Incident Response

There are a variety of situations that call for expert response. We pride ourselves in delivering results under the most stressful situations when minutes matter. Falling victim to ransomware, disaster, and virus outbreaks are just a few examples of common events that can call for professional incident response.

Recovering from a cyber attack can be a daunting, frightening, and disheartening task. But when you have a tested, trusted, and proven team of IT professionals by your side, your setting you and your business up for success.

Our industry leading Incident Response service is designed to help you recover from ransomware, viruses, data breaches, and much more. These common cyberthreats can often wreak havoc on a business – but when you respond the right way, you can move forward without skipping a beat.

We’ll work with you to prepare for disaster by establishing a clear prevention strategy. From there, we’ll work to detect incidents, intrusions, and vulnerabilities quickly, so that we can identify the breach and respond accordingly. Last, we’ll help you contain and eradicate any malicious activity, while also working to restore and recover your systems quickly.

Begin Your Road to Recovery Now

YOU HAVE AN INTERRUPTION, LET'S GET YOU BACK TO NORMAL

Preparation
Detection & Analysis
Contain, Eradicate, Recovery

The best time to start investigating an incident is before it occurs. Optimal Incident Response requires thorough preparation and well laid out plans

Plans. Are you prepared for an incident? Who will you call first. You need to have several items in place including: Communication Plan (phone tree, who and who doesn’t get notified and when), Roles and Responsibilities, etc
Inventory. Have you listed all assets in order of importance: Servers, Desktops, Network Equipment, Software
Practice. Have buy-in of critical team members. Run through various drills to test your plans and adjust as necessary

During this stage, our team arrives on-site where possible to assess the situation. We take great care to preserve as much information as possible that can assist in the analysis stage.

Identification. Is this an event, or an incident. Our security teams identify breaches using various methodologies. Identification is easier when Intrusion Detection Systems, Firewalls, and a comprehensive Security Information Event Management System are in place.
Collect Evidence. While identifying the threat, ancillary data that is collected is retained for future use.
Construct Timeline. Using the information collected compile a timeline to the first intrusion steps, determining what systems are affected.

With the investigative process complete, work can begin on:

Containment. One of the 1st steps after identification is to contain the damage and prevent further penetration. This may include taking additional systems offline for a time.
Eradication. Neutralizing the threat by cleaning the effected systems and restoring them as close to their previous state as possible.
Recovery. If ancillary systems were taken offline, these are brought back online. Secondary monitoring is usually deployed to provide closer monitoring of the affected systems
Lessons Learned. How and When can you improve your security posture to avoid future incidents.

We Enjoy Working

what people say

Chris has been our IT guy for about a year now. Maintaining 20+ computers,printers, etc. He has NEVER let us down. Always on top of the latest updates, and always goes above and beyond. It has been a true blessing to have him as part of our team. We’ve had other IT professionals in…

Chris has been our IT guy for about a year now. Maintaining 20+ computers, printers, etc. He has NEVER let us down. Always on top of the latest updates, and always goes above and beyond. It has been a true blessing to have him as part of our team. We’ve had other IT professionals in…