The answer to cybercrime: immediate assistance in the event of a hacker attack or preparation for an emergency – the SEC Defence Team’s security experts support businesses in fighting cybercrime.
SEC Defence help businesses to prepare for the emergency of a hacker attack or respond to them urgently. In an emergency the Rapid Response Team will be on the scene within the shortest possible time. Security experts from the areas of incident response, forensics and technical and organizational information security take any necessary urgent measures immediately. Damage limitation, prevention of another attack and the rapid resumption of normal operations take center stage here.
Ideally the SEC Defence Team shall operate preventively and analyses the latest security situation within the framework of workshops and emergency drills. This allows potential weaknesses to be identified early, in order to minimize the probability of an attack and the resultant damage if an attack does occur.
- SEC Defence Service setup for an emergency
- Preparation & Strategy Workshops
- Crisis plan games to simulate cyber attacks
- Handling hacker attacks
- Performing forensic analyses
- Rapid resumption of business operations
The fact that prevention is more effective than reaction is also true in the event of a cyber attack. Your business can be efficiently prepared for IT security incidents through joint workshops. This includes working out a strategy for an emergency and assembling teams of internal and external experts. The focus of our consultants here is on easy-to-implement, resource-efficient, yet effective measures.
IRMA (Incident Readiness Maturity Assessment)
The focus here is on evaluating the defensibility of your organization. The SEC Defence Team assesses the status quo by reviewing the vulnerability management, the monitoring and the architecture up to the incident management and business continuity. This service is concluded with an intensive workshop in which suitable and feasible measures are developed to improve your company's position in the future.
CRISIS PLAN GAMES
Here we run through a realistic attack scenario adapted to your company in order to analyze the approaches and reactions of various departments in the company. In this way, we guide you to the best possible approach in your incident response process. Since complex ransomware attacks require several levels of crisis management, we offer different types of crisis simulation. These levels are not a hard restriction, but serve as a guide and can of course be combined. We will be happy to define the optimal composition together with you.
Complex decisions and strategies in dealing with serious security incidents are worked out: "Is paying the ransom an option? Should the attackers be contacted? Is an entire (production) site separated from the group network to secure the currently unaffected infrastructure and the associated business impact acceptable?"
The instruction and coordination of concrete actions to operational teams as well as escalation and communication are the focus here: "At what point does the incident become an emergency or crisis? Who calls these out? Are there defined communication channels or is this determined spontaneously in a chaotic situation?"
Concrete action instructions and decisions at the operational level are played out: "Can specific indicators be searched for in the network? Can identified devices or network segments be effectively isolated? What backups of what technologies are still available for recovery and how long would this take?"
In Compromise Assessment, we can detect ongoing and potentially past attacks where the attacker has left only a few traces but has not yet been detected by automated security products. Through planned "hunting" activities, abnormal behavior on the network or clear evidence of an attack can be identified. This service is aimed at customers who do not have the ability to proactively detect an attacker on the network themselves. We also recommend it as a follow-up to a penetration test that has uncovered serious vulnerabilities.
DIGITAL SURVEILLANCE SERVICE
With Digital Surveillance Services (DS), we offer our customers a surveillance package that includes continuous monitoring of the public, deep and dark web to find out the following:
- Detect stolen credentials leaked on the internet or dark/deep web
- Discovering confidential data that has been leaked
- Infiltrating hacktivist operations to detect possible planned attacks
- Detect social engineering attacks
- Alerting on threat actors that may be interested in attacking the customer.
This allows us to identify past hacks for which there is no longer any evidence in the organization, but leaked data is still available. Any findings are immediately communicated to the customer so that appropriate action can be taken. This service can currently only be booked as a 3-month package.
The following information is important to the SEC Defence Team:
WHEN did something happen?
WHO noticed the incident?
HOW was the incident triggered?
WHICH urgent measures have been taken so far?
After initial information has been recorded, immediate measures can be recorded and taken. The responsible Incident Response Team for the case is subsequently assembled, which shall immediately begin to handle the incident. The priority here is on the rapid resumption of business operations, processing the attacker’s activities, clearing the network (remediation), and taking correct measures to minimize the probability of another infection from the attacker.
A roadmap is then developed with the client to make the company more defensible against cyber attacks in future.