Incident response

CyBourn has formed cross-functional and highly skilled teams to respond to incidents, be it insider threats or cyberattacks. CyBourn’s Incident Response teams include a variety of specialists such as security and technology analysts, forensic specialists, crisis managers and compliance and regulatory advisors.

Overview

Our methodology is designed to provide a common framework for our incident responders to work and interact as part of the SOC ecosystem in order to react quickly and effectively to identified threats within infrastructure, whilst simultaneously coordinating their actions with monitoring and detection teams. Incident response is the process of reacting to an ongoing or newly identified information security incident with the purpose of containing the malicious activity in order to prevent or reduce the negative impact that the cybersecurity incident will have on the organisation.

Key Benefits

24/7 Response

24/7 on-call assistance from experienced cybersecurity specialists for incident response and forensic investigations.

Detailed Reports

Standardised report templates aligned with known standards and management frameworks to integrate with your internal ISMS.

Integrated Response

Integrated with SOC services and Threat Hunting to deliver optimum reaction times and immediate visibility inside the infrastructure.

Security Orchestration

Orchestration through EtherLast™ Agents to contain and expel threats quickly and effectively.

Management Dashboards

Integrated reporting dashboards through EtherLast ™ for effective management reporting.

Forensics

Forensic investigations follow up and specialised impact assessments of information security incidents.

Our Process

01

INITIATE (FIRST RESPONDER)

Based on the magnitude, tactics, and specific context of the cybersecurity incident we act to:

Activate playbooks and procedures
Prevent rash or risky containment and remediation actions
Preserve forensic evidence

02

EVALUATE

The Incident Response Team (IRT) will evaluate the situation:

Observe the current environment
Orient within the environment to spot the observable attacker kill chain
Decide and form a hypothesis on the appropriate course of action
Act upon the decision and implement containment techniques

03

Contain

Break the attacker chain:

Stealthier actions to keep observing the unfolding attack while limiting risk
Aggressive containment measures to limit impending losses

04

Investigate

Follow the breadcrumbs:

Find the initial attack vector and the point of intrusion
Identify all infected assets and TTPs employed by the attacker

05

Eradicate

Eradicate the attacker’s foothold into the network:

Remove back doors
Patch vulnerable software and misconfigurations

06

REPORT

Prepare the incident report:

Incident timeline
Employed TTPs
Exploited vulnerabilities

For more information and a quote on our Incident Response service please contact us!

Tell us about your Cybersecurity needs

We are strategists, engineers, analysts, and governance experts embedded in the world’s biggest cyber missions and trusted to advance them. Let us help you today.