Incident Response

Bill Dean #581 & Pete Dedes #562

NOTE: If you are currently experiencing a security breach, please call U.S. Toll-free: 800-810-1885 for immediate assistance.

We are here to help you both plan and prepare for how you will handle security incidents. We will also help you in critical times to properly handle security issues. Through a comprehensive offering of incident handling and forensic services, we have assisted thousands of customers of all sizes.

Video: Computer Incident Response with Bill Dean

Our Incident Response Services

Preparation

Sword & Shield provides incident response preparation services. For our clients who have purchased the Rapid Response Shield™ kit, we assist in their efforts to prepare for computer security incidents. This preparation also facilitates our ability to handle your incidents more efficiently.

Detection

For many organizations, the most challenging part of the incident response process is accurately detecting and assessing possible incidents—determining whether an incident has occurred and, if so, the type, extent, and magnitude of the problem. Sword & Shield leverages extensive security and forensic investigation experience to detect and confirm the computer security incident.

Analysis

Sword & Shield rapidly performs an initial analysis to determine the incident’s scope, such as which networks, systems, or applications are affected; who or what originated the incident; and how the incident is occurring (e.g., what tools or attack methods are being used, what vulnerabilities are being exploited). The initial analysis provides us with enough information to prioritize subsequent activities, such as containment of the incident and deeper analysis of the effects of the incident.

Containment

When an incident has been detected and analyzed, it is important to contain it before the spread of the incident overwhelms resources or the damage increases. Most incidents require containment, so it is important to consider it early in the course of handling each incident.

Eradication

After an incident has been contained, eradication may be necessary to eliminate components of the incident, such as deleting malicious code and disabling breached user accounts.

Reporting

One of the most important parts of incident response is also the most often omitted: learning and improving. In each incident that we handle, we provide expert reports to answer the critical questions of the computer security incident: What happened? How did it happen? What data was accessed or compromised? How do we prevent similar computer security incidents from occurring in the future? Sword & Shield does not consider the handling of any computer security incident complete until we have answered these questions for our clients.

Rapid Response Shield™

When you retain Sword & Shield for incident response, our experts remain on call and are already familiar with your network environment and the location and nature of sensitive data. That means we respond faster and more accurately to security incidents—up to 30 percent faster when it comes to initial response efforts. And Sword & Shield’s computer security experts remain on call from the initial detection of a breach, to event analysis and post-incident activities.

Real Success Story

Analysts Recommend Simple IT Task to Secure Protected Health Information

A healthcare company contacted Sword & Shield’s Incident Response Team after discovering suspicious files that permitted access to patient information on one of their Internet servers. As part of the Incident Response Service, our analysts detect and assess possible incidents to determine whether an event has occurred, the magnitude of the event; how to contain and eradicate this incident and how to respond in the future to prevent similar events.

In this case, Sword & Shield analysts performed a full forensic analysis of the healthcare company’s server and determined that the server had been compromised with malicious software that allowed unauthorized access from the Internet. The malicious software had gone undetected by anti-virus programs for more than three weeks as intruders were accessing the system and patient information – an incident that could result in penalties should it be determined that the company failed to secure protected health information (PHI).

Analysts further determined that a simple misconfiguration of the Internet server software had permitted the uploading of the malicious software. The healthcare company’s IT professional was informed that a reconfiguration was necessary to prevent further problems of this nature.

Find Out More

Sword & Shield has been outsmarting cyber-criminals and improving security for enterprises around the world since 1997. Fill out our Consultation Request form or call us so we can begin securing your future.

U.S. Toll-free: 800-810-1885

International: 865-244-3500

Request a Consultation
First Name *
Last Name *
Company
Email *
Phone *
State	Select a StateAlabamaAlaskaArizonaArkansasCaliforniaColoradoConnecticutDelawareDistrict of ColumbiaFloridaGeorgiaHawaiiIdahoIllinoisIndianaIowaKansasKentuckyLouisianaMaineMarylandMassachusettsMichiganMinnesotaMississippiMissouriMontanaNebraskaNevadaNew HampshireNew JerseyNew MexicoNew YorkNorth CarolinaNorth DakotaOhioOklahomaOregonPennsylvaniaRhode IslandSouth CarolinaSouth DakotaTennesseeTexasUtahVermontVirginiaWashingtonWest VirginiaWisconsinWyoming
How can we help you today?
Spam Captcha	Type this:
Sales answers requests within 1 business day and usually within a few hours.