Red Team Response
CIS is focused on helping small to medium sized organizations and corporations address, mitigate and recover from computer and network security events without major interruption to the operations of the organization. Because of investigative mindset we understand the mindset, motives, techniques, tools and attack platforms that cyber criminals are using today to attack corporations and the small to medium sized business market.
Assessing the Threat
Each investigation begins by gaining an understanding of the current situation that has caused alarm. How was the issue detected? What data has been collected or available? What steps have been taken to mitigate the situation? What does the network environment look like? What are the goals of the corporation? What are the public relations considerations? What are the legal land regulatory requirements?
Understanding the Intangibles
It has been our experience that in most computer and network breaches there are “Key Evidence Facts” beyond the electronic data itself that are key indicators as to the motivations behind the breach. Whether that is key intelligence, valuable data, insider threats, competitor advantage, or personal motivations these additional clues can be invaluable in understanding who the threat actor is, their skill levels, and probable methods of attacks.
Gathering The Evidence
Our trained professionals know where to look for the right evidence and how to gather and document that evidence with the understanding that your case may have to be defended or presented in a court of law. For that reason we adhere to standard practices of gathering and handling evidence with a chain-of-custoday and evidence integrity in mind.
Evaluation Of The Threat
Based on the evidence recovered our professionals utilize their investigative, forensic and analytical skills to determine:
- Which hosts have been compromised?
- What is the threat to business operations?
- What are the timelines of the threat?
- What was the attack vector?
- What is the damage to the Corporation?
- What steps need to be taken to remove the threat?
Develop Remediation Plans
Developing countermeasures and remediation plans should be done in conjunction with the goals of the investigation. Remediation plans can vary dramatically dependent upon the scope of the compromise, the goals of the organization and the tactics/objectives of the attacker. As part of our investigation CIS delivers a comprehensive remediation plan and assists with the implementation.
Communicating The Findings
CIS recognizes the needs of various audiences within an organization including senior management, technical staff, third party regulators, insurers, litigators and law enforcement. For this reason we document our entire investigation, approach to the investigation, evidence found, recommendations and remediation plans and provide that in a report to the organization.