We’re increasingly assisting more organisations respond to security incidents and breaches, in every industry vertical. If you need some pointers of helping prepare for or deal with security incidents, check out our Ransomware Playbook.
Cythera are listed as a preferred incident responder and digital forensics specialist organisation for a number of global insurers and underwriters. Cythera have extensive experience in performing services of this nature and we move quickly to support our customers when engaged so that the impact of a potential breach is mitigated rapidly.
Incident Response and Digital Forensics allows for rapid identification of the extent of an incident, allow client organisations to quickly remove an adversary from their network and to put in place sufficient levels of logging and auditing to monitor the environment to respond to further incidents. The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.
This engagement approach is focused on gaining control back of the network and ancillary services, followed by a thorough forensic examination of the environment to provide a timeline of events to allow subsequent investigation work to occur, and if necessary form an evidentiary brief for later prosecution purposes.
If available, the incident response team follows a customer organisation’s incident response plan (IRP), which is a set of written instructions that outline the organization’s response to network events, security incidents and confirmed breaches.
Our approach to the various phases of a typical incident response engagement:
- DISCOVERY – Conduct a series of workshops with the customer to understand the scale and scope of the cyber incident.
- SYSTEMS PROTECTION – Provide recommendations to reduce the attack surface and remove footholds of the adversary in the Enterprise network.
- VISIBILITY – Identify and analyse all available sources of logs, audit trails and related log files across the enterprise.
- AUDIT & LOG REVIEW – Where attribution is possible, document IP addresses, accounts, date timestamps etc used by adversary.
- DIGITAL FORENSICS – For key systems and workstations involved in the incident, perform forensics analysis to identify other Adversary activity that logs may have not recorded.
- REPORTING – As part of this engagement a number of documentary artefacts are created to allow for the communication on the works undertaken to relevant engagement stakeholders.
Another critical role of the DFIR team is to continuously liaise and communicate with customer stakeholders as new information comes to light, documenting incident detail and feeding this detail into subsequent phase activities.
As more organizations face the need to engage Incident Response or Digital Forensics for a security incident, it’s critical you choose who you partner with wisely, and ensure they have specialisation in their field.
Cythera have extensive skills in successfully managing incidents and helping businesses recover when they subjected to a cyber incident. Don’t guess at how to respond to an incident, trust the experts who can reliably help.
