Incident Response: experts for emergencies
Work with professionals in case of emergency and save tens of thousands of Euros caused by uncoordinated actions in "headless chicken mode".
The right response for your incident
A cyber incident is an absolutely exceptional situation. Most of the people affected are experiencing such an emergency for the first time and usually have neither plans nor instructions or processes to master this situation.
Yet incident response is much more than forensic analyses and the implementation of individual technical measures. It requires up-to-date situation reports, structures and, above all, a professional incident coordinator who manages the parties involved (IT, management, forensic experts, PR, etc.), brings calm and structure to the usually uncoordinated actionism, and defines and pursues clear investigative goals in order to end the emergency situation quickly and cost-effectively.
Our experts have mastered hundreds of incident response missions over the last 10 years, from medium-sized businesses to large corporations (DAX40) and have built up a wealth of experience. In times of peace we support you in optimizing your cyber defense and in case of emergency with coordination, forensic analysis and internal and external communication.
If there are any anomalies in the area-wide analysis, triage is again initiated and the various phases are iterated until no new findings emerge.
The results of the various analysis approaches are consolidated into a timeline and further analyzed to correlate attacker activity across multiple systems and identify interactions between them. We classify the steps/phases of the attack based on the MITRE ATT&CK framework. This helps to identify the attacker's approach and motive, as well as take remedial actions and prevent such attacks in the future.
The final goal of any incident response is to regain sovereign control over the IT infrastructure, prevent the reoccurrence of a similar attack, and remove all traces on the systems to restore a clean baseline.
Typical actions include rebuilding compromised systems and changing all passwords on compromised accounts. All of this should take place in a short period of time, usually within a day, so that attackers have as little chance as possible to recompromise systems that have already been rebuilt.
This is usually hard work and requires many people to be involved, right up to the top management level, as in most cases such a "D-Day" will have an impact on business operations. In addition, you absolutely need professional project managers who can create a clean and realistic schedule, assign roles and responsibilities, ensure communication between stakeholders, and keep quality under control using KPIs.