Incident Response Services
Our Incident Response service is designed to assist you when an attack or penetration has been discovered within your information system. Our service can be conducted before, during or after the threat has been eradicated, to help you develop a plan of attack and/or procedures to take in order to prevent an attack from occurring in the future.
Why an Incident Response Service from us?
Our methodology and strategy
We want to provide as much support as possible and aim to accompany you through the process of remediation in the most efficient way. As every attack varies in strategy and intensity, so must the methodology and strategy our teams design to counter each attack. Through this we are able to demonstrate our expertise and adaptability.
Depending on the situation:
- We can either conduct the service remotely (for example, in the case of a compromised externally-hosted server), and/or conduct the service on site (the more common approach, which is necessary when the compromise has occurred on a local/internal system).
- The approach can either be detailed, (for example, forensic analysis of………) or be more globa (in the event of a widespread compromise.
Regardless of the approach taken, our teams will work together with yours for a relevant and pragmatic collaboration.
The objectives of an incident response service can be numerous, including:
- Identifying the causes of an incident that occurred in the past in order to close the entry points used or verify that no other unauthorised entry points exist.
- Intervene during a crisis , to guide your teams through deciding which strategy to employ and provide our expertise.
- Find ways to slow down and eliminate the threat , and then rebuild the information system with increased security.
- Investigate an element, a set of elements, or an entire network to check whether it has been subject to an ongoing attack.
Technical implications include:
- Recovering and analysis of system, network and application logs, system artefacts (executed processes, modified elements, etc.), volatile memory, hidden files and folders or any other indicators of compromise (IOCs).
- Analysis of malicious software: Our consultants have extensive experience in binary analysis (reverse engineering) and are able to analyse threats that are not publicly documented.
- Assisting in setting up (system, network and application) strengthened configurations (in terms of security).
Why choose SSL247®?
Additionally, we have our own department specialised in penetration testing and security audits. Our team is composed of experts that are certified and well-known in the IT security arena (OSCP, OSCE et OPST).
For more information on how our security services can benefit your business, get in touch with one of our accredited consultants: