Incident response to Computer and Cyber Security events is one of KOMODO’s main services and areas of expertise. Our team’s experience encompasses investigating large-scale intrusions performed by advanced threat groups. KOMODO’s experts utilize their proprietary tools and techniques that allow them to:
- Identify the actions of the attacker
- Assess the scope of the compromise as well as the data losses
- Define the steps required to remove the attacker
- Define the approach required to re-secure the network.
KOMODO’s consultants have performed investigations of a multitude of Incidents involving
- Sensitive data theft from industry, military and governments.
- Fraud events including Payment Cards, cash transfers and insider fraud attempts
- Internal investigations including systems used by employees, board members and other insiders suspected of inappropriate or unlawful activity.
We help organizations recover from a computer security event while minimizing the impact of the event on the organization. Our methodology includes several steps:
LEARN THE FACTS
Initially we must gain basic understanding of the situation, this includes: What happened? how it was detected? what data do we have about the event? what steps have been taken? how does the environment look like?
OBJECTIVES AND SCOPE
Next, we understand what the customer’s goal is, this may be anything from identifying assets compromise through to recovery, identify attackers and vectors.
Utilizing forensic procedures and tools, our consultants collect information and document evidence handling with chain-of-custody procedures to adhere to law and regulative standards.
Based on the evidence that is available and the customer’s objectives our team of experts will utilize a range of capabilities including log analysis, malware analysis and forensic imaging to determine the attack vector, establish a timeline of activity and identify the extent of the compromise.
KOMODO believes that a proper incident investigation requires management support and understanding to go side by side with the technical and investigative skills. During each investigation KOMODO works closely with the company’s executives to provide detailed, structured and frequent status reports that communicate findings and management to make the right business decisions.
One of the most important steps following a compromise, is implementing what was learnedcontrols and remediatinglearning frm pasat experiences. Remediation plans vary deeply and depend on the extent of the compromise, the size of the organization and the tactics/objectives of the attacker. As part of an investigation KOMODO delivers a comprehensive remediation plan and assists with the implementation.
KOMODO provides a detailed report at the end of every engagement that addresses the needs of multiple audiences including senior management, technical staff, third party regulators, insurers and litigators.