Respond

Regardless of the protective measures taken by an organisation, incidents will occur. The task is to minimise the number of incidents that slip through the net, and to minimise the negative business impact, therefore reducing cost. SecureLink works with the customer to ensure efficient response capabilities are implemented. Technical investigations help identify and understand the incident and its consequences, and recommend suitable remediation.

By levering good response services, you can:

  • Limit the impact of a breach
  • Contain and eradicate the threat
  • Gather evidence and learn how to prevent this from happening again

Rapid Endpoint Quarantine

  • Do you need a 24×7 Security Analysis service, but do not have your own 24×7 CSIRT team to respond to breaches?
    The Rapid Endpoint Quarantine service is an add-on service to the Security Analysis Service/SIEMaaS where the SecureLink analysts will set infected endpoints in quarantine to mitigate impact from ransomware, data exfiltration or lateral movements.

Rapid Malware Analysis

  • When a customer is the target of an attack, SecureLink helps with detailed investigations of the malicious software used in the attack. With advanced tools and methods, the customer will learn how the incident could occur, what it did, and if/what other machines are infected.

Rapid Endpoint Response

  • GDPR has a breach reporting requirement where companies must report details about the breach within 72h. Do you have the tools, resources and competence to do this yourself? If not, then SecureLink can help you with the Rapid Endpoint Response Service that will provide a breach report within 64h of service activation.

Incident Response

  • The Incident Response service will help you manage an entire incident, from a simple breach of policy to an estate-wide compromise or work to the methodology within your organisation’s incident response plan and as a colleague within your own incident response team.

When acting in a management capacity, the incident response team work to the principles of the NIST Computer Security Incident Handling Guide (Special Publication 800-61) and the SANS Institute, adopting the standard controlled phases of:

  • Preparation
  • Identification
  • Containment
  • Eradication
  • Recovery
  • Post-Incident Review

The incident response team follow the principles of the ‘Association of Chief Police Officers’ (ACPO) Good Practice Guide for Computer-based Electronic Evidence’ for all aspects of evidence management, regardless of criminal circumstances or law enforcement agency involvement.