As experienced incident responders and forensic examiners, we know that the best way for you to recover from a crisis is to manage your response using a structured plan. Our incident response control room solution is pre-configured to respond to common cyber scenarios, so you do not have to spend valuable time coming up with a suitable plan. We can also configure the solution to match your unique incident response plan and playbooks.
Our Incident Response Control Room Service at a Glance
- Incident Response Plans – Select our templated plan from which to manage the control room or have us assist you in configuring a plan that meets your precise requirements.
- Incident Response Playbooks – Our control room consists of numerous playbooks, including ransomware, business email compromise, privacy breach and more. These can be configured to meet your requirements.
- Cloud Solutions – We use industry leading cloud solutions to host our control room service.
- Incident Controllers – Our experienced experts will guide you through the incident, either at your site or from our dedicated control room.
- Forensic Technology Experts – Our forensic technology experts are experienced in responding to incidents such as business email compromise and ransomware, to a legal standard and in accordance with the Privacy Act 2020.
- Specialist Data Breach Software – We use advanced forensic software to examine the source of the compromise and the extent that confidential information has been breached, including Personally Identifiable Information (PII).
- Mandatory Notifications – Our notification services are compliant with the NZ Privacy Act 2020 via either a third-party email tool, a tailored website, postal mail, or our contracted call centre.
- Ongoing Monitoring – We use leading technology to search the ‘Dark Web’ ‘Social Media’ and ‘Credit Monitoring’ to manage your Brand Reputation.
- Post Incident Review – All information captured within the incident response control room can be archived, providing an auditable record of all actions taken throughout the incident. We can also assist you by providing your controllers with specialist training, so they are better prepared should another incident occur.
How does it work?
The incident response control room is hosted in a cloud solution, pre-configured with a templated incident response plan and numerous incident response playbooks. The plan and playbooks are structured in accordance with the National Institute of Standards and Technology (NIST) “Computer Security Incident Handling Guide” as follows:
- Phase 1 – Preparation
- Phase 2 – Detection & analysis
- Phase 3 – Containment, eradication and recovery
- Phase 4 – Post incident activity
Using our cloud hosted incident response control room, we can assist you in managing all phases of an incident.
Incident Response Plan
The incident response plan comprises a series of easy-to-follow tasks. Our incident controllers will assist the response team in responding to the incident in a logical manner. This provides a baseline procedure that can be used as is or customised to suit your organisations specific requirements. The cloud-hosted plan is interactive, allowing for the assignment of tasks to individual team members as well as providing the ability to track completed versus outstanding tasks.
Playbooks are intended to be used to compliment the incident response plan and provide more detailed action items specific to the type of incident that has occurred. For example, you would use a different playbook when responding to a ransomware incident than with a business email compromise. An example of our available playbooks are as follows:
- Data/privacy breach
- Business email compromise (BEC)
- Denial of service
- Supply chain compromise
- Microsoft Exchange Vulnerability