ONSITE • REMOTE • ONLINE • CLOUD
The key point of an Emergency Incident Response is the reaction time between detection and response. Our focus is on minimizing downtime, containing the incident and restoring normal operations. To achieve this, we are always prepared to intervene in any type of incident, at anytime and anywhere in the world, quickly and efficiently.
Rapid isolation of threats limits the impact of a security breach. We identify, contain, and eradicate threats to have your business restored and running as quickly as possible. We include on-site response to help manage the situation.
Each incident raises a series of questions which need to be clarified:
Keep calm and call ONE. Our EIR projects get priority over any other company operation
In case an incident occurs, it is very important to stay calm and take immediate and effective action. We recognize that it is difficult to be untroubled when your systems are down, when business pressure is high or when you don't know how to proceed. Right from your first call, One eSecurity's Emergency Incident Response Team will advise you on the first steps and recommendations, and will work towards getting a clear picture of the problem in order to build a response. Within no more than two hours, we will form a team, schedule a plan, calibrate the effort and call you back with our advice.
When there is a cyber incident, there is a high level of pressure to return to normal operation. Our expert team of analysts can help by covering the following aspects:
The service is made up of six phases, which our investigators follow as a repeatable and well documented set of steps, based on the SANS Institute Incident Response Plan:
Our team can help you prepare for an incident and build joined response capabilities.
Events and incidents can be detected internally or by third parties. Either way, the incident response team must act quickly, analyzing information and determining next steps:
Events not confined to a single user or end point require containment, eradication, and recovery procedures. The containment phase requires agents and tools for data loss prevention, end point detection and response, and packet capture. Log aggregation and correlation are used to search for the adversary’s Indicators of Compromise (IOCs).
Identified IOCs will be isolated in all affected devices, understanding the techniques and methods used by attackers to avoid prosecution. Malicious artifacts are entirely removed from the client’s networks and systems.
Recover deleted files, hidden files, and temporary data that could be used as evidence, while restoring normal operations. Often, the unexpected occurs. This phase also identifies what other actions should be performed, (eg. any forensics examination of additional data sources or securing identified vulnerabilities).
The final phase covers the reporting of the analysis results. A forensics report not only includes the findings of the investigation, but describes the actions used and explains why specific tools and procedures were selected. It provides recommendations to improve policies, guidelines, procedures, tools, and other aspects of the forensic process. The formality of the reporting step varies greatly depending on the situation.
At the same time, our team enhances the security stance of a compromised entity against upcoming incidents, improving incident response capabilities in order to prevent future loss of intellectual property, finances and reputation.
A Team of leaders in the field of EIR
The Emergency Incident Response service is formed by experts from the Digital Forensics, Cyber Threat Intelligence and Threat Hunting departments that will analyze and investigate any threat detected.
It is important to have experienced responders who are comfortable and confident in dealing with what are often high-pressure situations. The One eSecurity Emergency Incident Response Team has worked with some of the largest enterprises in the world and responded to some of the most devastating and high-profile cyber attacks of recent times.
Our team can be activated when and for whatever you need. Our different service offerings allow our clients to get the coverage needed, from first response to legal support or forensics tools. Our team will be available to work in any part of the world.
Emergency Incident Response is not an isolated activity that is added to your organization. One eSecurity will make sure processes are integrated with the client's existing processes and infrastructure.
Software and Hardware
One eSecurity works with carefully selected industry-leading strategic security vendors in order to provide the best-of-breed digital forensic solutions. Each case is different and needs a different approach, while tools also differ depending on the platform, operating system and the type of the target device. One eSecurity uses hardware and software tools, both commercial and open source, chosen according to design, specific purpose or broader functionality.
During the more than 10 years delivering EIR services, both as Incident Responders and Forensic Analysts in many environments, reviewing thousands of systems, we have been progressively developing our own DFIR analysis system, known as SKY.
The SKY platform has been designed not only to automate most of the usual orchestration work needed to manage DF/IR cases, but also to be an automated investigation and analysis system that is able to process evidence (live or already acquired systems) with the specific tools needed, and to integrate the results in a centralized analysis environment.
SKY’s modular design has been created to make it possible to handle different kinds of cases and process multiple types of evidence found in the victim's systems, such as media, memory or network traffic. See SKY in depth
|Digital Forensics||Threat Hunting||Cyber Threat Intelligence|
|One eSecurity Digital Forensics service is focused on system in-depth analysis, aiming at obtaining a traceable record of previous activity in order to answer any investigative questions.||Our Threat Hunting service combines the analytic capacity of our most experienced experts with the power and automation of our Hunting Framework, offering a continuous and proactive threat search process in both networks and systems.||The Cyber Threat Intelligence service by One eSecurity provides (both internally and for clients) knowledge and information on key threats for decision-making and forecasts of risk situations on IT systems and networks.|
|Learn more||Learn more||Learn more|