Scope of provided service.
V4ensics incident response service is an information security service, which helps v4ensics customers:
- Realize the extent of a possible information security incident,
- Assess the consequences of the incident,
- Mitigate the incident,
- Ensure business continuity and
- Implement measures to prevent similar future incidents from occurring.
The service aims to assist you contain an information security incident, reduce its impact, and facilitate the remediation processes in order to prevent incident escalation and further organizational exposure.
Nowadays, due to the continuous digitization of products and services, information security incidents can potentially disrupt many processes within an organization and have cascading effects that can impact other sectors within the organization or outside entities, which interact with an organization (customers, suppliers, etc).
Not all organizations are prepared to handle a simple information security incident, let alone an incident involving advanced and escalating attacks (denial of service attacks, ransomware, etc).
V4ensics dedicated incident response experts, upon being notified by an organization on an information security incident, will immediately engage the incident, cooperate with an organization’s responsible entities, and systematically try to mitigate the incident, reduce its impact, and allow for business continuity.
Upon initial engagement, V4ensics team interviews the entities within the organization, which are involved in the incident, performs a root cause analysis, and tries to identify the reasons behind the security incident and determine which systems must be initially contained in order to prevent escalation.
In continuance, in collaboration with the client’s teams, V4ensics experts guide and assist in establishing the set of measures that must be applied to contain the attack without affecting potential digital evidence and with the minimum disruption for the rest of the services.
In case a digital forensics investigation needs to be performed V4ensics will preserve all involved pieces of evidence in a forensically sound manner. V4ensics experts tailor the measures according to the organization’s needs, considering various options, such as endpoint and server containment, network isolation, while considering factors such as infrastructure limitations, and business and regulatory obligations.
By utilizing any found indicators of compromise, as well as telemetry from servers and endpoints, and service and device logs, V4ensics’ experts will triage the systems to accurately and timely determine the scope of the attack and facilitate quick and efficient remediation.
In case a data breach is found, V4ensics team will try to assess the potential extent of the breach. If the nature of the leaked information can be identified, then V4ensics team will communicate relevant findings to the organization’s responsible entities and recommend, if applicable, that a digital forensics investigation is conducted, and that the organization should examine the possibility of being obliged to notify the corresponding authorities (ex. competent data protection authority).
Finally, a detailed report of the handled information security incident will be prepared, which will contain a detailed list of performed actions, as well as findings, indicators of compromise and recommendations, which will be targeted to all relevant stakeholders of the organization. The report will contain varying technical details to cater for the needs of the executive, legal, and technical teams of the organization.