We helps companies respond effectively to cyber attacks and security incidents that target them.
When an incident occurs, we will travel to the customer’s premises to help them manage the incident or we can also handle the Incident remotely, if possible. In most cases the process will follow those phases:
▪The diagnostic phase of the incident
When we arrive at the premises of a customer impacted by an incident or a cyber attack, the first action to take is to conduct a general diagnosis of the situation in order to determine the scope of the incident, its nature and its impact on the company. This diagnosis must be made as quickly as possible and its effectiveness is crucial to minimize losses and return to production as quickly as possible.
▪Containment of the incident
The first step in responding to the incident is to put in place very quickly the measures and means to contain the incident and prevent it from spreading or increasing losses. We determine the incident containment measures and accompany the company’s IT staff in their implementation.
▪Active network monitoring and proactive detection of attacks
It is important when managing a security incident to take control of network security and ensure that no other attacks are in progress while the incident is being managed.
▪Thorough investigation and reconstruction of the attack/intrusion scenario
In many cases of incidents, such as ransomware infections or complex intrusions (PTAs, etc.), a thorough analysis may be required to understand what happened and assess the extent of losses or impacts.
▪Incident eradication and recovery
Once the incident is contained, the eradication phase consists of putting in place measures to eliminate the cause of the incident or to clean up the impacted systems. During the recovery phase, the corrected systems are put back into production.
▪Forensic analysis and evidence collection
If necessary, a forensic analysis will be carried out to collect and preserve the evidence required should the company wish to initiate legal proceedings against the author of an intrusion or malfeasance. The activities carried out during the forensic analysis include (non-exhaustive list):
▪Post-mortem of the incident
When the incident is corrected and closed, it is important to conduct a post-mortem analysis to fully understand what happened, the shortcomings exploited and to learn lessons to prevent the same situation from happening again.