Cybersecurity incident response

Incident Response Retainer

Have a highly trained incident response team on your side. With a team of incident response experts on standby, you’ll be back in business quickly in case of a breach.

Incident Response Retainer

Upgrade Your Cybersecurity With a Monthly Subscription

Truesec’s Incident Response Retainer is a monthly subscription that provides on-demand access to a team of incident response experts that will rapidly stop active attacks and get you back to normal operations. This proactive approach significantly decreases response times, minimizing the impact of a breach.

Incident Response Retainer

Business Benefits

Short Response Time

Signed retainer to guarantee timely service and 24/7 emergency response.

Experienced Incident Response Team

Cybersecurity expertise, rich data sources, and unique technologies to quickly stop attackers and restore infrastructure.

Discounted Hourly Rates

Discounted hourly rates for additional consulting services.

 

Onboarding Step by Step

01

Discovery

We meet to discuss your incident response needs, find the best solution, and sign the IR retainer contract based on your requirements.

02

Onboarding

We’ll guide you through preparing for potential incidents – covering on-site logging, setting up accounts, identifying your critical systems, and more.

03

Incident Response Team - Standby

If an incident occurs, contact Truesec over the agreed channels.

04

Recurring Meetings

With the Incident Response Retainer, we include recurring meetings to review the general threat landscape and your overall cyber needs.

The excellent collaboration with Truesec resulted in us choosing their SOC service over other suppliers.

Michael Exenberger

IT Manager, Bufab Group

It’s important for us to work with a partner combining both worlds: deep knowledge and broad experience from advanced cyber attacks.

Sami Breinholt

Group Head of Technology Services, NLTG

Resources

Latest Insights Within Digital Forensics and Incident Response

What we do

Our CSIRT Operations Methodology

Our method builds on the seven steps described below.

Initial contact/startup meeting

Truesec’s Incident Manager, in collaboration with your IT personnel, will promptly identify the cause and extent of the intrusion and create an action plan. We’ll also assist you in establishing alternative communication channels, as your email will most likely be compromised.

Preparation

Our experts will begin the investigation by doing the preparation required in the environment to collect information to understand the environment and the incident at hand. This will involve interviews and data collection. Any information can be crucial, so securing evidence for later analysis is imperative.

Containment

In the containment workflow, we perform activities to limit the damage/breach. At an early stage, we’ll initiate active security monitoring by the Truesec Security Operations Center (SOC) during the incident response to ensure visibility into the environment. This is beneficial if the threat actor tries to breach or move around within the environment.

Forensic Analysis and Investigation

In this workflow, we initiate a forensic investigation to secure traces of the threat actor, determine if any company or personal data has been breached or exfiltrated, and determine what the threat actor has done within the environment. This determines in exact detail how the threat actor breached the system. We also conduct threat intelligence on the attackers by analyzing the dark web and locating other relevant leaked information.

Eradication

Based on the forensic investigation results, exact measures will be taken to eradicate the threat actor from the environment. This is aimed at removing any remaining artifacts associated with the threat actor and restoring the environment to a clean state.

Recovery

In the recovery workflow, the activities aim to recover operational capacity in the most effective yet secure way possible. If required, we can also help rebuild systems that cannot be restored.

Final Report/Post Incident

Following the incident response and recovery, Truesec CSIRT will finalize an Incident Report and provide a debriefing, ensuring your organization’s operational procedures and incident response plans can be updated to reflect the knowledge gained from the incident. Truesec can also provide active security monitoring for a predetermined time to ensure a smooth return to normal operation.

Contact us

Get in Touch

Covering the entire cybersecurity spectrum, we provide services required to manage all areas that may be affected by a cyber breach.