Services
EtherLastDreamLabMedia Hub
About us

    • Incident response

      CyBourn has formed cross-functional and highly skilled teams to respond to incidents, be it insider threats or cyberattacks. CyBourn’s Incident Response teams include a variety of specialists such as security and technology analysts, forensic specialists, crisis managers and compliance and regulatory advisors.

      Overview

      Our incident response methodology is designed to provide a common framework for our incident responders to work and interact as part of the SOC eco-system in order to react quickly and effectively to identified threats within infrastructure while coordinating their actions with monitoring and detection teams as well as other incident responders. Incident response is the process of reacting to an ongoing or newly identified information security incident with the purpose of containing the malicious activity in order to prevent or reduce the negative impact that the cybersecurity incident will have on the organisation.

      Key Benefits

      response
      24/7 Response
      24/7 on-call assistance from experienced cybersecurity specialists for incident response and forensic investigations.
      detailed-reports
      Detailed Reports
      Standardised report templates aligned with known standards and management frameworks to integrate with your internal ISMS.
      integratedresponse
      Integrated Response
      Integrated with SOC services and Threat Hunting to deliver optimum reaction times and immediate visibility inside the infrastructure.
      security-orchestration
      Security Orchestration
      Orchestration through EtherLast™ Agents to contain and expel threats quickly and effectively.
      management-dashboards
      Management Dashboards
      Integrated reporting dashboards through EtherLast ™ for effective management reporting.
      forensics
      Forensics
      Forensic investigations follow-up and specialised impact assessments of information security incidents.

      Our Process

      01

      INITIATE (FIRST RESPONDER)

      Based on the magnitude, tactics, and specific context of the cybersecurity incident we act to: 

      • Activate playbooks and procedures.
      • Prevent rash or risky containment and remediation actions.
      • Preserve forensic evidence.

      02

      EVALUATE

      The incident response team (IRT) will evaluate the situation:

      • Observe the current environment.
      • Orient within the environment to spot the    observable attacker kill-chain.
      • Decide and form a hypothesis on the appropriate course of action.
      • Act upon the decision and implement containment techniques.

      03

      Contain

      Break the attacker chain.

      • Stealthier actions to keep observing the unfolding attack while limiting risk.
      • Aggressive containment measures to limit impending losses.

      04

      Investigate

      Follow the breadcrumbs

      • Find the initial attack vector and the point of intrusion.
      • Identify all infected assets and TTPs employed by the attacker.

      05

      Eradicate

      Eradicate the attacker’s foothold into the network.

      • Remove back-doors.
      • Patch vulnerable software and misconfigurations.

      06

      REPORT

      Prepare the incident report.

      • Incident timeline.
      • Employed TTPs.
      • Exploited vulnerabilities.
      crest-soc
      member-cyber-exchange
      ISO9001-blue
      ISO20000-orange
      ISO27001-purple

      For more information and a quote on our Incident Response service please Contact Us!

      Have you been breached ?

      Tell us about your Cybersecurity needs

      We are strategists, engineers, analysts, and governance experts embedded in the world’s biggest cyber missions and trusted to advance them. Let us help you today.