Safeguard Your Business Through Comprehensive Incident Response Planning
While every incident response is specific to every company, there are industry-standard plans that we use as a foundation for every security issue. We follow both the SANS Institute six-step process and the MITRE ATT&CK Matrix for Enterprise.
The basis for our incident response includes:
- Preparation: You’ll collaborate with us to create comprehensive policies and procedures to follow in the event of a security incident. This includes company training, creating clear instructions and providing documentation to review after the event.
- Identification: Your network and IT environment will be actively monitored to detect security threats. This includes utilizing security software and firewalls, along with researching and understanding the latest hacking tactics.
- Containment: Once the incident is detected, most responses begin by containing the network to prevent further contamination. This usually involves cutting off the infected system or relying on back-up systems for your company’s usual operations.
- Eradication: After containment, your network and IT environment will be thoroughly analyzed for the threat. We actively work not only to destroy the threat, but also to safeguard your system from future attacks.
- Recovery: Your network and systems are restored to their normal working conditions per the incident response plan. Once complete, you’ll work with us to evaluate the effects the incident had on your business.
- Lessons Learned: Considered the most important step, this is where we review the incident response with you and your team. Looking at what went well and what could be improved, we make changes to ensure the plan is even stronger.
This industry-honored and proven process allows for effective training, quick response times, and productive plan reforms. Your company can be prepared before, during and after an offensive cyber security incident.