarterly intelligence briefings to discuss the latest security news, threats, and alerts, as well as reviewing the number of attacks you’ve been exposed to, and any trends in attacks and end-user behavior we detect.
Annual Review Report
At the end of the incident detection program, our cybersecurity team will perform a review and present a formal report, encompassing a look back at the full 12 months so you have something tangible to show where your security posture started, and how much you’ve accomplished.
Red Team Security Assessment
If throughout your 12-month program you don’t experience a breach, there’s an incentive. We’ll perform a red team assessment to give you an even deeper understanding of the threat impact advanced attackers can have on your company.
Time is money.
Any downtime your firm experiences during an incident impacts your firm financially. We’ve done the research—no one offers this kind of response time and follow-up, so when we say, “we’ve got you covered,” we mean it.
- We respond within 15 minutes of a critical breach discovery.
- We send updates every two hours and hold conference calls every four hours.
- We work the incident until it’s contained, and eradication and remediation plans have been defined.
- We send a full incident report, including recommendations, within two weeks of the incident resolution.