In an increasingly complex cyber threat landscape, effective crisis and SecOps management must be balanced between pre and post attack activities. It’s equally important to both test your organisation’s response capabilities and to invest in efficient recovery after an incident.
Currently experiencing an incident?
Call +33 9 72 30 13 99 if you’re in the UK or France, or request a call back from our German team.
First, diagnose the incident
- Identify the compromised systems
- Survey the initial attack vector
- Understand the attacker’s privilege level
- Investigate the attacker’s tools
- Identify the attacker’s means of communication
- Analyse the impact of the attack
- Create an incident timeline
- Produce a list of compromised equipment and systems, as well as malicious files
Then, eradicate the problem
- Report on the removal of the problem
- Offer recommendations for perimeter partitioning of the compromised area
- Suggest how to adapt filtering and detection rules
- Provide markers and IOC
- Harden recommendations
- Advise on the attack’s potential wider impacts
Thirdly, all-important reconstruction activities
- Restore the system to working order
- Reinstall infrastructure components
- Propose new security settings
- Consult on implementing robust cyber security policies and processes
Lastly, conduct further investigations to prevent an incident from reoccurring
- Analyse programs, logs, computers, and malware