Skip to main content

Incident Response


IT security is a complex topic that involves procedures that require explanation. In order to explain our services to you in a comprehensible way, we have put them into an everyday context. The protagonists are our basement keepers Maximilian and Amir.

"Amir is a self-confessed cat lover. So it's no surprise that DriveByte has a shaggy, gray-and-white office cat. One lunchtime, Amir is just coming from a business meeting, when he notices his cat excitedly scratching his body with his paw. Since this behavior is unusual, Amir decides to get to the bottom of what's triggering it."

Preparation

Name? Birthday?

Amir puts his cat on the desk and documents the parts of the body that are affected. As in our story, you are first asked for all the related information and, on the basis of this, it is determined which processes will be examined.

Detection & Analysis

Ah, yes. A virus!

ionicons-v5-f

Fleas, is Amir's sober diagnosis. After a thorough investigation of all internal and external factors, we diagnose what the incident is in your company. In doing so, we compare the target state with the actual state.

Eradication & Recovery

1 Pill, twice a day.

ionicons-v5-n

For Amir, it is now a matter of brushing out the fur completely and thus combating the fleas. Once we have identified an incident in your company, our goal is to contain and stop it before any damage can be done. At the same time, we identify and block the attacker.

Post-Incident Activity

Stay healthy, champ!

ionicons-v5-m

Like our protagonist Amir, we subsequently learn from the incidents. To avoid further attacks, it is important to understand the incidents, improve processes in your company and develop response strategies to future attacks.

 

Service configuration? Individualization? Use our configurator!

Start Configurator

Technical Approach


In case of a security incident, a Defensive Expert can provide quick and methodical action plans to resolve and contain the incident and ultimately return to normal operation. The Defensive Expert is certified and experienced in the field of incident response and has access to several different scenarios and playbooks. The expert can assist the customer’s SOC, Blue Team, or security team during an incident and make sure that the incident is resolved in the shortest time possible.

Analysis

During this phase, theDefensive Expertwill assist the customer in analyzing the incident andverifying the category, severity, and impact.

Containment

During containment, the goal is to contain the impact of the incident on the customer’s infras-tructure and assets, as quickly as possible and to prevent further damage.

Eradication

Once contained, the threat to the customer must be eradicated. This step includes lookingfor vulnerable and exploitable systems and patching those to eliminate any remaining threats.

Recovery

During the recovery phase, theDefensive Expertwill assist the internal efforts in returning theinfrastructure to normal operations. This includes rechecking forIndicators of Compromise (IOCs).