Cyber Security Incident Response Team

Our Cyber Security Incident Response Team Services (a.k.a Cyber SWAT)

Our Cyber Security Incident & Emergency Breach Response Team services are comparable to an insurance. We are always nearby to support you during an unfortunate emergency, accident, or negative unforeseen event. Our team is composed of cyber security experts with long-lasting experience in both cyber security defense and offense.

Having worked on hundreds of security assessments and penetration tests, incident responses, and breach root cause analysis for companies in various sectors, wizlynx group is the perfect partner to rely on and ensure your critical systems are recovered in the shortest time possible.

Under attack? Get help now!

wizlynx group’s Cyber Security Incident Response Team (also known as Cyber SWAT Team) can be called to investigate and handle various type of cyber security incidents & attacks, including, but not limited to:

Insider Threats

Malicious actions performed by employees, 3rd parties, contractors, etc.

Destructive Attacks

Attacks aimed at destroying your information or information system(s) beyond repair

Extortion and Ransomware

Social Engineering techniques and malware specifically created to make you pay

Malware Infection

Software intended to damage your assets, seeking to take partial control over its operation, or spreading across your network

Web Attacks

Attacks that target your website and web applications that are externally reachable

DDoS Attacks

Attacks that attempt to make your online services unavailable or hide a real ongoing attack.

Our Cyber SWAT Team can investigate cyber security incidents onsite or remotely, as well as in any type of environments including Industrial Control System (ICS) and Supervisory Control and Data Acquisition (SCADA).

Our Cyber Security Incident Response Methodology

wizlynx group is focused on helping organizations recover from cyber security incidents, while minimizing the impact of the incident on the organization, and ensuring the initial attack vector is not re-used at a later stage. That is why wizlynx group uses a proven and vetted methodology inspired by the SANS Institute’s Incident handling procedure.

Preparation

Containment

Eradication

Recovery

Lessons Learned

Preparation

Through an initial onsite assessment performed at the start of the subscription, our specialists get to know your team, processes, and infrastructure, gathering any information needed by the SWAT Team to promptly respond to an incident. This phase will give the proper reconnaissance to our SWAT Team to be ready to handle incidents. The initial onsite assessment is strongly recommended but optional - and is available as add-on service. Our initial onsite assessment can be supplemented by a quarterly check-in call service which ensures we are staying up-to-date about your circumstances.

Containment

This phase is called “stop the bleeding” phase, since its primary goal is to prevent the attacker from getting more information from the compromised system, from causing further damage, or spreading to other systems. Containment methods can vary based on the attack scenario and availability requirements of the affect system.

Eradication

The determination of the cause and symptoms of the breach will greatly help during this phase to ensure appropriate measures are taken and to prevent the vector of compromise from being reused at a later point. We will also ensure any cybercriminal’s artifacts are properly removed from the machine. This phase may include:

Vulnerability analysis
Restore from backup
Malicious software removal
Defense improvement
And more…

Recovery

The purpose of this final phase is to put the affected systems back into production in a safe manner. It also includes monitoring of the system for suspicious activities that may indicate the return of the attacker. Finally, indications about mid- and long-term remediation are provided to the owner of the attacked system.

During all incident phases, the wizlynx group SWAT Team will be coordinating all incident response tasks, with the objective of restoration to normal state. The exact scope of the responsibility is agreed upon upfront with the customer and dependent on the individual business model. We typically coordinate all internal and external subject matter experts, with the supreme objective of resolving the incident as fast as possible, while minimizing damage to the business. Supporting resources may include the customer’s subject matter experts for the various departments, but also our partner network of:

Lawyers specialized in IT laws and data privacy
Forensic Specialists
Media and Press Specialists for Reputation Management

These partners are included situationally after consultation with the customer.

Lessons Learned

wizlynx group Cyber SWAT Team will document each step of the investigation in a report in the attempt to answer the following questions:

What was the attack vector(s)?
Which systems or applications were com-promised?
What malicious actions were performed?
What are the damages?
What lessons learned must be applied to ensure such incident does not reoccur?

Our Cyber Security Incident Response Report

Our final testing report will include the following sections:

Executive Summary

Investigation summary providing the key points and findings about the attack and steps taken to resolve the incident.

Detailed Investigation

Detailed documentation on all steps taken during the containment, eradication, and recovery phases including any addition information discovered during the investigation.

Remediation Recommendations

Additional tactical remediation recommendation applicable for other information systems or at the organization level to improve the overall security posture.