Overview

---

Incident Response services help organizations secure their networks by constantly monitoring network systems for malicious activity.

Silent Breach's 24/7/365 managed IR services are designed to effectively respond to today's evolving threats before they impact your business.

Our analysts implement the following IR Life Cycle to enable your organization to detect and respond quickly and effectively to a wide range of cyber threats.

Preparation Is The Best Defense

---

Setting Up Security Configurations

A number of steps help you prepare for an incident while safeguarding access to sensitive parts of your application, including:

Deploying a WAF

Configuring access control policies

Security orchestration

Testing For Weaknesses

The next step is to test for any soft spots that could be exploited. This is usually done with a penetration test. Afterward, security policies and access controls settings can be readjusted to address soft spots identified by the testing.

Detection & Analysis

---

Once deployed, your security measures will inspect and filter all incoming web traffic. In the event of an incident, they'll block any malicious request, issue an alert and document details about the attempt in an aggregated security log.

Here, relevance and granularity are key. Having access to a detailed security event description, you'll be able to understand incidents and provide the most appropriate responses.

Depending on the WAF, evidence can be collected and presented in real-time, enabling a nearly instantaneous, data-driven response to any attack attempt.

Additionally, Silent Breach offers a free attack-surface monitoring tool, Quantum Armor, that provides near-live insight into a number of cybersecurity KPIs.

Containment, Eradication & Recovery

---

It is important to contain the breach as soon as possible to prevent any spread that may cause further damage to your business. This is done by disconnecting the affected devices from the internet and/or internal network. At this point, back-up systems should be made available to help restore business operations.

We'll then proceed to update and patch your systems, review your remote access protocols, change all user and administrative access credentials and harden all passwords.

Once the incident is successfully contained, our engineers will find and eliminate the root cause of the breach.

Then, our digital forensics team will collect any court-admissible evidence, when applicable. Our experts can retrieve both live and deleted data, internet history records, email communications or hidden log files using state-of-the-art tools.

Finally, we will restore all affected systems and devices back into your business environment. During this time, it's important to get your systems and business operations up and running again without the fear of another breach.

Post Incident Activity

---

Learning from the incident response is a five-part process:

Encourage feedback from responders at every level. First, second and third line SOC operators and incident handlers each have a unique perspective that must be incorporated into future response playbooks.

Review all relevant documentation to ensure compliance. This includes organizational policies or regulatory mandates to ensure any disparities are addressed in future playbooks.

Chronicle any unanticipated or unusual events to extend procedures to mitigate similar occurrences in the future.

Annotate enhancements to existing processes that were identified during the incident response cycle.

Designate a business unit or individual to be responsible for making necessary changes to existing playbooks, processes or procedures and to distribute these to stakeholders.