Back to: End-Point Security & Threat Hunting

Windows Incident Response

Do you believe your Windows system or network has been compromised? We provide services to help you identify potential compromises and help clean them up!
Base price for variant $250.00
Sales price $250.00
plus delivery
Sales price without tax $250.00
Discount
Tax amount
Price / kg:
Description If you believe a windows system in your environment has been compromised and your organization needs to consult with security professionals we can help.

With over a quarter century providing information technology and security services, we can help you with the following:

  • Identify Affected Systems

    We will work with you and your business to identify potentially affected systems and, symptoms of a potential compromise. At this stage, crucial information will be collected such as: date / time of first occurrence, segment, dept. operating system and patch version, function, and other details pertinent to the investigation.

  • Incident Response

    Collect information from the affected system(s) and, log any important information such as dates, times and any IOC's / TTP that have been discovered. This can range from attacker patterns, IP addresses, tools, etc. All this information will then be logged.

  • Containment

    Once the IOC's / TTP's are identified what is available during our investigation will be blocked and, contained. This way if the attack is on-going it will not affect any other systems, network segments or endpoints. This can range from file, domain, e-mail and other blocks.

  • Threat Hunting

    Once we have determined IOC's / TTP's from the previous steps, we will take this information and create a threat hunt for your entire environment. This is so that we can determine other machines that may have been affected and, where the attack has potentially originated from. At this point there is the availability that other systems may be placed into quarantine.

  • Reporting

    A comprehensive report will then be generated to help you identify how and why the attack had taken place as well as what steps can be taken to prevent future events from occurring. This document will contain high level information such as blocking, vulnerability details, patching, containment and repeatable steps to hunt / search for and contain similar attacks.

  • Cleanup

    If needed we will work with the business and present all findings to help build better images to assist with wiping / restores. This will assure that images uses for re-imaging a system will not contain the same lapses in security that the affected systems fell victim to.

  • Training & Education

    We can also provide training to both your users and your security team to help identify and respond to similar incidents. In addition to which we can also help create run books or, SOP's to assist with responding to and containing security related alerts or incidents. While our focus for these services are strictly related to Windows we have a broad range of security knowledge to assist with Linux and, MacOS.

  • Tools

    Regardless if you have sufficient logs, or log everything. Our expertise includes but is not limited to: Splunk, Azure, Crowd Strike, Palo Alto, Wireshark, and more! We also utilize custom written tools for threat hunting and discovery.

YOU MUST BECOME A MEMBER TO VIEW OUR CONTENT. To Become a member please click here

Reviews

There are yet no reviews for this product.

Login Form