INCIDENT RESPONSE

Incident response to Computer and Cyber Security events is one of MacroSEC’s main services and areas of expertise. Our team’s experience encompasses investigating large-scale intrusions performed by advanced threat groups. MacroSEC’s experts utilize their proprietary tools and techniques that allow them to:

  • Identify the actions of the attacker
  • Assess the scope of the compromise as well as the data losses
  • Define the steps required to remove the attacker
  • Define the approach required to re-secure the network.

MacroSEC’s consultants have performed investigations of a multitude of Incidents involving

  • Sensitive data theft from industry, military and governments.
  • Fraud events including Payment Cards, cash transfers and insider fraud attempts
  • Internal investigations including systems used by employees, board members and other insiders suspected of inappropriate or unlawful activity.

OUR APPROACH

We help organizations recover from a computer security event while minimizing the impact of the event on the organization. Our methodology includes several steps:

LEARN THE FACTS

Initially we must gain basic understanding of the situation, this includes: What happened? how it was detected? what data do we have about the event? what steps have been taken? how does the environment look like?

OBJECTIVES AND SCOPE

Next, we understand what the customer’s goal is, this may be anything from identifying assets compromise through to recovery, identify attackers and vectors.

COLLECTING EVIDENCE

Utilizing forensic procedures and tools, our consultants collect information and document evidence handling with chain-of-custody procedures to adhere to law and regulative standards.

ANALYSIS

Based on the evidence that is available and the customer’s objectives our team of experts will utilize a range of capabilities including log analysis, malware analysis and forensic imaging to determine the attack vector, establish a timeline of activity and identify the extent of the compromise.

EXECUTIVE BRIEFINGS

MacroSEC believes that a proper incident investigation requires management support and understanding to go side by side with the technical and investigative skills. During each investigation MacroSEC works closely with the company’s executives to provide detailed, structured and frequent status reports that communicate findings and management to make the right business decisions.

REMEDIATION

One of the most important steps following a compromise, is implementing what was learned controls and re-mediating learning from past experiences. Remediation plans vary deeply and depend on the extent of the compromise, the size of the organization and the tactics/objectives of the attacker. As part of an investigation MacroSEC delivers a comprehensive remediation plan and assists with the implementation.

REPORTING

MacroSEC provides a detailed report at the end of every engagement that addresses the needs of multiple audiences including senior management, technical staff, third party regulators, insurers and litigators.

Attackers May Be on Your Network

Talk to us today and secure your organization for the future!

CONTACT US