If your organization experiences a system breach or data compromise, we provide services to recover data and services, and determine the root cause of the problem. We’ll then help you fix those causes and plug the holes in your network or processes, to reduce risk of future compromise.

Incident Response

Even though you Hunt your Hardened network, it’s pretty likely that an information breach of some sort will occur 1, no matter what your organization does, no matter how large or small your organization is. Attacks like Ransomware target organizations of all size, from the smallest dentist’s office to the largest corporation, and these attacks have been very successful of late. But a breach doesn’t have to consist of an attack from outside your organization—it can simply be an employee accidentally emailing unencrypted Protected Health Information (PHI). With any breach, you’ll need to have an Incident Response capability to recover.

Haight Bey will help you develop a customized Incident Response capability, practice its execution, and rapidly engage it during a breach. Examples of response capability include:

By practicing the Incident Response plan during normal operations, you’ll be prepared for any contingency and be able to provide service to your customers at all times.

Reconstitution

Once we’ve contained the attack, it’s time to Heal your network. We’ll knock the attacker out of your network, and ensure they never get back in. If the breach occurred because of internal users, we’ll identify any flawed processes and help you work to improve them. We’ll take stock of any lingering vulnerabilities in your systems, and help you develop a plan to remediate those flaws, to eliminate those attack vectors. We’ll help train your staff—especially your Hunter—to recognize the signs of the attack and hone your internal “human detection system”. We’ll take lessons learned from the attack and improve on the Incident Response plan for more efficient execution next time. Then we’ll enter back into the Harden phase of the cybersecurity cycle, and perform a supplementary Risk Assessment to ensure your information systems represent an acceptable level of risk to your organization.

1: http://www.verizonenterprise.com/resources/reports/rp_dbir-2016-executive-summary_xg_en.pdf