CSIRT : Incident Response Services

Incident Response Services

INCIDENT RESPONSE by HACKNOWLEDGE . After an incident is detected, the response must be quick and efficient, the clock is ticking. Hacknowledge security experts from the CSIRT team will help you to quickly identify and contain the discovered threat.

Incident Response

When contained, a meticulous analysis is performed to determine the impacted systems and the entry point of the threat, the patient zero. With action-oriented and pragmatic recommendations this will allow you to identify your weaknesses and remediate them to recover being confident the same attack will not happen twice.

After an incident is detected, the response must be quick and efficient, the clock is ticking. Hacknowledge security experts from the CSIRT team will help you to quickly identify and contain the discovered threat.

Forensic Analysis

If necessary the Hacknowledge CSIRT team can perform forensic analysis and collect digital evidence with state-of-the-art techniques ensuring the continuity of the chain of custody for legal procedure. This goes from the collection of the evidences to the data acquisition and their analysis using solutions such as write-blockers and trusted forensics analysis tools and procedures.

Incident Preparation

To make the incident response as efficient as possible, a pre-incident assessment is performed to identify points that may slow down and interfere with the response when every minute counts.

With this preparation, Hacknowledge engineers will provide you with recommendations to ease the incident response and allow you to be ready to face a security incident.

Cyber Crisis Management Support

Beyond technical breach analysis and remediation advises, Hacknowledge will support customers in crisis handling.

The main objective is to create an effective communication interface between the engineers handling the technical part of the incident response and the customer’s management.

Our crisis consultants will be able to support the customer in his management of the cyber crisis:

Purple Teaming Collaborative Testing

Purple Teaming is a collaboration between offensive and defensive tactics. The offensive team will follow the cyber kill chain, while the defensive team will try to detect these intrusion attempts, in particular the lateral movement and privilege escalation related events. This is to reduce the cyber kill chain in the earliest stage to avoid offensive team reaching critical assets of the customer.

The aim of this new form of assessment is to continuously enhance customer security coverage by leveraging the synergy of both defensive and offensive services of Hacknowledge, as the defensive team will expand their knowledge of the tactics, techniques and procedures used by the real attackers.