Assistance Before, During, and After an Incident
We want to make sure your investigations are effective. That includes services to support your team:
- Prepare: Be ready before the investigation starts
- Respond: Perform or assist your investigations
We will embed with your team to ensure you are ready for the hard work ahead and have someone to call when things get out of hand.
Rapid Endpoint Triage
Our Rapid Endpoint Triage service is for organizations with an endpoint that needs to be investigated, but they don’t want to do it themselves and don’t need a full incident response team. All you need to do is run a collection tool and wait for the report.
This is a popular service for MSSP clients who receive and alert and need to decide how to respond. The service is a low, fixed price and the report is typically delivered within one business day.
Preparing For a Response
To help ensure you are ready to respond, we offer:
- Cyber Triage Tuning: Optimize the effectiveness of Cyber Triage in your environment to ensure collections happen quickly, false positives are reduced, and data quickly flows between your defensive systems.
- Incident Simulation / Table Top: Build your team’s confidence, decision making skills, and use of Cyber Triage with scenario-based simulations based on recent attack trends. Cyber Triage data sets are used in these scenarios.
- Compromise Assessment: Find evidence of active threat actors before they cause significant damage. This service helps to eradicate hidden threat actors and provide guidance to prevent bad actors from gaining access in the first place.
Conducting Investigations
During an incident, we offer:
- Rapid Endpoint Triage: We will quickly generate a triage report for one or more hosts (see above).
- Advanced Investigation Support: We support your team when you come across artifacts that are difficult to interpret. Our team’s knowledge of advanced forensic artifacts and obscure attacker TTPs can give you context about what you find with Cyber Triage.
About Us
We have decades of experience in crisis management, digital forensics investigations, and incident response.
Our team has both deep technical skills from our research and product development and crisis management skills from past large scale investigations. We know how to prepare for complex incidents, how to respond to them effectively, and how to keep our cool when tensions are running high. This is a challenging line of work and we know no-one can do it alone.
That is why we are here; to support you and our community.