Incident Response Team
The response team is available to answer a call immediately (up to one hour) from receiving notice of the incident, 365 days a year around the clock (24/7).
Supports Cyber Security incident response with
forensic analysis to determine RCA and business impact.
Performs security investigations, provide forensic services to support the team, assist in the maintenance of forensic and investigative plans and procedures, and participate in security incidents, investigations, and digital forensic inquiries
Produce and communicate executive and detailed level reports of work efforts
The team will assist the customer in detecting, investigating, analyzing, containing, and recovering from the incident, for as long as necessary.
Collect all the relevant information and deliver a preliminary analysis of the incident, the type of information at risk, etc. within 5 hours of receiving the incident notice, as well as drafting a preliminary containment and recovery plan (when possible) to reduce to the effect of the initial damage.
Within 72 hours after receiving the incident notice, The customer will receive a recovery plan (except during a Continuous incident), which will include all actionable operational recommendations to minimize or prevent recurring similar attacks as much as possible. The recommendations will include information on the dimensions of the extent of damage, equipment needed for replacement / repair, etc.
It is important to understand that sometimes in incident investigation, the root cause or the malicious component cannot be detected or contained. (this usually results in formatting the infected device)
See-Secure and The customer will decide mutually when an incident is over.
See-Secure will send its IRT professionals to the customer’s premises on a flight within 48 hours upon mutually agreeing this action is necessary, and upon approval of the traveling and expenses costs by the customer.
IR team process:
Event identification: quality and intensity
Prioritize tasks (if the event is duplicated or occurs from different directions simultaneously).
Analysis and choice of the preferred method of action
Implementation: Taking all necessary steps to stop the current offensive immediately
Documentation and reporting
Providing the customer detailed report