If you’ve identified a compromised network or are currently under attack…
we can quickly tell you how serious your situation is and help you respond accordingly. Within minutes of you calling us we can deploy leading edge rapid response tools that we can deploy to your network within minutes of you calling us. These tools give us situational awareness to clearly understand where the threat actors are, to cut them out of the network and provide a live working defence to prevent them getting back in.
Our established procedures with these tools allow us to quickly determine where the breach originated (‘patient zero’), whether the attacker has laid any traps to catch you later, and also what data may have been exfiltrated as part of a follow-up ransom campaign.
Very few organisations have the technical skills in-house to deal with sophisticated multi-tier attacks. And often the well-intentioned but inadequate response by internal teams will simply tip off the attacker and drive them deeper into the network, or cause them to expedite their attack.
As we respond to these types of attacks every day we are well versed in attacker methodologies and know where to find the tell-tale evidence of their actions. If your IT team restores systems without preserving evidence, it may be impossible to determine what happened or present evidence to your insurer as part of a cyber-insurance or business continuity claim.
We are fully capable of leading serious incidents with authority, assisting IT teams or advising senior management on response options with clear guidance. We can follow-up with a forensic technical or incident report in support of the business, and help you create an incident response framework if you don’t have one.
Specialist skills
- 1
Experienced network engineers
- 2
Investigative/ forensic training
- 3
Malware reverse engineering
- 4
Incident response focus
It may begin with something as simple as clicking on a link in an email from a colleague, or opening a PDF file sent by a sales company.
But that’s all it takes to start the chain of events that leads to a complete network compromise. Very often, the initial victim won’t even realise they’ve been targeted.
In more than 85% of the cases we deal with, victim organisations are informed of the breach by a third party. It may be the bank telling you that company credit cards are being used fraudulently, or clients and suppliers complaining they’re being spammed with email originating from your servers.
You may even suddenly be prevented from sending or receiving email because your company has been put on an international spam blacklist, or because your email systems have been disabled.
Worse still, your critical value data may well have been exfiltrated to a threat actor leak site on the dark web, setting you up for an extortion payment as part of a ransom campaign.
The incident response framework we have created is a lightweight and agile set of policies and processes that encourages communication and collaboration between internal teams and external stakeholders.
It assures senior management and regulators alike, that come what may, the company will endure. There are decades of experience behind its development and we have deployed it in live incidents many times. We hope you won’t ever need it, but should the worst happen, you’ll be very glad to have it.
We’ve developed this because…
Planning works
The organisations that survived were those that had calmly considered their responses to various incidents beforehand and had the courage to stick to their plans under fire.
Communication and collaboration are key
In all cases, communication with clients whose data had been compromised and collaboration with regulators holding the power to revoke operating licences, meant that internal and external stakeholders were not left wondering what was happening.
