Incident Response

The SpearTip Difference – Our Incident Response Methodology

WHEN YOU’VE BEEN BREACHED, OUR CYBER HUNT TEAM WILL:

Identify security gaps
Investigate possible threats
Search for unknown malware

ONCE WE HAVE DIAGNOSED THE BREACH, OUR TEAM WILL:

Isolate the threat
Retrieve and reverse-engineer the malware in your network
Identify and quarantine compromised systems

ARE YOU PREPARED TO RESPOND? FIND OUT, WITH SPEARTIP’S

BREACH ASSESSMENT

Adversary Cyber Hunt > Redefining Incident Response

Find out how long they’ve been inside your network and stop the clock TODAY.

EXPERIENCING A BREACH OF YOUR INTERNAL SYSTEMS?

CONTACT SPEARTIP TODAY.

First Name*
Last Name*
Company*
Email*

Phone*
Lead Source*
Comments
This field is for validation purposes and should be left unchanged.

This iframe contains the logic required to handle Ajax powered Gravity Forms.
Incident Response Checklist

While this checklist is far from all-inclusive, it’s meant as an idea starter for your company and your cyber security team. Below are a few critical measures to consider, should you discover or seriously suspect a breach.

DON’T POWER DOWN

The natural reaction to a breach is to immediately power down the infected device or system. Cutting the power could mean disaster. Some forms of malware are designed to destroy data and self-destruct in the event of a shutdown. Rather than powering down, remove the network cable.

CALL IN THE PROFESSIONALS

Call SpearTip immediately. Sure, this sounds self-serving, but enlisting a third party is the smartest move you can make. We will efficiently and effectively mitigate the breach. Plus, bringing in outside experts gives you added credibility in the event of legal action.

HAVE A STRICT CHAIN OF CUSTODY

Prepare for the worst, which means legal action. Keep a detailed list of everyone who comes in contact with the breached computer or system and what they do. You need to demonstrate that you handled the breach appropriately in the eyes of the law.

TREAT THE BREACH LIKE A COMMUNICABLE DISEASE

Once we have identified the breach and quarantined the system or machine, you will want to keep everything away from the problem until the problem is fully mitigated. One false move could cause the breach to spread.

MAKE A LIST AND CHECK IT TWICE

Make a list of all current and former employees who could have accessed the system. Also include all vendors and outside parties with access. Sadly, many of the worst breaches are “inside jobs.”

KNOW WHO TO TELL AND WHEN TO TELL THEM

Most states now have laws that mandate time periods for informing necessary parties about the breach. Know the laws and know when to bring in the lawyers.

CALL IN THE “SPIN DOCTORS”

Never try to handle damage control on your own. PR professionals can help you with talking points and media relations if you get to that point. One poorly stated phrase could cost your organization thousands or even millions of dollars. Watch every word you say.

UNDERSTAND THAT A BREACH EFFECTS MORE THAN YOUR ORGANIZATION

You’ve been breached and you’re focusing on your organization, but you also need to be in damage control mode. Show empathy to clients and parties with compromised data. Explain what you’re doing to protect everyone effected and how you’re working to remedy the breach.