DEFEND continuously monitors the data we receive from your IT for suspicious events. These generate alerts to our SOC analysts, who will investigate and determine what needs to be done next. Often, we’ll have enough data for our SOC analysts to perform a complete investigation. They will then contact you to recommend what to do next to respond to the cyber incident.

Our process of investigation begins with the detection and identification of the incident, which can range from phishing attacks and data breaches to more sophisticated cyber attacks. 

The first step of response is containment, where the affected systems or compromised areas are isolated to prevent further damage and unauthorized access. This may include disconnecting affected devices from the network or implementing temporary access controls.

Next, a thorough investigation takes place to understand the nature and extent of the incident. This involves analyzing logs, conducting forensic examinations, and gathering evidence to determine the cause and potential vulnerabilities that were exploited. It is crucial to involve the appropriate authorities, such as the Information Commissioner’s Office (ICO), especially when personal data is compromised.

Once the investigation is complete, the next phase is eradication and recovery. This entails removing any malicious software, patching vulnerabilities, and restoring systems to a secure state. It is essential to ensure that all affected systems are thoroughly checked before being brought back online.

All our DEFEND packages come with a basic level of incident response to help you with the first step of the response. Our complete Incident Response services are available for more significant breaches to help with remediation and recovery should the worst happen.