Incident Response
Information request about Incident Response.
Gain an understanding of how you’ve been breached, Secora Consulting offers a 5 step approach to Incident Response.
We will use our expertise to understand how attackers gained access to your systems and rebuild your networks to ensure you are stronger and more secure for the future.
1. Identification
To effectively help your organisation navigate its way through an incident. Our approach is to initially identify the incident. Our team will do this by reviewing your infrastructure and identifying any unusual activities, login attempts, unexpected new files or unrecognised user accounts. This will allow our team to gain insight into when the attack happened, what was affected by the attack, the likely effect of this attack, as well as the source and initial point of entry.
2. Containment
Once our team has gathered all the necessary information about your incident, our specialised security consultants will focus on containing this threat to prevent it damaging your infrastructure further. Our primary goal in this phase is to minimise and stop the incident so it can’t escalate further and infiltrate more of your infrastructure. Once our team develop an effective containment strategy, they will begin to review the evidence of the incident and gather any evidence which will be relevant for resolving the incident.
3. Eradication
In this phase, our specialist team will develop a permanent and robust plan to restore all affected assets and infrastructure. We will focus on eliminating the threat in your infrastructure and systems and prepare to rebuild and replace any affected entities. Our 360-degree incident response solution includes running specialised antimalware and antivirus software, uninstalling all infected software, rebooting or replacing any damaged infrastructure (within the scope of the incident), and rebuilding your network with robust and effective security protocols.
4. Recovery
Once our team has removed all threats from your network, they will then oversee the restoration of all affected infrastructure within your organisation. This encompasses everything from initial data recovery to a final restoration review. Our specialised team of security consultants will continuously test and verify your network throughout the recovery stage to ensure the threat is completely removed and that your network is both secure and functional.
5. Lessons Learned
Once our team has completed their investigation, they will organise a debrief and review meeting with the relevant stakeholders in your organisation to discuss findings and go through our final report. Throughout this process, our team will maintain detailed notes and documentation of the incident and all steps taken to remove the threats from your network. These notes will be used to compile a report on all findings regarding the incident. The steps our team took to respond and effectively remove the threat. Our report will also identify any existing weaknesses or vulnerabilities within your organisation and make recommendations on what remediation measures, policies and procedures to put in place to mitigate future risks.
Our services
All of Secora Consulting's assessments are tailored to our client's needs.
Using our experience, we can help you determine which services are right for you.