Incident Investigation
Who is this service for?
This service is dedicated for companies that have core services relying heavily on IT systems and digital assests.
It's also dedicated for providers supporting services for such companies: law agencies, investigation companies, consulting companies, etc.
What do you get?
A serious security incident is a very difficult experience. In complex, interconnected networks it's very difficult to eliminate the risk of an successful attack entirely.
But what makes a serious difference is the way we handle such incidents. Will we classify the incident as "one off" or a random "accident at work" and wipe out valuable forensic data? That would be eliminating the effect while ignoring the underlying cause. Or would you rather try to extract the lessons in it and build upon this failure your future success?
In order to face this situation wisely, you need to understand the deeper meaning behind the security incident. Something in your defense framework has failed. Contrary to theoretical models, this is a matter-of-fact, rooted well within objective reality. It might be lack of security process or control, an inherent flaw of thereof or a small configuration error.
In order to face the security incident situation wisely, you need to identify the exact chain of events, identify the cause that made this chain of events possible, identify your options for countermeasures eliminating the cause and implement selected countermeasures.
By using your service you gain a detailed research into the security incident and unprecedented insight into security perspective on your IT processes. We will deliver provide you with the details on source of an anomaly or an incident, the details on tools, techniques and procedures that malicious actor has used and the details on exact chronology of the attack.
In addition you will receive Course of Action roadmap with recommendations on your further actions in response to the incident. In order to allow you to make informed decisions and investments, the roadmap is supplemented with threat models encompassing dangerous scenarios for your infrastructure based on it's architecture and functionality.
In order to prioritize necessary actions, priorities and potential danger for your systems will be evaluated based on threat models and data on attack scenarios collected from incident analysis of incidents from all over the world.