Incident Response: experts for emergencies
Work with professionals in case of emergency and save tens of thousands of Euros caused by uncoordinated actions in "headless chicken mode".
The right response for your incident
A cyber incident is an absolutely exceptional situation. Most of the people affected are experiencing such an emergency for the first time and usually have neither plans nor instructions or processes to master this situation.
Yet incident response is much more than forensic analyses and the implementation of individual technical measures. It requires up-to-date situation reports, structures and, above all, a professional incident coordinator who manages the parties involved (IT, management, forensic experts, PR, etc.), brings calm and structure to the usually uncoordinated actionism, and defines and pursues clear investigative goals in order to end the emergency situation quickly and cost-effectively.
Our experts have mastered hundreds of incident response missions over the last 10 years, from medium-sized businesses to large corporations (DAX40) and have built up a wealth of experience. In times of peace we support you in optimizing your cyber defense and in case of emergency with coordination, forensic analysis and internal and external communication.
Do you want to react professionally in the event of an emergency?
If there are any anomalies in the area-wide analysis, triage is again initiated and the various phases are iterated until no new findings emerge.
The results of the various analysis approaches are consolidated into a timeline and further analyzed to correlate attacker activity across multiple systems and identify interactions between them. We classify the steps/phases of the attack based on the MITRE ATT&CK framework. This helps to identify the attacker's approach and motive, as well as take remedial actions and prevent such attacks in the future.
Since most organizations run a Microsoft environment, Windows systems (servers & clients) are also the most commonly analyzed. We use specialized tools for evidence collection and forensic analysis.
Although incidents occur more frequently on Windows systems, we can also perform forensic analysis of Linux systems and have the appropriate specialized tools and know-how.
Even if Macs are still rather exotic in enterprises they are also compromised and therefore we can do forensic analysis of Apple systems as well.
Since cloud environments are very different from on-premise environments, they also require different approaches and methods for incident response. Our team has handled a wide variety of cloud incidents in Azure and AWS Cloud.
To be honest, we prefer an analysis of your infrastructure via EDR solutions. Why? The central management allows us to quickly collect artifacts for further analysis, the telemetry data often reveals the exact actions of the attackers, and we can quickly implement effective monitoring for further activities.
Log data in particular from central systems also help with the analysis once the initial facts are known. This allows suspicions to be quickly narrowed down, ruled out or corroborated. In addition, centrally stored log data is difficult for attackers to manipulate.
The final goal of any incident response is to regain sovereign control over the IT infrastructure, prevent the reoccurrence of a similar attack, and remove all traces on the systems to restore a clean baseline.
Typical actions include rebuilding compromised systems and changing all passwords on compromised accounts. All of this should take place in a short period of time, usually within a day, so that attackers have as little chance as possible to recompromise systems that have already been rebuilt.
This is usually hard work and requires many people to be involved, right up to the top management level, as in most cases such a "D-Day" will have an impact on business operations. In addition, you absolutely need professional project managers who can create a clean and realistic schedule, assign roles and responsibilities, ensure communication between stakeholders, and keep quality under control using KPIs.