One of the core processes for any information security management system is the Incident management process. For our clients we can offer a quick and efficient help on any stage of their incident resolution. This includes computer forensics, malware analysis, threat intelligence, system hardening and any other activity regarding incident response, recovery and follow-up steps.
Project case: Incident response
The goal of the project was to manage activities after a security breach of customer IT system, conduct forensic research to get the details of the incident, clean network from hackers and assist in lessons learned exercises to prevent further breaches.
The initial response included isolation of compromised systems, logs collection, network traffic and netflow collection. External requests were made to the Internet service provide to obtain additional connectivity details from the customer systems. After forensics analysis and malware reverse engineering the customer got:
- Detailed timeline of hackers activity
- List of hackers tools and other artifacts with their functionality description
- Vulnerabilities exploited by hackers to initially compromise the system
- Hackers techniques (e.g. lateral movement)
- Detailed remediation plan
- Suggestions for the BCP/DR improvements