Incident Response

Let Pentest People create your Cyber Incident Response Plan and be on hand to deliver assistance in the case of an actual Cyber Attack.

Book a Call

Explore More

Introducing Incident Response

Your business likely has many cyber security protocols to protect your data and systems from attack. But what happens if those protocols fail and you suffer a data breach? Do you have an Incident Response plan in place for such an attack and do you know how to create one effectively?

Here at Pentest People, we have created a CSIRP (Cyber Security Incident Response Plan) using industry-leading techniques and protocols to help businesses in the case of a breach/cyber attack. Let us take the burden of reacting to such an attack, utilising our expertise to reduce the damage and downtime for your business. 

How Our Incident Response Packages Can Help

Our Incident Response Packages help businesses:

  • Eradicate any remnant of the attack
  • Create custom scripts to help you discover vulnerabilities
  • Create an industry-leading CSIRP
  • Discover potential threats through a Dark Web scan
  • Discover threats to any web applications & Infrastructure through a weekly vulnerability scan
  • Train staff through 4 tabletop exercises conducted over 2 days
  • Gain a Pentest People consultant on-site within 48 hours of an attack
  • Gain their own SecureGateway device allowing Pentest People to securely connect to the business’s network in the event of an incident.

Book a Call

Why do you Need an Incident Response Plan?

When it comes to protecting your business, being prepared for the worst is essential. An incident response plan is a critical part of any business continuity strategy, providing guidance on how to deal with unexpected events that could disrupt operations.

An effective incident response plan will help you minimize the impact of a cyber incident and get your business back up and running as quickly as possible

Enquire Now

How Can We Help?

Pentest People’s Incident Response Service gives you the ability to react to a cyber attack with minimal damage.

Once on our retainer service, you’ll gain access to a range of monthly benefits including regular testing and vulnerability scans along with a thorough Incident Response plan for your business with the knowledge that Pentest People would be on-hand amidst any cyber incident concerning your organisation.

Book a Call

Pentest People Breakdown Our Package Options with 3 Key Stages

007-web

Prepare

  • Incident Response Planning
  • CISO Consultancy
  • Capability & Maturity Assessment
  • Process Creation
  • Incident Response Playbooks
  • Incident Response Training
  • Tabletop Exercises
  • Attack Surface Evaluation
  • Ransomware Defence Assessment
021-feedback

Respond

  • Incident Response Preparedness
  • Purple Teaming
  • Digital Forensics
  • Endpoint Investigation
  • Email Investigations
  • Domain Investigations
  • Network Forensics
  • Cloud Forensics
  • Malware Investigations
  • Incident Handling
christmas_holiday_merry_xmas_decoration_22-512

Protect

The 6 Main Steps of Incident Response Methodology

Take a look at the main process of a typical Incident Response Plan

  • Preparation
    This first step is the only one that takes place before an attack and therefore should have a lot of time invested into it. It complies of; defining policies, rules and practices, developing a structured plan for different forms of cyber attacks and readying incident response tools and precise communication plans in place for when an attack occurs.
  • Identification
    The first stage, once an attack occurs. This step requires identification of the cyber attack, making sure the incident is precisely identified as an actual threat and not a false reading, once the scope of the incident is understood we then set up monitoring and analysis of multiple data from endpoints (monitoring activity, event logs, etc.) and on the network (analyzing log files, error messages, etc.).
  • Containment
    Containment consists of reducing the extent of the damage from the incident and preventing further issues. We would limit and ultimately stop the attacker from communicating with the compromised network, creating backups and preserving evidence if the incident is criminal. Finally, we would apply fixes to affected systems and devices in order to allow them to be back online. It means patching vulnerabilities and removing fraudulent accesses.
  • Eradication
    Now the incident is contained, the business needs to begin removing all signs of tampering from their system or any stealth malware that lingers. In many cases, this would require changing all user passwords, applying security fixes and patching all systems however in more critical incidents we would recommend fully reinstalling systems that have been affected, from a safe image, and immediately have the latest security fixes deployed to it.
  • Recovery
    After making all the necessary security patches, its time to bring your system back online or into production. Worth noting that you may need to fully reinstall the Active Directory and change all employees’ passwords, and do whatever possible to avoid the same incident from happening again
  • Lessons Learned
    Once the Incident is over and you can resume operations the lessons learned phase is arguably one of the most important. Your team will meet with ours and review exactly how the cyber attack/breach played out, asking the questions; What have we learnt? What has been difficult? What could be done better next time a similar incident happens? Although no one wants an incident to occur by dealing with one you are strengthening the whole incident handling process in the company.

In Case of an Emergency Incident, Pentest People Offer Reactive Service Packages

007-web

Basic

  • Identify which systems have been compromised
  • Determine which IPs were targeted
  • Confirm the type of attack
  • Quarantine of infected host/network/system
  • Clone Devices if required
  • IOC Gathering – Determine the cause of the attack
  • Implement controls to prevent any re-occurrence of attack
  • Vulnerability Scan
  • 3 Weekly Dark Web Scans
021-feedback

Standard

  • Identify which systems have been compromised
  • Determine which IPs were targeted
  • Confirm the type of attack
  • Quarantine of infected host/network/system
  • Clone Devices if required
  • Offline Analysis of System Logs
  • Identification of Malicious Activity
  • IOC Gathering – Determine the cause of the attack
  • Implement controls to prevent any re-occurrence of attack
  • Vulnerability Scan
  • 3 Weekly Dark Web Scans
christmas_holiday_merry_xmas_decoration_22-512

Premium

  • Identify which systems have been compromised
  • Determine which IPs were targeted
  • Confirm the type of attack
  • Quarantine of infected host/network/system
  • Clone Devices if required
  • Offline Analysis of System Logs
  • Identification of Malicious Activity
  • IOC Gathering – Determine the cause of the attack
  • Implement controls to prevent any re-occurrence of attack
  • Vulnerability Scan
  • Penetration Test 2+1
  • 3 Weekly Dark Web Scans

Book a Call to go Over Our Incident
Response Package Options