As a trusted advisor to organizations, I often sit in on presentations from other IT security service providers. One phrase that comes up in pretty much every presentation is “It’s not if you’re going to have a security incident, it’s when”. I think that’s of course true, but an incident means different things to different groups. If you have a SIEM in place and a next-gen AV solution, your incident is very different from someone that is relying on user training and copious amounts of hope as a strategy to avoid phishing attacks.
For an organization with basic logging in place, our role in an incident is to identify other exposed systems and figure out what happened so we can understand what data may have been exposed during the breach. For an organization without logging in place, our role is more advisory, system forensics and helping the organization understand the scope of the breach while guiding them through the process. When you don’t have an audit trail there is so much uncertainty that you can’t be sure of where to end your investigation
Challenges that we typically see from organizations during an incident:
- Rushing to find analysts, forensics or surge support
- Paying ultra-high rates and over-time fees
- Focusing on basic remediation often leading to re-infection
We wanted to provide a solution for organizations that need a parachute in the event of a breach. Something that is low-cost and simple to implement.
- Simple rates and pricing with or without a retainer
- Basic logging that is archived remotely for at least 1 year
- Quarterly or Annual table top exercises to simulate an incident
No matter what stage your organization is at with developing your security program, Threat Informant’s IR ready program can help. Feel free to reach to our team so that we can get started.