Our Incident Response service is designed to assist you when an attack or penetration has been discovered within your information system. Our service can be conducted before, during or after the threat has been eradicated, to help you develop a plan of attack and/or procedures to take in order to prevent an attack from occurring in the future.
Why choose an incident response service from SSL247®?
Our incident response service is conducted by one or several of our security engineers that are specialised in penetration testing and digital investigation, and is designed to support you in as many ways as possible following, or during, a successful penetration attempt to your information system.
Our teams are always prepared, allowing us to respond to you within one working day – or less – and to intervene overnight to understand the origin of the threat and to determine how it functions. We can then prepare a tailored plan of eradication or simply identify the path used by the malicious software during the system penetration.
We are able to incorporate a malware analysis into our incident response service through a:
- Dynamic malware analysis: This first step of analysis provides an initial level of information in a short amount of time by listening to the system and network communications carried out by the malware. This is done by setting up a special environment and probes.
- Static malware analysis: We then extend the analysis of the malware by employing static analysis, the disassembling or decompiling of the binary code to understand how it operates. This step may require a considerable amount of time depending on the size of the binary to be analysed, and depending on whether any obfuscation methods are in place.
Our teams are able to advise and guide you through the reconstruction process following an investigation into a penetration of your system. We stress the importance of upkeeping the security of your system, especially following a successful attack.
Our methodology and strategy
We want to provide as much support as possible and aim to accompany you through the process of remediation in the most efficient way. As every attack varies in strategy and intensity, so must the methodology and strategy our teams design to counter each attack. Through this we are able to demonstrate our expertise and adaptability.
Depending on the situation, we can either:
- conduct the service remotely — for example, in the case of a compromised externally hosted server, or
- conduct the service on site — the more common approach, used when your local/internal system is compromised.
While the approach can either be:
- detailed — for example, a forensic analysis, or
- more general/global — for example, in the event of a widespread compromise.
Regardless of the approach taken, our teams will colloaborate with your teams to create the most suitable solution and approach.
Incident Response Objectives
The objectives of an incident response service include:
- Identifying the causes of an incident that occurred in the past in order to close the entry points used or verify that no other unauthorised entry points exist.
- Intervene during a crisis to guide your teams through deciding which strategy to employ and provide our expertise.
- Find ways to slow down and eliminate the threatand then rebuild the information system with increased security.
- Investigate an element, a set of elements, or an entire network to check whether it has been subject to an ongoing attack.
Technical implications include:
- Recovery and analysis of system, network and application logs, system artefacts (executed processes, modified elements, etc.), volatile memory, hidden files and folders or any other indicators of compromise (IOCs).
- Analysis of malicious software: Our consultants have extensive experience in binary analysis (reverse engineering) and are able to analyse threats that are not publicly documented.
- Assistanve in setting up strengthened system, network and application configurations.
Why choose SSL247®?
SSL247® have accredited experts with over 15 years' experience in the security industry and have achieved a variety of accreditations, including the EMEA Symantec Champion Award 2017 and ISO 9001:2015 and ISO 27001:2013.
Responsive and flexible
Our accredited security consultants and certified pentesters are here to respond and advise you on the most appropriate approach to follow.
All our consultants and auditors are regularly trained by third-party organisations to be kept informed about the latest vulnerabilities and attack techniques.
Our consultants hold the following certifications, amongst others: OSCP (Offensive Security Certified Professional), OSCE (Offensive Security Certified Expert) and OPST (OSSTMM Professional Security Tester).