Incident Response & Forensics
If the preventive measures have not been sufficient and you have become a victim of a cyberattack, we will also help you by means of reactive measures such as forensic analyses, short-term remediation measures and long-term mitigation measures to reduce the risk of corresponding cyberattacks.
- Investigation and Defense
- Court admissible forensics
- Application and improvement of Disaster Recovery Plan (DRP)
- Application and improvement of Business Continuity Management (BCM)
- System and Application Recovery
- Internal & external crisis communication
- Cloud Forensics
- Malware Analysis
We support you in cyber attacks such as: Ransomware, Crypto Trojan, CEO Fraud.
Incident Response & Desaster Recovery
In the event of a cyberattack, we help you take the necessary steps to contain the damage, clean up your systems, and protect you from further attacks.
- Immediate Actions: Notify all relevant persons, isolate systems, disable infected users
- Securing evidence: Back up logs and disks: Images of hard disks and storage media, memory, network logs, snapshots of VMs
- Forensic Analysis: File & disk forensics, memory forensics, network forensics, mobile device management forensics, SIEM
- Cleanup and Recovery: Block C&C IPs, remove malicious code based on forensics, recover systems (qualitative backup concept required), ransom payment?
- Post-Incident Activities: Remediation of vulnerabilities, reporting of attack, lessons learned => risk and vulnerability management and contingency plan.
As part of our forensic analysis, the following components are examined to evaluate how the attackers proceeded, what data they stole, and which systems were affected:
- IT Systems
- Data storage devices (HDD, virtual HDDs, HDD images)
- Checking and, if necessary, adjustment of log storage duration
- Logs (system logs, firewalls, IDS/IPS, WAF, proxy, AV, mail server etc.)
Conduct realistic cyber attack scenarios with us and practice IT crises before they escalate
- Conduct cyber attack simulations based on the MITRE Att@ck Matrix
- Concretize criteria for declaring a crisis: monetary, reputational, ...
- Establish communication to all affected group brands, customers, departments and stakeholders
- Practice cooperation with external interfaces and service providers to minimize impact
- Identify operational weaknesses in crisis management: No strategy to locate attack and establish data integrity during recovery
- Establish immediate response to suspected cyber-attacks
- Define how to deal with ransom demands
- External communication:
- State data protection authority, LKA, BSI, ...
- Public: media, social media
Simulate realistic cyber attack scenarios and manage IT crisis:
- Involve different departments, service providers and stakeholders
- Possible scenarios
- Communication infrastructure failure (MS Teams) / Azure AD accounts
- Ransomware cyber attack Supplier chain attack
- DDoS attack
- Advanced Persistent Threat (APT)
- No briefing of exercise participants in advance
- Context and situation optimized scenarios
- Current state-of-the-art cyber attacks
- External observation by Insentis experts