(C) 2023 All Rights Reserved
Incident Response Service
EBRYX
A Trusted
Cybersecurity Partner
Continuous security monitoring is now regarded as essential for organizations of all sizes. Preventive technologies such as firewalls and malware protection systems are essential but not sufficient. Prevention can and does fail, often due to mistakes people, make or due to imperfections in the preventive technology itself. A sound security posture requires addressing the failure of prevention. This entails both detection of security breaches and responding to them to limit damage.
We recommend on how you can improve the security posture and develop capabilities to detect the modern-day cutting-edge attack campaigns by focused adversaries that easily bypass the conventional security controls.
We recommend on how you can improve the security posture and develop capabilities to detect the modern-day cutting-edge attack campaigns by focused adversaries that easily bypass the conventional security controls.
The service helps an organization answer the following questions
- Does your organization have appropriate threat detection and response capability?
- Does your staff possess training required to properly handle the incident, so no forensic evidence is lost?
- Does your staff have clearly defined roles and responsibilities in case of an attack?
- Does your organization have the capability to respond to the security incidents right in the initial phase before they turn into a hazard?
Our services
Incident Readiness Assessment
Assessment of current security posture against industry best practices in alignment with the NIST standards covering the following areas:
- Existing Detection and Response tooling and technologies
- Incident response processes & procedures in place
- Ability to sweep IOCs across all endpoints from a single point
- Ability to contain and isolate assets in case of an infection
- Ability to correlate current events with the past data
- Ability to eradicate injections from the endpoints in surgical manner instead of reimaging
- Ability to attain enhanced endpoint and network visibility from forensic evidence collection and investigation perspective
IR Plan, Procedures & Playbooks
Development the bespoke Incident Management Plan procedures covering
- Incident identification and definition as per the nature of the business
- Incident types and lifecycle
- Incident escalation scenarios and handling process
- Roles and responsibilities of the stakeholders
- Escalation matrix and response SLAs
Response playbooks for the SOC and IT team to handle various type of security incidents
Incident management lifecycle integrated with Security Operations & SIEM/SOAR
Breach Response Drills
Breach response drills every 6 months with assumed compromise to:
- Execute the breach response playbooks as per the IR plan
- Evaluate the efficacy of the breach response tools deployed in the infrastructure
- Gauge the preparedness of the internal team to respond to a breach
- Lessons learned for IR process improvement
Incident Response & Digital Forensics
Security Incidents that show signs of a breach are handled by Ebryx’ qualified Incident Response and Forensics Services team either remotely or on-site as per the nature of the incident. The incident response and digital forensic services comprise the following stages:
