Incident Response
In the case of a Cyber Attack, call DriveByte!
CERT
On-Demand
A security incident response team, Computer Emergency Response Team or CERT for short, is responsible for conducting a methodical incident response in the event of cyberattacks. Typically, a CERT undertakes the development of action plans for various scenarios and makes decisions about necessary escalations in the event of security incidents.
SOC
As-a-Service
A Security Operations Center, or SOC for short, is a team of subject matter experts in the field of IT security and is responsible for detecting, preventing, investigating and handling cyberattacks. Ideally, a SOC operates in a 24/7/365 "follow-the-sun" model and is thus able to detect anomalies and potential cyberattacks in real time and initiate adequate countermeasures.
What is Incident Response?
Definition
IT incident management or IT incident response, better known as "incident response", represents a proven procedure for handling security incidents. Through previously established measures, security incidents can be detected, but usually only after they have occurred. Therefore, it is necessary to initiate fast and efficient reactive measures in order to avoid further damages and consequences or to reduce them. Depending on the scenario, security incidents, e.g. cyber attacks in the form of APT or phishing, can expose confidential information, enable criminal acts such as extortion and sabotage up to theft of patents. Experienced first responders, or "incident responders," are therefore necessary to ensure that security incidents are handled appropriately, evidence is adequately preserved, and a quick return to normal operations is possible.
Approach
DriveByte recognizes the globally established NIST standard for security incident response as a frame of reference for its own services. Incident response can be summarized into seven phases:
- Before the incident:
- Technical and organizational preparation.
- During the incident:
- Detection and analysis
- Containment
- Eradication
- Restoration
- Post-incident:
- Reporting
- Reconstruction
DriveByte's certified and experienced experts are available to assist customers through the above phases, ensuring a speedy return to normal operations through a strictly methodical approach.
Your Benefits at a Glance
Immediate
Guaranteed quick and swift response in case of an emergency.
Personal
Dedicated and customer-oriented single point of contact.
Experience
Highly qualified and certified entrusted experts.
Readiness
Vast and various playbooks for different scenarios.
Frequently Asked Questions
Time is of the essence. Contact your dedicated IT support hotline to initiate the implemented incident response guidelines. Your IT department will contact the IT-Security service provider to contain the infection and return to normal operations. It is wiser to call for support one time too often than one time too few.
Yes. Loss or theft of a company-owned IT device could lead to full compromise of company infrastructure and network. It is imparative for the employee to contact IT support and in return alarm the incident response team to quarantine and remotely disable the lost/stolen device.
Emails that contain malicious attachments or suspicious links are called Phishing Emails. These emails are a part of an attack category called Social Engineering and aim to compromise company employees by exposing them to malware or stealing their credentials. In any case, the dedicated IT-Security support team should be contacted to investigate each incident.