After a thorough audit by our CSIRT (Computer Security Incident Response Team) we would identify ALL points of entry used by the attacker(s) as well as additional access points that they might have created in order to plan and execute phase 2 without leaving any doors open for the intruders to regain access.
We require the network infrastructure administrators to provide us with all information describing the topology, services and evidence that a breach has occured in order for our blue team to be able to completely assess the situation and narrow all points of access used by the attackers as well as eventual vulnerabilities in the systems and infrastructure that were used by the attacker.
After 100% certainty that the so called “doors” are known we can proceed by removing / “closing” them, by doing so quarantining the infrastructure affected by the attack. At this point and once our team has made sure that your infrastructure and systems are no longer accessible or penetrable by the attacker(s) we proceed with evaluation of data damage, backdoor/rootkits scanning and investigating on any possible modifications made by the attacker that must be repaired, removed or cleaned.
This phase is completed by our CSIRT once we make sure that any leftover software/code or modifications have been removed from your systems.
We do not only react by helping you in the emergency you have with your digital security, but we also make sure it never happens again.
Once we have completed Phases 1 and 2, our CSIRT would present you with kind of a prescription and a carefully tailored prevention plan specifically made to protect your systems and infrastructure from any potential threat similar to the one that was the occasion for you to use our service and to help you protect your organization from other threats or breaches. In the report and prescription plan you would find all the necessary steps that you and your system administrators should take in order to be 100% safe and not to ever need an incident response unit such as ours.
We strive to keep you and your business secure in the future.