Skip to main content

Incident Response

In the case of a Cyber Attack, call DriveByte!




A security incident response team, Computer Emergency Response Team or CERT for short, is responsible for conducting a methodical incident response in the event of cyberattacks. Typically, a CERT undertakes the development of action plans for various scenarios and makes decisions about necessary escalations in the event of security incidents.




A Security Operations Center, or SOC for short, is a team of subject matter experts in the field of IT security and is responsible for detecting, preventing, investigating and handling cyberattacks. Ideally, a SOC operates in a 24/7/365 "follow-the-sun" model and is thus able to detect anomalies and potential cyberattacks in real time and initiate adequate countermeasures.

What is Incident Response?


IT incident management or IT incident response, better known as "incident response", represents a proven procedure for handling security incidents. Through previously established measures, security incidents can be detected, but usually only after they have occurred. Therefore, it is necessary to initiate fast and efficient reactive measures in order to avoid further damages and consequences or to reduce them. Depending on the scenario, security incidents, e.g. cyber attacks in the form of APT or phishing, can expose confidential information, enable criminal acts such as extortion and sabotage up to theft of patents. Experienced first responders, or "incident responders," are therefore necessary to ensure that security incidents are handled appropriately, evidence is adequately preserved, and a quick return to normal operations is possible.


DriveByte recognizes the globally established NIST standard for security incident response as a frame of reference for its own services. Incident response can be summarized into seven phases:

  • Before the incident:
    1. Technical and organizational preparation.
  • During the incident:
    1. Detection and analysis
    2. Containment
    3. Eradication
    4. Restoration
  • Post-incident:
    1. Reporting
    2. Reconstruction

DriveByte's certified and experienced experts are available to assist customers through the above phases, ensuring a speedy return to normal operations through a strictly methodical approach.

Your Benefits at a Glance


Guaranteed quick and swift response in case of an emergency.


Dedicated and customer-oriented single point of contact.


Highly qualified and certified entrusted experts.


Vast and various playbooks for different scenarios.

Frequently Asked Questions

Time is of the essence. Contact your dedicated IT support hotline to initiate the implemented incident response guidelines. Your IT department will contact the IT-Security service provider to contain the infection and return to normal operations. It is wiser to call for support one time too often than one time too few.

Yes. Loss or theft of a company-owned IT device could lead to full compromise of company infrastructure and network. It is imparative for the employee to contact IT support and in return alarm the incident response team to quarantine and remotely disable the lost/stolen device.

Emails that contain malicious attachments or suspicious links are called Phishing Emails. These emails are a part of an attack category called Social Engineering and aim to compromise company employees by exposing them to malware or stealing their credentials. In any case, the dedicated IT-Security support team should be contacted to investigate each incident.

You have an IT related emergency? Call DriveByte for a swift response!

Get in Touch

Would you like to learn more about our services or do you have a question for us? Is a contact form too unpersonal for you?

Give us a call instead:

 +49 941 38107840

Please fill out the contact form. We will process your request as soon as possible and get in touch with you.

I have read the Privacy Statement. I agree that my details and data will be collected and stored electronically to answer my request.