INCIDENT RESPONSE SERVICES
CIA will create a program to help your security team to be more proficient at threat detection and increase readiness to respond to security incidents with an efficient and coordinated response. If you're in need of additional resources to accelerate incident investigation and containment, our CIA services teams can work together with in–house teams for all stages of incident response from analysis and detection through containment, remediation and cleanup.
Incident Response Program Development
Plan Your Threat Detection and Response
Incident Response Program Development helps an organization to be more proficient at threat detection and increase readiness to respond to security incidents with an efficient and coordinated response. Recommendations provide the foundation for a sustainable investment in people, processes, and technology to minimize exposure in the event of a breach.
Assess Current Response Capabilities
Many incident response programs suffer from a lack of coordination, trained resources and technology which results in an incomplete response, leaving customers exposed. Even teams which had previously created a program may have significant exposure since motivated attackers have continued to evolve their techniques, rendering threat detection and incident response technologies out of date. During the assessment phase, the Rapid7 team will thoroughly understand existing response processes and tools and provide a scorecard highlighting areas of strength and weakness. You will understand how your current program compares to best practices.
Make Measurable Progress
The assessment provides the foundation for creating a new incident response plan that includes guidance on prioritization, technical response and communications plans. CIA can also work with you to create a roadmap that details your current and future state with actionable steps to achieve your program goals. Our teams have experience working with organizational leaders to select the appropriate tools and technology and building the collateral to help these leaders evangelize effective incident response to the broader organization.
Practice and Optimize Your Response
Very few incident response teams perform adequate rehearsal of their threat response which slows response when responding to a real incident. The CIA team will lead one or more mock exercises that simulate an actual incident response. These exercises are led by leading experts with the goal of showing the effectiveness of the customer's threat detection and incident response plan as well as the importance of roadmap items.
Incident Response Services
Accelerate Investigation and Containment
With a 48% growth in cyberattacks from 2013 to 2014, the odds of needing to investigate an incident have become a near certainty. At the same time, most customers do not have the capital to invest in IR personnel and technology. Even customers who have developed an in-house IR program often experience challenges with split focus between IR and other projects, an antiquated approach to IR and threats, and poor abilities to document, report and communicate incidents.
CIA Incident Response Services give you access to the experience and technical expertise to accelerate incident investigation and containment. Our teams can work together with in–house teams for all stages of incident response from analysis and detection through containment, remediation and cleanup.
CIA incident response teams are made up of industry–leading experts with 15 years of experience in incident response of all sizes. Our team will help you with all aspects of the response through to incident remediation and clean–up. Customers benefit from a single point of contact who is ultimately responsible for coordinating, communicating, and reporting on all aspects of incident response activities. Incident management includes all aspects of threat detection, documenting findings and collaborating to devise appropriate remediation activities.
Rapid and Complete Response
Rapid7 built a team of experienced incident responders who previously conducted over 2,000 incident responses per year and have experience in responding to compromises of all sizes and severity. The teams complement their backgrounds in threat and network forensics and malware analysis with CIA – specific technology for rapid analysis and incident scoping.
Flexible Retainer Agreements
Incident response retainers offer customers the ability to engage skilled personnel rapidly in the event of a compromise. Customers who have engaged CIA and its Technology Partners for incident response will be contacted within 1 hour by a skilled engagement manager to plan an approach.CIA and its Technology Partners will begin remote technical work in investigating the compromise within 24 hours, and onsite investigations within 48 hours. CIA goes beyond traditional retainers by offering customers the ability to convert a portion of their pre–purchased hours to evaluate the customer's business, existing capabilities, and classification of relevant assets, users, and data.