Incident Response
All data networks come under attack by motivated hackers or disgruntled insiders; it is inevitable that –sooner or later- a security incident will occur. It is even possible that a breach, releasing confidential data to unauthorized persons, will result. Traditionally, organizations have responded to these incidents when they occur. Unfortunately, the reactive incident response is frequently poorly planned and executed, and may even exacerbate the effects of the original incident.
The goal of Incident Response is to stop security breaches before they happen, or to effectively respond while they are happening. A rapid response protects your Information assets and resources, and allows you to comply with regulatory requirements, avoid legal liability, prevent relay attacks against other organizations, and to minimize the potential for negative exposure to vendors, partners, and customers.
DigitalDefence has developed the Agile Incident Management, or AIM ™, program to increase the effectiveness of the incident response processes. AIM is the totality of proactive and reactive measures undertaken to help prevent and manage data security incidents across an organization.
DigitalDefence has also pioneered the retained Incident Management, or rIM, service, which brings our incident response and management expertise to small- and medium-sized companies at a reduced cost and with a rapid implementation to enhance your security as quickly as possible.
For most organizations, it is often extremely difficult to bring together a team of internal resources who have the collective expertise required to professionally handle a computer incident. Inexperienced responders can delay resolution of the incident and may miss or damage important evidence needed to support litigation; the result is a direct financial cost as well as the reputational damage that can result from a mishandled incident response.
DigitalDefence’s CERT team, ddCSIRT, is a “jump team” of certified incident response professionals who are available 24×7 to proactivey prepare for an attack, or respond to one. We can be at your site in as little as 4 hours, and can fully manage your incident response from start to finish. A rapid response, coupled with appropriate procedures, is critical to the success of controlling a security incident and preventing future occurrences. When our skilled experts are deployed to your site, we will:
- Review the incident
- Isolate the probable cause using a structured root-cause analysis
- Contain the situation
- Preserve all evidentiary materials
- Eliminate the probable cause
- Assist in recovery to a fully operational status
- Identify any post-recovery issues
DigitalDefence can also augment your own team’s response by providing specialized services:
- Develop an incident response strategy, policies, standard operating procedures, and escalation criteria and procedures
- Provide 24 × 7 hotline support services
- Assist you in selecting and training your own in-house CERT team
- Provide a trusted term of external experts to aid in your incident response (legal council, private investigation services, public relations, etc)
- Act as a trusted referral agency in contacting third parties (ISPs, hosting companies, etc)
- Provide liaison support in dealing with law enforcement
- Provide vendor-neutral guidance in selecting and implementing technical solutions
- Create realistic training scenarios to prepare your staff to effectively respond to security incidents
