DATA BREACH AND INTRUSION RESPONSE
In a recent Ponemon Institute Research project on 583 US companies, 90%+ said that their company had been breached at least once in the last 12 months. Data Intrusions or no longer just the result of script kiddies just messing with your system. Recent studies done by the Department of Defense and the FBI show that more and more companies are being specifically targeted by organized crime, state actors and competitors.
What are the hackers looking for?
- Insider Information to gain competitive advantage
- Access to Intellectual Property
- Credit Cards, Social Security Numbers and other valuable information
According to most network security companies, It is not “IF” you have a security incident but “WHEN”. The question is what will you do when you suspect that your company has become a target?
Cyber Investigation Services, LLC offers services that helps you quickly respond to cyber events as well as to plan in advance for their occurrence. With our fully qualified investigation and Incident Response and Forensic specialists team, you are in the best hands to not only quickly determine the extent of the breach but have an aggressive approach to containing and investigating the incident.
Our approach to handling a data breach and intrusion incident is to:
- Identify and Preserve Evidence
- Analyze and Contain Rogue Malware and Live Memory
- Determine, as accurately as possible, the method(s), time frame(s) and scope of the compromise.
- Provide feedback about containment, remediation and security enhancement.
- Investigate leads associated with the cyber-attack.
- Perform the Investigation with as little impact to the corporation as possible.
RAPID RESPONSE & TRIAGE
It is important to react to a data breach within the first 24-48 hours of discovery to further further contamination and loss of valuable data or information. At Cyber Investigation Services we can mobilize a response team within 24-38 hours of a data breach or intrusion to help you contain and mitigate the damage. Our initial response is designed to identify how the breach was first discovered, what evidence is available to-date, impacts to the corporation, what data sources were targeted, reporting chain of command and need to know command, history of other incidents with the organization, Network Infrastructure and Topology, Physical Locations of all affected IT infrastructure, 3rd Party Hosting of Infrastructure, DNS logs, proxy logs, IDS logs, System Logs, Router Logs, Wireless Logs, Firewall Logs, Domain Logs, Anti-virus Logs, Web Capture Logs. Backup Systems, Quarantine Capabilities, Employee Assignment and permissions list, computer use policies, IP Ranges and Logins.
Once our cyber team is able to analyze the available data we will provide a Triage report to the members of your incident response team.