top of page
incident response

INCIDENT RESPONSE

Incident response to Computer and Cyber Security events is one of KOMODO’s main services and areas of expertise. Our team’s experience encompasses investigating large-scale intrusions performed by advanced threat groups. KOMODO’s experts utilize their proprietary tools and techniques that allow them to:

Identify the actions of the attacker

Assess the scope of the compromise as well as the data losses

Define the steps required to remove the attacker

Define the approach required to re-secure the network.

KOMODO’s consultants have performed investigations of a multitude of Incidents involving:

Artboard 1 copy 10-8

SENSITIVE DATA THEFTS

Industry, military and governments.

Artboard 1 copy 11-8

FRAUD EVENTS

Payment Cards, cash transfers and insider fraud attempts

Artboard 1 copy 12-8

INTERNAL INVESTIGATIONS

Systems used by employees, board members and other insiders suspected of inappropriate or unlawful activity.

OUR APPROACH

We help organizations recover from a computer security event while minimizing the impact of the event on the organization. Our methodology includes several steps:

LEARN THE FACTS

Initially we must gain basic understanding of the situation, this includes:
What happened? how it was detected? what data do we have about the event?
what steps have been taken? how does the environment look like?

OBJECTIVES AND SCOPE

Next, we understand what the customer’s goal is, this may be anything from identifying assets compromise through to recovery, identify attackers and vectors.

COLLECTING EVIDENCE

Utilizing forensic procedures and tools, our consultants collect information and document evidence handling with chain-of-custody procedures to adhere to law and regulative standards.

ANALYSIS

Based on the evidence that is available and the customer’s objectives our team of experts will utilize a range of capabilities including log analysis, malware analysis and forensic imaging to determine the attack vector, establish a timeline of activity and identify the extent of the compromise.

EXECUTIVE BRIEFINGS

KOMODO believes that a proper incident investigation requires management support and understanding to go side by side with the technical and investigative skills. During each investigation KOMODO works closely with the company’s executives to provide detailed, structured and frequent status reports that communicate findings and management to make the right business decisions.

REMEDIATION

One of the most important steps following a compromise, is implementing what was learnedcontrols and remediating learning from past experiences. Remediation plans vary deeply and depend on the extent of the compromise, the size of the organization and the tactics/objectives of the attacker. As part of an investigation KOMODO delivers a comprehensive remediation plan and assists with the implementation.

REPORTING

KOMODO provides a detailed report at the end of every engagement that addresses the needs of multiple audiences including senior management, technical staff, third party regulators, insurers and litigators.

bottom of page