Cybersecurity Incident Response

Whether you are experiencing an active compromise by a threat actor or you are putting the pieces together after the fact: our skilled investigators and analysts can assist with investigation and recovery. Our cyber response team (CRT) is highly experienced in responding to advanced persistence threats, data extortion, business email compromise, ransomware, insider threats, and more.

Our team brings an end to end solution. We begin with a Situation Assessment to document initial context, scope, and objectives, and then start the Collection process which includes the identification and forensic preservation of relevant evidence that supports the foundation for the investigation. During the Analysis stage we focus on conducting interviews and analyzing critical information to understand the relevant issues, which includes the timing of key events, understanding the impacted data, identifying if information was breached, and who may be impacted.

After the incident is contained, we assist organizations with regulatory inquiries, law enforcement requests, and helping organizations prepare for potential litigation. We have numerous experts that regularly testify in court.

Typically, we find that determined attackers will try to re-enter an environment. Smart organizations will remain vigilant throughout the post-incident phase as operations are returning to normal. Not all incidents end after the adversary is eradicated from the environment, and many large incidents can have follow up needs lasting well beyond the incident’s lifespan. CRA is able to assist you in a number of ways outside of performing traditional incident response services.

CRA can perform secondary investigations not performed during the initial response, such as determining whether an actor had access to Sarbanes-Oxley complaint systems, assessing responses taken by another provider or an internal team, and providing insightful recommendations on how to improve and prepare for the next incident, and assisting in the review of remediation efforts undertaken by an organization.

Our team has worked on over 1,000 ransomware cases ranging from Big Game eCrime syndicates to numerous Ransomware as a Service actors. As eCrime syndicates continue to infiltrate organizations, they have changed the game as they are weaponizing data taken and posting to their blogs. Our seasoned team has developed numerous tactics, techniques, and procedures (TTPs) to combat the threats that your organization could be experiencing from these eCrime crime syndicates.

Our comprehensive solution identifies the threat actor involved and deploying decryption keys to get the organization back in business.  We then perform containment and eradication of the malware left behind by deploying or leverage end point detection response tools such as Carbon Black Defense.

Clients also ask us to execute a forensic investigation of how the threat actor was able to infiltrate the organization and what information was taken, if any, and to create a lessons learned and roadmap going forward (90, 180, 270 day plan) for the organization. As always, our team stands ready to respond to regulatory, class action, client, and other requests.