What We Do

What We Do

Finding out why an incident occurs

Knowing an incident had occurred might be the hardest part of the process, security breaches or incident sometimes may go unnoticed for more than a year before someone finally unearth it. Detection is just the first part, how you go about containment, eradication and recovery are crucial of incident response. However, the most important part of all is the aftermath, where we analyze and pinpoint the root cause of the incident, consolidating effort with management and apply appropriate measures to prevent it from happening again.

External incident response

An external incident response provides a non-basis and multi-facet view of the incident and it frees up in-house security resources to focus on security operations. Combining the expert knowledge of the security team we can trace the incident with the perspective of a defender and an adversary, providing a holistic view of the incident. 

Aftermath of an incident

Prevention is better than cure, what an organization adjusts its policies and practices is equally important to what it does during the incident. Just pluggings the hole in the wall is not enough, the occurrence of the incident may implicate a pattern of vulnerability, an organization must analyze the root cause of the incident and implement necessary policy changes and educate its staff to raise their awareness to the incident.

Client Results

Our Approach

The ISO/IEC Standard 27035 outlines a five-step process for security incident management, including:

  • Prepare for handling incidents.
  • Identify potential security incidents through monitoring and report all incidents.
  • Assess identified incidents to determine the appropriate next steps for mitigating the risk.
  • Respond to the incident by containing, investigating, and resolving it (based on outcome of step 3).
  • Learn and document key takeaways from every incident.