Incident Response & Forensics
Immediate access to a team of experienced professionals in a time of crisis. A security breach can cost millions of dollars and have serious regulatory or contractual implications. Rapid response and orchestrated recovery efforts are essential to limit the damages from an incident, whether the incident occurred on your own network or in your cloud infrastructure, such as Amazon AWS, Microsoft Azure, or Office 365.
Working with your IT team to determine priorities, goals and regulatory considerations Webfargo will:
- Contain the incident and eradicate its cause
- Determine impact of incident
- Recover and restore data as needed
- Provide full forensics services
- Interpret evidence and provide documentation of the event
- Consolidate and review logs
- Review and debrief necessary individuals on event
- Provide recommendations on how to prevent future security breaches
Service Details
Webfargo is widely experienced in responding to a variety of security incidents and breaches. Working to put our client's business back on track as quickly as possible while minimizing future risk is our top priority when such an incident occurs. All engagements are custom and based on the customer’s goals and the data available. Incident Response & Forensics service typically includes the following:
- Initial Consultation (no charge)
- Determine customer goals
- Determine budget limitations
- Understand sensitivity of incident, both internal and external
- Understand any applicable regulations that apply to incident
- Provide quote or statement of work for response as needed
- Initial Response and Scope Determination
- Evaluate breach overall
- Determine the logs available for review
- Determine the size and date range of logs to audit
- Determine the type of logs
- Gain network/host access and perform cursory review
- Provide more detailed pricing guidance if applicable
- Refine scope based on customer budget and needs
- If intruder access point can be determined, assist in securing
- Gather and secure data/resources
- Gain access to logs and relevant systems
- Make backups/copies of logs
- Preserve evidence if desired
- Log review and analysis
- Detailed review by experienced security professionals
- Employ various tools for detailed analysis of large volumes
- Depth of review guided by customer goals and available data
- Communicate with customer throughout process
- Event correlation and analysis
- Compare events logged on disparate devices as appropriate
- Analyze events in logs, correlate (if possible)
- Develop attack timeline (if possible)
- Determine access levels reached (if possible)
- Determine sensitivity of data compromised (if possible)
- Document findings
- Report
- Explain findings, reaching conclusions as possible based on data
- Offer mitigation techniques to recover from incident
- Offer strategies for preventing future incidents
- Provide recommendations for any logging/security changes
- Present report in person or via remote conference as needed
You can be confident when working with the experienced team at Webfargo. An IT security incident is never fun; however we can help you find the root cause so that you can get back to your business quickly. We have assisted many organizations recover from security incidents, and we have the expertise and experience to help yours as well.