More COMPREHENSIVE yet QUICKER Incident Response
Secrutiny’s Incident Response and Investigation Services deliver effective threat assessment and Incident Response results more quickly, and at significantly lower costs than traditional methods.
Despite constantly evolving hacker tactics, many Incident Response Engagements continue to rely on signature-based antivirus or known threat intelligence in the form of indicators of compromise (IOCs) that cannot detect new, unknown and zero days threats and certainly cannot detect stolen user accounts or lateral movement.
Today’s incident handlers must hunt for unknown or anomalous signs of breach that go beyond malware without relying on ineffective signatures, IoC’s or a well-defined starting point.
Secrutiny Incident Response Services
Secrutiny’s Incident Response Services provide remote and on-site investigation within hours of engagement to reduce the impact of an incident on your organisation.
A two-phased approach is used to broadly examine the network as a whole to identify a much smaller set of ‘systems of interest’ that are analysed more deeply in the second phase.
The first phase begins with collection of information from the entire estate. Metadata collected from endpoints via an agentless analytics system is baselined and analysed for usage patterns, statistical anomalies, user behaviour, and vulnerabilities to determine the scope of the incident and identify ‘systems of interest’.
The ‘systems of interest’ are examined in greater detail, including binary analysis, memory analysis, and automated timeline reconstruction. Where appropriate, forensic data may also be utilised, including master file table records, event logs, registry hives, memory snapshots, change journals, logs, and other sources.
As new data and insights are learned, the investigation may expand to additional systems of interest and reiterate through the process. This process continues until full coverage of the threat has been discovered and examined.
Secrutiny Incident Response Flowchart
Enter your name and email address to request a copy of our Incident Response flowchart.