Incident Response can be conducted both as an actual security incident response or as a training in security incident response process.
The incident response, sometimes referred to as Computer Security Incident Response, process-chain follows the below depicted process
Seculyze has several service models including on-call and standby services. We will follow the below Security Incident Response Procedure as if we were an internal team:
A threat model and risk assessment gives input to identifying sensitive assets, to security incident detection and to contingency planning
Identifying the systems that are compromised by collecting evidence and analyzing it to determine the attack pattern, techniques, and tools
Monitor the adversary behavior to determine the intent, while limiting the access and objective of the adversary
A remediation event generally consists of activities that denies environment access to the adversary, degrade the ability of the adversary returning and eliminate the ability of the adversary to react to the remediation event
Moving back to normal operations implementing long-term controls to improve the overall security posture and prevent similar, future incidents
Information fed back into the preparation phase to be better prepare for a future security incident
A training plan will be formulated for the security team to expand their knowledge and approach based on the ever-evolving cyber threat landscape. Training will be based on the current technical level and will be performed accordingly, typically a combination of hands-on, use case-based training and training with real-life labs.
At Seculyze, we have out of the box training setups for the following. They can be used as is or customized to your needs:
Training in Security Incident handling
Training in analysis and forensics; live and scenario
Training in Incident response process
Offensive training in live and scenarios based on real life
Want to know more about Incident Response?
