When a system is compromised, hit by a malware infection or under a targeted/non-targeted cyber-attack, it is decisive to have an efficient and quick incident response process in place. Unfortunately, not every company has the appropriate resources or skills to face these situations under the best conditions. immunIT can help you mount a comprehensive and structured response during challenging times.
Each security incident has its specifics and needs a adequate response. As for the overall approach, immunIT uses a methodology common to multiple frameworks and codes of practice during its incident response missions.
- Recording and identification of the incident
- Classification of the incident
- Triage of the incident
- Data analysis
- Proposal for action(s)
- Containment, elimination, and return to the initial level of service
- Documentation and closing of the incident
For maximum efficiency, immunIT will work in close cooperation with the in-house operations staff of the company.
Assistance with your SOC/CERT design
immunIT can also assist companies and organizations with the development of their own internal SOC (Security Operation Center) or CERT (Computer Emergency Response Team), in both technical and organizational aspects.
When a computer system is hit by a infection, it is often possible to perform a static and dynamic behavioural analysis of the corresponding malware. This stage may provide some indication about the purpose of the malware, and allows for the definition of indicators of compromise (IOC) that may then be distributed to the rest of the company’s infrastructure.
To conduct its incident response missions, immunIT uses a broad range of tools depending on the matter at hand. For specific needs, immunIT develops its own scripts and tools. We welcome you to contact us if you would like to know more.