New Services by SEC Defence

The SEC Defence Team is composed of IT security experts who are dedicated to the specialty of Digital Forensics and Incident Response. Their focus is not only on the analysis of the incident, with the offered services they cover the complete incident response lifecycle. Particular attention is paid to preperation, i.e. the preparatory phase, in which we provide our customers with optimal support in preparing for a security incident. With targeted workshops and concrete measures, we evaluate and improve your incident readiness step by step, i.e. your readiness for a security incident and your capabilities for a comprehensive response.

The evaluation of your organization's defensibility is carried out with our Incident Readiness Maturity Assessment (IRMA). In this process, we survey the status quo and examine organizational and technical topics in the various specialist areas - from asset and vulnerability management, monitoring and architecture to incident management and business continuity. Subsequently, in an intensive workshop, suitable and realistically implementable measures are developed to sustainably increase your readiness for and resilience against an upcoming security incident.

Practice makes perfect

Reacting to and dealing with security incidents without prior practice is comparable to trying to land an airplane with burning engines without ever having flown on a simulator before. With the help of the exercise, basic handles, procedures and escalation levels are developed and consolidated. Likewise, major topics such as communication and documentation are defined and trained with a focus on specific scenarios. Because although emergencies naturally differ from each other in details, this forms the basis of the correct and targeted procedure.

War games or crisis planning games on ransomware attacks are currently in particularly high demand due to the steadily increasing proportion of these types of attacks and the damage they cause. We play through a scenario realistically adapted to your company based on discussion and critically scrutinize your reactions and decisions. In this way, we guide you to the best possible course of action and the so-called "aha" moment. Because what may seem simple at first glance can become so complex in reality that either more preparation, including concrete measures, is necessary or alternatives may have to be considered.

However, the complexity of a potentially serious attack such as ransomware affects multiple layers in crisis management. SEC Defence can conduct crisis simulation exercises for the following orientations:

Strategic level for the crisis management decision-making committee
Complex decisions and strategies in dealing with serious security incidents are worked out: "Is paying the ransom an option? Should the attackers be contacted? Is separating an entire (production) site from the group network to secure infrastructure not currently affected and the associated business impact acceptable?"

Tactical level for the emergency organization
The focus is on instruction and coordination of specific actions to operational teams, as well as escalation and communication to the crisis management decision-making body: "At what point does the incident become an emergency or crisis? Who calls these out? Are there defined communication channels or is this determined spontaneously in a chaotic situation?"

Operational level for the various technical teams
Concrete action instructions and decisions are played out at the operational level: "Can specific indicators be searched for in the network? Can identified devices or network segments be effectively isolated? What backups of what technologies are still available for recovery and how long would this take?"

Of course, these levels are not a hard constraint, but are used to guide the direction of the contingency planning game. For the most part, these are conducted at a combination of tactical and operational levels or purely at the strategic level. SEC Defence helps you to define the optimal composition to achieve a successful and helpful workshop. We are also happy to map out special threat scenarios - targeted at your company or industry. Because only practice makes perfect - and prevents serious mistakes in case of emergency.

Do you know the attacker on the network?

The serious detail to start the incident response process is detection. Because without the detection of an attack, no response to it will be started for analysis and remediation. But how do you know if there is already an attacker in the network? With targeted Compromise Assessments, SEC Defence specialists hunt through your network for suspicious activities and indications of attacker activity. Two procedures can be applied. Individual systems can be searched in detail, which is recommended after a pentest has identified a high-risk vulnerability. Or larger network segments can be scanned broadly for specific indicators of current malware, industry-specific advanced attackers (APT), or concrete threat scenarios specified by you.

If a compromise is identified, you will be notified immediately to start the incident response process. Our SEC Defence specialists can then provide you with straightforward and rapid support for analysis and remediation. Even in the ideal case, i.e. if no compromise of your systems has been detected, you will of course receive a detailed report with our analysis results and our assessment of your threat situation. With Compromise Assessment, you can find attackers before they reach their targets or make themselves comfortable in your network.