After an incident is detected, the response must be quick and efficient, the clock is ticking. Hacknowledge security experts from the CSIRT team will help you to quickly identify and contain the discovered threat. When contained, a meticulous analysis is performed to determine the impacted systems and the entry point of the threat, the patient zero. With action-oriented and pragmatic recommendations this will allow you to identify your weaknesses and remediate them to recover being confident the same attack will not happen twice.
With this preparation, Hacknowledge engineers will provide you recommendations to ease the incident response and allow you to be ready to face a security incident.
The main objective is to create an effective communication interface between the engineers handling the technical part of the incident response and the customer’s management.
Our crisis consultants will be able to support the customer in his management of the cyber crisis:
- Organization of incident response:
- Steering committee
- Incident debrief
- Internal and external communication
- Linking with the appropriate partners for technical, organizational remediation and legal actions
- Post crisis remediation follow up
The offensive team will follow the cyber kill chain, while the defensive team will try to detect these intrusion attempts, in particular the lateral movement and privilege escalation related events. This to reduce the cyber kill chain in the earliest stage to avoid offensive team to reach critical assets of the customer.
The aim of this new form of assessment is to continuously enhance customer security coverage by leveraging synergy of both defensive and offensive service of Hacknowledge, as the defensive team will expand their knowledge of the tactics, techniques and procedures used by the real attackers.