Incident Response

The Incident Response service allows to investigate the incident in your corporate network.

To reduce the response time and the impact of a breach you must have a proactive approach.
This is why we offer Incident Response Retainer which allows you to establish terms and conditions for incident response services before a cyber security incident is suspected.

With an IRR in place, you have a trusted partner on standby.

Activities flow for Incident Response Service

Technology deployment

Deploy the technology most appropriate for a fast and comprehensive incident response. We simultaneously investigate initial client-provided leads to start building Indicators of Compromise (IOCs) that will identify attacker activity while sweeping the environment for all indicators of malicious activity.

Crisis management planning

Work with executives, legal teams, business leaders and senior security personnel to develop a crisis management plan.

Incident scoping

Monitor real-time attacker activity and search for forensic evidence of past attacker activity to determine the scope of the incident.

In-depth analysis

Analyze actions taken by the attacker to determine the initial attack vector, establish timeline of activity and identify extent of compromise. This can include:

  • Live response analysis
  • Forensic analysis
  • Network traffic analysis
  • Log analysis
  • Malware analysis

Damage assessment

Identify impacted systems, facilities, applications and information exposure.


Develop a custom containment and remediation strategy based on the actions of the attacker and tailored to the needs of the business in order to eliminate the attacker’s access and improve the security posture of the environment to prevent or limit the damage from future attacks.