360
Information Security

Security Incident Response

Introduction

Since the widespread adoption of public Internet connections in the mid 1990’s there has been a steady movement to open up IT systems and silos to customers, suppliers, and partners. It has been proven by UPS, Fidelity, and Cisco that doing so can facilitate lower cost of sales, boost customer satisfaction, and access new markets for your products and services. For many companies the online self-service portal, supply chain extranet, and outsourced help-desk are now essential components contributing to the success of their business.

However, with greater accessibility and openness comes increased risk to both your own corporate data, and those same customers, suppliers, and partners. Globally, incidents of security breaches are increasing. The pragmatic CIO understands that an acceptance they will eventually suffer a breach, is the first step towards recovery. The next action is to ensure that a plan is in place for dealing with this inevitability.

We are experienced in pre-incident planning, vulnerability removal, and post-incident investigation for clients that have suffered from sophisticated industrial espionage, extortion attempts, delinquent insiders, and random hackers. In our time spent managing security at the worlds largest ISP, we have seen more incidents than most.

The security response service will ascertain how the breach occurred, secure it, evaluate the extent of the damage, and attempt to identify the origin of the individuals involved. With consultants working in the field of security since 1995, we offer superior depth of expertise and discretion.

Approach

We understand that every business and industry is unique and that every project will require a tailored approach. Our success formula is based on listening to individual client needs, and from this, building an effective delivery framework from a vendor neutral position.

We believe success in business is built on relationships that are founded on trust, clear lines of communication and coordinated action, supported by technology. It is your business and we believe in providing the complementary skills, approach and tools to deliver against your objectives while ensuring you retain control over what is happening. As a result, we enjoy repeat business from satisfied clients who endorse our reputation as world-class professionals by getting us to do what we do best, deliver.

Our first task is to ascertain precisely what you expect from the engagement, and to clarify these requirements before documenting them. The deliverable will vary, however a final report will always be prepared by a qualified and experienced consultant at the end of the engagement.

Hands-on activities may comprise of investigating the breach mechanism, purging contaminated systems, hardening replacement infrastructure, and introducing measures to monitor integrity going forwards.

People

Our consultants are experts, having worked previously in senior security roles for the worlds largest and most successful ISP. With an estimated 70% of the Internets traffic passing over their network, they deployed and managed thousands of systems securely for blue-chip Times Top 100 and Fortune 500 customers. We have advised a number of public bodies including the Financial Services Authority and the Criminal Intelligence Units of a major UK police force. Staff are highly referenceable via previous engagements with top 5 Investment Banks, Telcos, Security vendors and ISVs.

All our consultants have previously occupied positions of responsibility within organisations where the buck stopped with them for security management.

Research & Technology

In order to keep abreast of the latest developments in attack and defence technology, we carefully monitor security newsgroups, mailing lists, web sites, and chat rooms. In addition to this, we operate a number of Internet connected systems in the UK and abroad, each of which records hacker scanning and infiltration attempts against OS and popular 3rd party applications. During the execution of our duties we routinely use a mixture of open source, commercial, and in-house developed tools.

Deliverable

Our reports are written to be understood and acted upon by our clients. They are approachable, pragmatic, and unambiguous. Each is broken into sections you would expect to find in any high quality management report. This allows the CIO, the Network Manager, and Technician to immediately turn to the chapter they need to carry out their job effectively. Our consultants are available to explain the reports findings via conference call or in person.

Where hands-on technical implementation work is required, we clearly explain and document how and why changes are implemented and welcome observation by the clients own authorised IT staff. The aim of an engagement is to tackle the immediate needs of the business and leave our client in better shape to meet any future incidents.

Conclusion

Sooner or later all organisations experience some breach in security, be it a virus entering by floppy disk, an Internet worm, or the result of a determined and skilled hacker. Responsible organisations are prepared and are familiar with the appropriate steps to be taken before, during, and after the incident. We can supply the experience you need to regain control and recover from such incidents quickly.

As part of the Security Response Services we;

  • Prepare an incident response plan.
  • Understand quickly what happened.
  • Take remedial action & prevent incidents recurring.
  • Return critical systems to an operational state.
  • Reduced exposure to risk for your business.
Our clients