Timely Incident Response Services
In a typical security incident, most organizations waste precious time trying to locate a firm that has the experience, expertise and available resources to assist with containing and remediating your security incident. Even if you do get lucky and find such a firm, you’ll waste even more valuable time bringing the new firm up to speed on your environment. Meanwhile the bad actors are getting deeper and deeper into your organization either extracting the crown jewels or laying the groundwork for future attacks.
With TBG’s Incident Response Retainer your organization will be better prepared to deal with any security incident in the timeliest manner possible with the greatest chance of success.
Our Incident Response Retainer Program assumes you have an Incident Response Plan in place. If you find yourself without an IRP, don’t fret, we’ll be happy to create your Incident Response Plan. Our Incident Response Plan Creation Services can be found here.
How We Do It
Before an Incident
Preparation – TBG works closely with your team to gain a thorough understanding of the environment. We will work with key stakeholders in the process to fully verse our team in the technologies in place, along with the processes that exist for handling incidents when they occur coupled with an understanding of how escalation occurs and who the players are and what their roles are. During this engagement TBG will work closely with your team to build incident response plan, and run books that are focused on forensic data collection and chain of custody. Once these have been prepared a TBG associate will work with your organization to define an SLA, negotiate rates for response and close out all the necessary contractual arrangements.
During an Incident
Notification – In the event of a cyber incident, you will make a request for assistance by either email, our support portal or phone.
Analysis & Leadership – TBG can be called on during an active incident as a subject matter expert to help guide and advise the IR team during containment, eradication and recovery. TBG is you trusted partner during an incident and will be there to help lead your team thru the incident as needed.
Forensic Activity – TBG is ready and able to aid in forensic investigations as deemed necessary. The operational run books we put in place during the Preparation phase will guide the IR customer through the process of proper evidence collection, and chain of custody procedures. TBG will then take forensic materials off site to our lab for analysis and reporting.
With our Incident Response plan, unlike other providers, you don’t pay to have us sit on the bench and wait for an event to happen. On a quarterly basis we provide the following services.
Incident Response Hunt
During the IR Hunt, TBG consultants will use automated and manual approaches to identify indicators of malicious activities to provide you with an awareness of the overall security posture of your computing environment and indicators your systems have been compromised. During a threat hunt, breach investigators and TBG consultants examine your computing environment, including workstations, laptops, servers, logs and network traffic. Using manual and automated tools, our experts identify threats including those that frequently bypass standard security controls, such as antivirus and intrusion detection tools. At the end of the hunt TBG will provide you with a detailed report of our findings and threats identified in your environment.
The Tabletop Exercise are designed to evaluate the tools, processes and expertise your organization uses to respond to cyber attacks. Working with your team, TBG consultants will conduct a simulated real-world situation lead by a TBG facilitator, where your team can interact to events as they unfold in a classroom setting. Typically, the participants represent key areas that would be affected by an incident. This fully inclusive exercise provides critical feedback on your incident response strategies and areas of risk in a tabletop environment. At the end of the exercise TBG will provide a post-action report with a timeline of events, detailed analysis of activities and strategic recommendations for improving detection, response, containment of the incident.
Benefits Of Working With Us
- Trusted advisors for over 12 years
- Fully independent advice
- Continuous improvement in your overall security posture
- Specialists in bespoke security assessment services for financial, industrial, and corporate environments
Here are just some of our Certifications:
- Certified Information System Security Professional (CISSP)(ISC)2
- Offensive Security Certified Professional (OSCP)
- Offensive Security Certified Expert (OSCE)
- Certified Ethical Hacker (CEH)
- GIAC Certified Intrusion Analyst (GCIA)
- Certified Information Systems Auditor (CIA)
- GIAC Certified Incident Handler, SANS Institute (GCIH)
- Certified Cisco Network Associate, Cisco Systems (CCNA)
- Microsoft Certified Systems Engineer, Microsoft (MCSE)
- Splunk Certified Architect (SCA)
Get In Touch
For more information, we’re here to help.