只要看看持续不断的新闻周期，就会发现公司在突发奇想的网络攻击面前是多么脆弱. 因此, 今天的组织快速有效地应对计算机安全事件的能力从来没有像现在这样关键. A proper response to network and computer attacks can prevent unneeded expense, over-extending internal resources, and provide the essential information needed to make critical decisions on how to move forward.
- When did the incident occur? It is not uncommon to find that the intruders have been on networks for months before detected. 因此, 适当的分析是必要的，以找出事故最初发生的时间，以便您可以确定暴露的时间范围.
- Where did the incident occur? Determining the point of initial compromise, and all locations of the compromise, is paramount to properly contain and eradicate the threat.
- 风险是什么? Data breaches are arguably one of the most feared events for an organization to endure. This is an area where a thorough forensic analysis is beneficial. 仅仅因为一个系统被破坏了并不总是意味着敏感数据被获取了. Understanding the extent of the compromise is vital to determine next steps.
- How did the incident occur? 了解事故的根本原因将为适当的补救提供所需的细节. HB火博体育app官网的事件响应报告提供了即时和长期的补救措施，以建立应对未来类似攻击的弹性.
An incident response 计划 is a documented 计划/procedure for how the incident will be handled. While the contents may vary from organization to organization, most consist of standard operating procedures, 流程, and communication 计划s. [Link to blog titled “事件响应 Frequently Asked Questions”]
事件响应 Programs and Training
HB火博体育app官网还与各机构合作，将其事件响应计划提升为主动事件响应 项目. To assist our clients with this transition, LBMC Information Security designs and delivers custom incident response tabletop exercises. 经验表明，这种在持续改进方面的小投资将通过更快的响应时间获得回报, better communications, and lower costs when an incident does occur.
Digital Forensic Analysis
Today’s technology is embedded in almost every aspect of our business and personal lives. With this reliance on modern technology, 调查数字设备是必要的，以避免遗漏有关活动和通信的关键细节，否则可能是未知的.
LBMC信息安全已经投资“最好的品种”计算机取证软件平台和工具，以高效和有效地保存和分析计算机, 存储介质, and mobile devices of all types to recover artifacts that may otherwise have been unknown.
- Developing detailed timelines of detailed computer activity
- Identifying and recovering electronic communications outside of conventional email (webmail, 短信, 等.)
- Analyzing Internet activities
- Determining and analyzing “cloud” storage usage (Google docs, Dropbox, 等.)
- Investigating social media activities
- Recovering and analyzing deleted information
- Understanding application histories regarding execution
- Recovering and analyzing videos and pictures
- Detailing removable media usage (USB drives, printers, 等.)
- Determining documents created, opened, printed, 等.
Sample applications of our digital forensics services involve:
- Employment disputes
- Commercial disputes
- Insider threat activities
- Internet Investigations
- Patent/Copyright Infringement
- Incident response related to data breaches
Our findings may require competent expert witness testimony. 您可以相信LBMC信息安全的法医分析师在联邦和许多州法院都有专家证词经验.
诉讼支持 and Electronic Discovery
Due to our extensive experience in both digital forensics and electronic discovery, LBMC信息安全的专家为律师事务所和公司法律团队提供全方位的诉讼支持服务. HB火博体育app官网的电子查询服务方法是以公认的电子查询参考模式为基础的。. Our litigation support services can provide value at each stage of the EDRM lifecycle.
Information Governance (Readiness)
HB火博体育app官网的诉讼支持专家将帮助开发准备评估未来的eDiscovery请求. This assessment will review existing electronically stored information (ESI) data maps, will provide data retention suggestions, and can design litigation response procedures.
Our experts will assist you in both identifying and locating potentially-relevant ESI sources.
HB火博体育app官网将确保以符合成本效益和符合法律要求的方式收集相关ESI. We will also maintain proper chain of custody to ensure admissibility to the courts. HB火博体育app官网将进一步确保ESI得到适当保护，防止不适当的更改或破坏.
We use the proper tools and methods (e.g., removing system files, keyword searching, de-duplication, designated timeframes, 等.) to reduce the volume of ESI and convert it, 如果有必要的话, to prepare for the legal review and presentation phases.
在必要的时候, we will provide the needed platforms for an effective review of the ESI for relevance, 特权, 等. We will also provide the required production formats. This technology will be provided via a cost-effective, cloud-based solution, along with the needed training.
Malware Compromise Assessment
HB火博体育app官网的恶意软件妥协评估是在大多数组织都有一个被动的恶意软件保护的前提下设计的. 比尔ions of dollars are spent annually on products designed to detect an attacker, yet massive data breaches happen on a near-weekly basis.
Recent studies have determined that the time between compromise and detection, known as the “compromise detection gap,” averages five to eight months. In more than two-thirds of cases, the compromised organization is first notified of the breach by a third party, such as law enforcement.
Dissolvable Agents 保存 Time and Money
在过去, 彻底的威胁搜索服务需要在每台计算机上安装完整的端点代理，然后再卸载. Our malware compromise assessment does not require the installation of a full client agent. 它在Windows和Linux端点上使用一个创新的“可分解”代理来收集这些信息. This shortens the project timeline to a few weeks as opposed to many months.
Threat Intelligence and Malware Analysis
LBMC Information Security’s threat intelligence uses a large catalog of data, including open-source threat intelligence from multiple sources, up-to-the-minute data from CyberMaxx, and multiple commercial threat feeds. 对于通过威胁情报无法识别为良性或恶性的工件, we perform network traffic heuristics and manual malware analysis.
- Does your 计划 include everything needed to successfully address an incident?
- Are the contacts and communication 计划s accurate to your organization?
- Does it need revisions or updates?
- Does it add any value outside of a checkbox for compliance?
- How do you know if it actually provides the intended value?
HB火博体育app官网可以帮助设计和促进事件响应桌面会话，以帮助您改进事件响应程序. Our team will provide consulting services to help you design, 计划, 并执行桌面练习来实践您的信息安全事件响应(IR)计划, help personnel understand their obligations and duties in the event of a security incident, and evaluate the IR 计划’s robustness concerning communication, 责任, 和治理. 测试还包括记录测试结果和测试后审查，以评估测试过程, 特定的反应, 成功, 失败, and lessons learned.
而不是做假设，简单地把事件响应文档放在架子上，希望它是准确的, 最好是用桌面练习来测试它，这样可以在下一次事件发生之前对事件响应程序进行持续改进. 正确的设计, tabletop exercises can help you determine how well your people, 流程, and technologies are prepared for an incident. More importantly, these exercises allow you to improve that preparation over time.