Incident Response And Forensics

Today’s security breach is more targeted towards data exfiltration which in turn leads to loss of reputation, legal issues and huge financial loss for an organization. The key to containing such security breaches is by identifying them at their early stages and provide quick response to minimize the impact.

Isecurion's Security Incident response team helps organizations in containing and eradicating these security Incidents and gather forensic evidence for legal and contractual requirements. We also help organizations in establishing their own Incident response and forensics program with Emergency response capabilities.

  • Access the situation faster and provide update to client and stakeholders to build their confidence.
  • Immediate containment measures to limit the impact.
  • Investigation of root cause and immediate remediation support.
  • Evidence preservation for legal and compliance requirements.
  • Save time, effort and resources.
  • Get comprehensive report of findings and recommendations
Isecurion's Incident Response and Forensics program is based on a six step process:

Preparation Phase

This phase helps in gathering the necessary information related to existing processes and specific requirements and communication requirements as part of the Incident response.

  • We communicate with client and stakeholders.
  • We communicated with local CERT and legal entities.
  • We provide an incident overview to the local teams.

Detection and Analysis of the Incident.

In this phase our team gathers evidences and information related to the incident for further actions.

  • We determine type of incident and extent of impact.
  • We record incident data in an incident collection form.
  • We backup and preserve the evidence.
  • We capture records of incidents, e.g. auditing log, accounting log, etc.
  • We communicate with senior management and stakeholders to give them clarity of the situation.

Containment of the threats actors in the incident.

  • Our team suggests immediate containment action to help reduce the impact of the Security incident.
  • We assess the risk of continuing operation and if the downtime might exceed the acceptable level and suggestion to initiate disaster recovery plan.
  • We Keep system owner informed of the status to get their trust and make them feel comfortable.

Eradication phase

  • We identify and delete all the malicious content from the affected system.
  • We apply latest patches and fixes to vulnerabilities and incase of 0' day vulnerabilities try and coordinate with the vendors for some temporary workaround.
  • In case of malware incidents we coordinate with the vendors for an immediate update by producing the malware sample.
  • In some case of beyond recovery we suggest to complete system rebuild.

Recovery phase

  • We Perform damage assessment.
  • We help restore damaged components from a healthy backup after testing.
  • We verify that restoring operation was successful and the system is back to its normal operation.
  • We help notify all related parties on resumption of system operation.
  • We keep a record of all actions performed.
  • Keep the systems under thorough observation.

Report and Post Analysis.

The goal of this phase to conduct a session with the Management and involved parties to identify the learning’s.

  • We identify the areas of improvement.
  • We verify the current policies and procedures.
  • We provide details of any legal and contractual obligations.
  • We provide a comprehensive report with recommendations for improvement.

ISecurions’s Forensic Investigation program is based on a five step process:

  • We determining the scope of Investigation.
  • We prepare a comprehensive Investigation Plan.
  • We conduct Forensic acquisition and preservation.
  • We conduct forensic analysis of the data.
  • We provide report and follow-up on the requirements.

A typical engagement depends on the type of incident, during which we work closely with your security, IT, human resources, legal, and compliance teams.