Time is of the essence when a cyber breach occurs. We believe bringing comprehensive breach response and remediation expertise to every engagement is imperative to thwarting the threat actors while working to bring your business and information security systems back into a steady state. While our Response services portfolio includes the following, it is not limited to, nor do we require our clients to utilize us for each area of incident response.
- Incident Containment and Monitoring Services
- Breach Forensics and Root Cause Analysis
- Ransomware Negotiation and Cryptocurrency Payment Services
- Business Email Compromise (BEC) Investigation
- Social Engineering Fraud Investigation
- eDiscovery Services
- IT Restoration Services (On-site and Remote)
- Deep and Dark Web Monitoring
Our goal is accelerating the speed of remediation of security breaches, viruses, and other potentially catastrophic incidents by providing the most comprehensive view into attacker activity so you can get back to what matters most: your business.
Breach Response Services
When a call or an email comes into our breach response hotline or email inbox, we guarantee a response within 15 minutes from our global Computer Emergency Response Team (CERT). Furthermore, within one hour of a scoping call, a statement of work is provided which clearly outlines our team’s responsibilities.
We identify how attackers are accessing your environment, determine how to mitigate an attacker’s existing access and track future actions and prevent future access. Our team is comprised of experts from IT, InfoSec, DevOps, Negotiation, and Management.
- Incident Containment and Monitoring Services – Immediate decision-making to determine which systems, networks, or functions to halt or close off. Enable EDR tool within our SOC to actively monitor your systems while tailoring a remediation strategy.
- Breach Forensics and Root Cause Analysis – Determine what network evidence there is of the breach, how it happened by analyzing attack pattern, statistical flow, and traffic, as well as ascertaining what can be done to prevent it from happening again.
- Ransomware Negotiation and Cryptocurrency Payment Services – Utilize proven negotiation tactics and strategies to engage with the threat actor, reduce exposure, and facilitate cryptocurrency payments in accordance with all local governance and regulatory guidelines.
In order to determine how attacks happen and protect your business in insurance claims, legal proceedings or with regulatory compliance, it’s imperative to have a solid investigative team to ensure no digital or physical evidence is lost or overlooked. Additionally, data preservation and investigative reporting are important for maintaining integrity throughout an investigation. CyberClan abides by the internationally recognized Electronic Discovery Reference Model (EDRM), providing confidence and strength in the provision of data and legal discovery.
- Business Email Compromise (BEC) / Social Engineering Fraud Investigation – Analysis of email logs, identification of when the incident occurred, investigate audit logs, and determine how access was gained.
- eDiscovery Services – Extract, analyze, and prepare actionable intelligence throughout the entire investigation and remediation process operating from a virtual Security Operations Center (SOC) and eDiscovery platform allowing for complete remote and secure solutions.
Restoration, Remediation, and Ongoing Monitoring
We see IT Restoration as an integral part of any comprehensive Incident Response. Having your data inaccessible or encrypted by threat actors can be extremely frustrating and can make you feel helpless. CyberClan helps your business operations resume while our Incident Response team handles the security breach mitigating and reducing business interruption. This is all done in a safe and secure fashion that protects your business.
- IT Restoration Services (On-site and Remote) – Triage and evaluate level of damage; isolate assets and contain the environment; develop plan and evaluate priorities; provide parachute resources to aid in recovery of data; and finally, backup, rebuild, and restore servers and infrastructure in client’s current environment.
- Deep and Dark Web Monitoring – Utilize tools to monitor the dark web for instances of compromised data being advertised or sold in forums; use data and alerts to form actionable intelligence.