Truesec’s Incident Response Retainer is a monthly subscription that provides on-demand access to a team of incident response experts that will rapidly stop active attacks and get you back to normal operations. This proactive approach significantly decreases response times, minimizing the impact of a breach.
Short Response Time
Signed retainer to guarantee timely service and 24/7 emergency response.
Experienced Incident Response Team
Cybersecurity expertise, rich data sources, and unique technologies to quickly stop attackers and restore infrastructure.
Discounted Hourly Rates
Discounted hourly rates for additional consulting services.
With checkouts suddenly encrypted and thousands of customers unable to pay, Swedish supermarket chain Coop was forced into an urgent, nationwide lockdown of its stores. They needed help – now.
Initial contact/startup meeting
Truesec’s Incident Manager, in collaboration with your IT personnel, will promptly identify the cause and extent of the intrusion and create an action plan. We’ll also assist you in establishing alternative communication channels, as your email will most likely be compromised.
Our experts will begin the investigation by doing the preparation required in the environment to collect information to understand the environment and the incident at hand. This will involve interviews and data collection. Any information can be crucial, so securing evidence for later analysis is imperative.
In the containment workflow, we perform activities to limit the damage/breach. At an early stage, we’ll initiate active security monitoring by the Truesec Security Operations Center (SOC) during the incident response to ensure visibility into the environment. This is beneficial if the threat actor tries to breach or move around within the environment.
Forensic Analysis and Investigation
In this workflow, we initiate a forensic investigation to secure traces of the threat actor, determine if any company or personal data has been breached or exfiltrated, and determine what the threat actor has done within the environment. This determines in exact detail how the threat actor breached the system. We also conduct threat intelligence on the attackers by analyzing the dark web and locating other relevant leaked information.
Based on the forensic investigation results, exact measures will be taken to eradicate the threat actor from the environment. This is aimed at removing any remaining artifacts associated with the threat actor and restoring the environment to a clean state.
In the recovery workflow, the activities aim to recover operational capacity in the most effective yet secure way possible. If required, we can also help rebuild systems that cannot be restored.
Final Report/Post Incident
Following the incident response and recovery, Truesec CSIRT will finalize an Incident Report and provide a debriefing, ensuring your organization’s operational procedures and incident response plans can be updated to reflect the knowledge gained from the incident. Truesec can also provide active security monitoring for a predetermined time to ensure a smooth return to normal operation.