Incident response

CyBourn has formed cross-functional and highly skilled teams to respond to incidents, be it insider threats or cyberattacks. CyBourn’s Incident Response teams include a variety of specialists such as security and technology analysts, forensic specialists, crisis managers and compliance and regulatory advisors.

Overview

Our incident response methodology is designed to provide a common framework for our incident responders to work and interact as part of the SOC eco-system in order to react quickly and effectively to identified threats within infrastructure while coordinating their actions with monitoring and detection teams as well as other incident responders. Incident response is the process of reacting to an ongoing or newly identified information security incident with the purpose of containing the malicious activity in order to prevent or reduce the negative impact that the cybersecurity incident will have on the organisation.

Key Benefits

response
24/7 Response
24/7 on-call assistance from experienced cybersecurity specialists for incident response and forensic investigations.
detailed-reports
Detailed Reports
Standardised report templates aligned with known standards and management frameworks to integrate with your internal ISMS.
integratedresponse
Integrated Response
Integrated with SOC services and Threat Hunting to deliver optimum reaction times and immediate visibility inside the infrastructure.
security-orchestration
Security Orchestration
Orchestration through EtherLast™ Agents to contain and expel threats quickly and effectively.
management-dashboards
Management Dashboards
Integrated reporting dashboards through EtherLast ™ for effective management reporting.
forensics
Forensics
Forensic investigations follow-up and specialised impact assessments of information security incidents.

Our Process

01

INITIATE (FIRST RESPONDER)

Based on the magnitude, tactics, and specific context of the cybersecurity incident we act to: 

  • Activate playbooks and procedures.
  • Prevent rash or risky containment and remediation actions.
  • Preserve forensic evidence.

02

EVALUATE

The incident response team (IRT) will evaluate the situation:

  • Observe the current environment.
  • Orient within the environment to spot the    observable attacker kill-chain.
  • Decide and form a hypothesis on the appropriate course of action.
  • Act upon the decision and implement containment techniques.

03

Contain

Break the attacker chain.

  • Stealthier actions to keep observing the unfolding attack while limiting risk.
  • Aggressive containment measures to limit impending losses.

04

Investigate

Follow the breadcrumbs

  • Find the initial attack vector and the point of intrusion.
  • Identify all infected assets and TTPs employed by the attacker.

05

Eradicate

Eradicate the attacker’s foothold into the network.

  • Remove back-doors.
  • Patch vulnerable software and misconfigurations.

06

REPORT

Prepare the incident report.

  • Incident timeline.
  • Employed TTPs.
  • Exploited vulnerabilities.
crest-soc
member-cyber-exchange
ISO9001-blue
ISO20000-orange
ISO27001-purple

For more information and a quote on our Incident Response service please Contact Us!

Have you been breached ?

Tell us about your Cybersecurity needs

We are strategists, engineers, analysts, and governance experts embedded in the world’s biggest cyber missions and trusted to advance them. Let us help you today.