Incident Response

Data Center Programmer Using Digital Laptop Computer, Maintenance IT Specialist. Cloud Computing Server Farm System Administrator Working on Cyber Security for Iaas, saas, paas. Closeup Focus on Hands

Timely Incident Response Services

In a typical security incident, most organizations waste precious time trying to locate a firm that has the experience, expertise and available resources to assist with containing and remediating your security incident. Even if you do get lucky and find such a firm, you’ll waste even more valuable time bringing the new firm up to speed on your environment. Meanwhile the bad actors are getting deeper and deeper into your organization either extracting the crown jewels or laying the groundwork for future attacks.

With TBG’s Incident Response Retainer your organization will be better prepared to deal with any security incident in the timeliest manner possible with the greatest chance of success.

Our Incident Response Retainer Program assumes you have an Incident Response Plan in place.  If you find yourself without an IRP, don’t fret, we’ll be happy to create your Incident Response Plan. Our Incident Response Plan Creation Services can be found here.

“Control is an illusion”. Sooner or later, you are going to get hacked — if it has not already happened. You cannot control the enterprise network or hackers. The only way to control the situation is to accept that you have no control, and be prepared for when attacks hit, and to limit the damage.

How We Do It

Before an Incident

Preparation – TBG works closely with your team to gain a thorough understanding of the environment. We will work with key stakeholders in the process to fully verse our team in the technologies in place, along with the processes that exist for handling incidents when they occur coupled with an understanding of how escalation occurs and who the players are and what their roles are. During this engagement TBG will work closely with your team to build incident response plan, and run books that are focused on forensic data collection and chain of custody. Once these have been prepared a TBG associate will work with your organization to define an SLA, negotiate rates for response and close out all the necessary contractual arrangements.

During an Incident

Notification – In the event of a cyber incident, you will make a request for assistance by either email, our support portal or phone.

Analysis & Leadership – TBG can be called on during an active incident as a subject matter expert to help guide and advise the IR team during containment, eradication and recovery. TBG is you trusted partner during an incident and will be there to help lead your team thru the incident as needed.

Forensic Activity – TBG is ready and able to aid in forensic investigations as deemed necessary. The operational run books we put in place during the Preparation phase will guide the IR customer through the process of proper evidence collection, and chain of custody procedures. TBG will then take forensic materials off site to our lab for analysis and reporting.

Quarterly Testing

With our Incident Response plan, unlike other providers, you don’t pay to have us sit on the bench and wait for an event to happen. On a quarterly basis we provide the following services.

Waist up portrait of smiling man standing by server cabinet while working with supercomputer in data center and holding tablet, copy space

Benefits Of Working
With Us

  • Trusted advisors for over 12 years
  • Fully independent advice
  • Continuous improvement in your overall security posture
  • Specialists in bespoke security assessment services for financial, industrial, and corporate environments

Here are just some of our Certifications:

  • Certified Information System Security Professional (CISSP)(ISC)2
  • Offensive Security Certified Professional (OSCP)
  • Offensive Security Certified Expert (OSCE)
  • Certified Ethical Hacker (CEH)
  • GIAC Certified Intrusion Analyst (GCIA)
  • Certified Information Systems Auditor (CIA)
  • GIAC Certified Incident Handler, SANS Institute (GCIH)
  • Certified Cisco Network Associate, Cisco Systems (CCNA)
  • Microsoft Certified Systems Engineer, Microsoft (MCSE)
  • Splunk Certified Architect (SCA)

For more information, we’re here to help.