Incident response retainers
On-demand access to a specialist cyber incident response team in the event of a cyber incident to quickly detect, contain and remediate the threat.
- Workshops to understand your IT estate and existing incident response policies and procedures.
- On-site and remote response SLAs.
- 24/7 emergency response hotline.
- Real-time virtual communication with a dedicated incident response team.
- Crisis preparedness support where it is needed from board-level to first-responder teams.
- Access to our customised incident reporting templates.
- Any unused retainer hours/days can be spent on other incident response services.
- Access to a range of threat intelligence services and detailed reporting to inform your wider security strategy.
Our incident response retainers are available in three tiers. We pride ourselves in providing the highest level of service, regardless of the tier chosen. We apply what we believe to be three essential qualities across our incident response retainer tiers; fast, effective and expert.
What are the benefits?
- Rapid and effective response to reduce the impact of a cyber security incident.
- Understanding of your organisation across technical, strategic, legal and crisis management priorities.
- Customisable service agreements to suit your business requirements.
- Availability of relevant documentation and data to demonstrate compliance to stakeholders and regulators.
- Rapid access to a wide-range of cyber security, forensic, business advisory and legal experts – all of whom are experienced in working closely together in times of crisis.
We provide a range of services to help businesses improve their own state of readiness and ability to respond to all types of cyber threats:
- Playbook development - Step by step technical and management guidelines for specific incident types, including workflows, roles of key personnel and action plans.
- Forensic readiness - We help you to have the right data available and accessible to thoroughly investigate an incident and inform a containment strategy.
- First responder training - Preparing your technical teams to make critical decisions within the first 48 hours of an incident, including how to monitor and contain an incident
- Crisis simulation - A tailored exercising programme to ensure all teams in your response structure are ready to put your crisis framework and playbooks into action.
- Crisis framework - After evaluating your existing crisis management procedures, we help you develop a set of guidelines to enable an appropriate response to crisis events with minimum disruption to business.
- Threat modelling - Assessing the security of your information assets to help you identify vulnerabilities and understand how relevant threats would navigate your infrastructure to achieve their objective.
- Breach readiness assessment - Helping you to understand your level of legal preparedness to respond to a personal data breach.
- Threat profiling - Identifying the real-world threats you face, enabling you to tailor your preparation efforts appropriately.
What are the benefits?
- Helps organisations to minimise the financial, reputational and operational impact of the breach.
- Teams involved are able to confidently and effectively respond to an incident.
- Security and risk teams have the information and documentation needed to notify regulators and stakeholders in a timely but controlled manner.
- You have a clear understanding of threats facing your business so preparedness efforts can be tailored accordingly.
Post incident review
An independent end-to-end evaluation of an organisation’s response to an incident, from root-cause analysis to evaluating the effectiveness of stakeholder and legal management.
Root-cause analysis – Understanding why this happened
- An analysis of an organisation’s network environment and infrastructure.
- Interviews with key IT stakeholders to document the facts of the incident.
- Preservation and analysis of forensic images or ‘snapshots’ of relevant systems and any log or firewall data.
- Interrogation of log files, system data and incident tickets or logs to establish all of the facts and timelines of the incident.
Incident response and management review
- Evaluating the effectiveness of the response to and management of the incident from both a technical and business perspective and plans, procedures and tools used to respond to the incident.
- Evaluation of the effectiveness of stakeholder and legal management.
What are the benefits?
- Allows organisations to understand why an incident happened and how they can be better prepared in the future.
- Lessons learned from post-incident reviews act as significant catalysts for change in the organisation’s security culture, behaviours and processes.
- Provides an opportunity to assess the efficacy of both organisational and security controls in place to prevent, detect, mitigate, contain and recover from incidents.
- Provides concrete lessons and recommendations for improving incident management.