INCIDENT RESPONSE TEAM (IRT) — information security incident investigation and analysis service
• Professional advice on the management and the level of information security of the organization;
• Practical recommendations about the organizational measures for the protection of information and systems in accordance with the methodology of ISO 27001.
• Distribution of a digest with the latest cybersecurity vulnerabilities, threats, and recommendations for overcoming them;
• Providing written advice on critical threats to the company individually, consulting on information security measures needed to eliminate them.
As an example of the rapid response, our clients receive our recommendations on the emergence of new critical threats, such as Petya/Not-Petya, Efail, VPNFilter, etc. оn the same day.
• Collection and analysis of incident data;
• Search for criminals and establish their involvement;
• Analysis of the preconditions that contributed to the incident;
• Providing recommendations for the prevention of similar incidents in the future;
• Collection and storage of materials that can later be used by the client to bring perpetrators to justice.
• FS Group conducts a comprehensive forensic investigation of digital evidence, on the results of which you receive:
◦ A package of documents that can be subsequently added to the evidence base to bring violators to justice;
◦ Providing the customer with accurately collected physical and digital evidence.
• To investigate, we use our unique platform, which allows us to search for information from a variety of sources and contains the widest database of leaks, website registration, and compromised accounts;
• Practical trainings from our experts for the client’s staff analysts based on the company’s incidents and the latest information security technologies;
• Providing information, reports and initial data necessary for the investigation.
Security Bulletin is a monthly newsletter that contains information security rules related to vulnerabilities actively used by hackers, as well as recommendations for improving customer protection.
• To determine the vulnerabilities of security mechanisms, we simulate the actions of an attacker who tries to compromise information;
• Select the appropriate method for your company (manual, automated, combined) and type of attack;
• Before performing the tasks, we agree on the rules of testing and determine the order of notifications about the progress of work.
• We use best practices and standards:
◦ OWASP Testing guide;
◦ OWASP ASVS;
◦ NIST SP 800-115;
◦ ISACA Penetration testing procedure (P8).
• Resources under study:
◦ online stores, online retailers;
◦ media resources, news resources;
◦ banking resources, payment systems
◦ companies in technology and services;
◦ technological resources, SAAS
• We use instrumental web application scanning with elements of manual verification for an objective assessment of the level of security;
• We classify risks according to the methodology of OWASP (Open Web Application Security Project) — the world’s largest non-profit society for web application security. We take into account the motivation of the scammer, the level of skills, the availability of data on the exploitation of vulnerabilities to the general audience, and other parameters.
If your company has an incident, you need help with ISO 27001 certification or you just want to check the information security of your company - click the button below and leave a request for a consultation!Get a consultation
You are staffed by information security experts with 5 to 20 years of experience in the industry.
The key competencies of employees are divided into areas:
Each expert has from 2 to 5 certificates
Experience in investigating cybercrime in various fields
The IRT service is suitable for both business and government organizations. Our experts have experience in investigating incidents, gathering information, identifying and deanonymizing cybercriminals from various fields.
Experience in conducting international investigations
From the study of the activities of participants in hacking forums and services DarkWeb/DarkNet, as well as the activities of transnational APT-groups and deanonymization of members of such groups.
You do not need to hire a full staff of specialists in different fields to subscribe to the IRT in your schedule The equipment will be a multifunctional team of experts.
With IRT, you won't waste time reconciling legal documents in the midst of a cyberattack, at a time when you need to respond quickly to the actions of attackers who cause damage to your company.
An IRT subscription allows you to allocate time to specific services that your organization needs