Emergency Response
Dynamic threat landscape
When your organization is experiencing a cyber-related incident, Cisco Talos Incident Response (Talos IR) can help. We engage quickly to understand the situation, address immediate concerns, and analyze the threat. Talos IR Emergency Response investigations identify the adversary actions taken, provide guidance for containment and remediation of the incident, and provide recommendations for improving security posture and creating a long-term strategy for stronger defense.
Deep experience and real-time access to Talos intelligence allow for a technology agnostic approach for rapid triage, coordination, and execution in critical response – when minutes and seconds matter for a quick, effective business recovery.
Different threats require different responses
Your organization’s risk tolerance, observed threats, and the specific characteristics of an incident combine to create a unique situation requiring a tailored solution approach.
While every situation is different, our mission is the same:we work with you to coordinate, develop, and deliver the information and answers you need to securely recover business operations as quickly as possible for threats of all types.
What does this include?
-
Triage:
Assess the current situation to initiate and design a response strategy. -
Coordination:
Tracking status, action items and compiling intelligence updates to ensure incident handling standards. -
Investigation:
Understanding the scope of the attack by deploying the necessary tools, automated and manual log analysis, digital forensics, and reverse engineering malware. -
Containment:
Removing the ability for the adversary to continue moving freely in the environment. -
Remediation:
Expert guidance on containment and remediation of malware, tools, artifacts and other remnants of the attackers. -
Final report:
Upon completion, a robust incident report is generated that includes an incident summary, recap, findings and recommendations.
Emergency Response case study
-
Challenges
- The customer’s Remote Desktop Protocol (RDP) was open to the internet, even after attempts to close known vulnerabilities.
- Adversaries exploited a known vulnerability and deployed ransomware, crippling the corporate network and causing considerable downtime for the company and their customers.
-
Solutions
- Customer had an existing Talos IR retainer. As such, CTIR responded within one hour.
- Collaborative response team included: Talos IR, legal, PR and key security product business units to assist the customer beyond simple threat remediation.
-
Outcomes
- Customer recovered a week quicker than if they had not had a retainer in place.
- Reporting highlighted remaining gaps in their security posture and a strategy to address them.
- Collaborative response strengthened security team’s relationship with the executive team.
Interested in this service?
Reach out to your account team or contact us below.