What to do when things go sideways.
You can trust MIL’s Blue Team to be by your side if your company runs into a computer security breach. Our incident response/management efforts will quickly halt the breach, exploitation, or spillage, and then assess the damage done in an effort to minimize the adverse effects and restore the network/system to a positive state. We make sure any issues created by an attack on your preventative measures are handled by our incident handling team.
In line with the SANS institute, one of the preeminent training sources in the information security field, we handle incidents in six efficient steps:
- Prepare – Take preventive steps and have a plan and a team that can hit the ground running when an incident occurs.
- Identify – Figure out if an incident has actually occurred and quickly estimate the scope of damage done.
- Contain – If it’s clear something has happened, you need to contain the problem by isolating it (take systems offline, disconnect from your network, shut down, unplug).
- Eradicate – Once the team has identified and contained the problem, it’s time to fix it – patch the hole, remove the malware, fix the corrupted files, etc.
- Recover – Once the dust settles, data files may need to be restored, vulnerability scans run to ensure no other weaknesses are lurking, systems brought back online, among other restorative steps to get your business back to normal.
- Learn – Now is the time to look back and assess your team’s performance. Quantify and document all of the lessons the incident has taught you (both positive and negative). This is the opportunity to tighten your controls, strengthen or expand your portfolio of preventative measures, and improve your response and handling preparations in preparation for your next incident or security event.
MIL’s Blue Team has SANS-certified incident handlers readily available at all times. These technical specialists are trained to detect, respond to, and recover from a variety of computer security incidents—from intruders on the network to deeply entrenched malware.
While Red Team operators and real-world attackers work to circumvent security and gain access to systems, incident responders are trained to:
- Detect their presence
- Take appropriate actions, and
- Restore systems back to a secure state
Let MIL assist you in tailoring an incident response plan for your organization. We can also validate your existing cyber incident response plans using exercises that facilitate both familiarization with the policies, processes, and procedures, while validating the order and functionality of the detailed steps.