Dynamic threat landscape
Cybersecurity incidents have become a fact of life. Attackers have unlimited tries to breach your network with innumerable tools at their disposal. When your organization is experiencing a cyber-related incident, Cisco Talos Incident Response (CTIR) can help. We mobilize quickly to rectify immediate concerns and contain the threat. CTIR Emergency Response investigations address underlying and root cause issues, remediating the threat, improving security posture and creating a long-term strategy for stronger defense.
Deep experience and real-time access to Talos intelligence allow for rapid triage, coordination and execution in critical response – when minutes and seconds matter for a quick, effective business recovery.
Different threats require different responses
Your organization, threat, risk tolerance, and specific incident all combine to create a unique situation that requires a tailored approach to resolution.
While every situation is different, our mission is the same: we work with you to coordinate, design and deliver business recovery as quickly as possible.
What does this include?
Assess the current situation to initiate and design a response strategy.
Tracking status, action items and compiling intelligence updates to ensure incident handling standards.
Understanding the scope of the attack by deploying the necessary tools, automated and manual log analysis, digital forensics, and reverse engineering malware.
Removing the ability for the adversary to continue moving freely in the environment.
Expert guidance on containment and remediation of malware, tools, artifacts and other remnants of the attackers.
Upon completion, a robust incident report is generated that includes an incident summary, recap, findings and recommendations.
Emergency Response case study
- The customer’s Remote Desktop Protocol (RDP) was open to the internet, even after attempts to close known vulnerabilities.
- Adversaries exploited a known vulnerability and deployed ransomware, crippling the corporate network and causing considerable downtime for the company and their customers.
- Customer had an existing CTIR retainer. As such, CTIR responded within one hour.
- Collaborative response team included: Talos IR, legal, PR and key security product business units to assist the customer beyond simple threat remediation.
- Customer recovered a week quicker than if they had not had a retainer in place.
- Reporting highlighted remaining gaps in their security posture and a strategy to address them.
- Collaborative response strengthened security team’s relationship with the executive team.
Interested in this service?
Reach out to your account team or contact us below.