Cyber 事件响应

只要看看持续不断的新闻周期,就会发现公司在突发奇想的网络攻击面前是多么脆弱. 因此, 今天的组织快速有效地应对计算机安全事件的能力从来没有像现在这样关键. A proper response to network and computer attacks can prevent unneeded expense, over-extending internal resources, and provide the essential information needed to make critical decisions on how to move forward.

事件响应

HB火博体育app官网的事件响应方法利用NIST-800-61计算机安全事件处理指南来确定关键问题的答案, 如:

  • When did the incident occur? It is not uncommon to find that the intruders have been on networks for months before detected. 因此, 适当的分析是必要的,以找出事故最初发生的时间,以便您可以确定暴露的时间范围.
  • Where did the incident occur? Determining the point of initial compromise, and all locations of the compromise, is paramount to properly contain and eradicate the threat.
  • 风险是什么? Data breaches are arguably one of the most feared events for an organization to endure. This is an area where a thorough forensic analysis is beneficial. 仅仅因为一个系统被破坏了并不总是意味着敏感数据被获取了. Understanding the extent of the compromise is vital to determine next steps.
  • How did the incident occur? 了解事故的根本原因将为适当的补救提供所需的细节. HB火博体育app官网的事件响应报告提供了即时和长期的补救措施,以建立应对未来类似攻击的弹性.

HB火博体育app官网的目标是利用HB火博体育app官网广泛的安全和数字取证专业知识,帮助HB火博体育app官网的客户处理计算机安全事件,同时努力尽可能减少整体影响. 能够在计算机安全事件期间回答这些问题在许多情况下都是至关重要的.

事件响应 Plans

An incident response 计划 is a documented 计划/procedure for how the incident will be handled. While the contents may vary from organization to organization, most consist of standard operating procedures, 流程, and communication 计划s. [Link to blog titled “事件响应 Frequently Asked Questions”]

事件响应 Programs and Training

HB火博体育app官网还与各机构合作,将其事件响应计划提升为主动事件响应 项目. To assist our clients with this transition, LBMC Information Security designs and delivers custom incident response tabletop exercises. 经验表明,这种在持续改进方面的小投资将通过更快的响应时间获得回报, better communications, and lower costs when an incident does occur.

View Service Flyer (PDF)

Digital Forensic Analysis

Today’s technology is embedded in almost every aspect of our business and personal lives. With this reliance on modern technology, 调查数字设备是必要的,以避免遗漏有关活动和通信的关键细节,否则可能是未知的.

LBMC信息安全已经投资“最好的品种”计算机取证软件平台和工具,以高效和有效地保存和分析计算机, 存储介质, and mobile devices of all types to recover artifacts that may otherwise have been unknown.

HB火博体育app官网的认证法医分析师遵循严格的证据处理程序,并采用基于超过10年经验的法医分析方法来帮助您.

虽然HB火博体育app官网的分析细节通常是具体案例,但这种方法的基础包括:

  • Developing detailed timelines of detailed computer activity
  • Identifying and recovering electronic communications outside of conventional email (webmail, 短信, 等.)
  • Analyzing Internet activities
  • Determining and analyzing “cloud” storage usage (Google docs, Dropbox, 等.)
  • Investigating social media activities
  • Recovering and analyzing deleted information
  • Understanding application histories regarding execution
  • Recovering and analyzing videos and pictures
  • Detailing removable media usage (USB drives, printers, 等.)
  • Determining documents created, opened, printed, 等.

Sample applications of our digital forensics services involve:

  • 员工盗窃
  • Employment disputes
  • Commercial disputes
  • 欺诈
  • 国内事务
  • Insider threat activities
  • Internet Investigations
  • Patent/Copyright Infringement
  • Incident response related to data breaches

Our findings may require competent expert witness testimony. 您可以相信LBMC信息安全的法医分析师在联邦和许多州法院都有专家证词经验.

View Service Flyer (PDF)

诉讼支持 and Electronic Discovery

Due to our extensive experience in both digital forensics and electronic discovery, LBMC信息安全的专家为律师事务所和公司法律团队提供全方位的诉讼支持服务. HB火博体育app官网的电子查询服务方法是以公认的电子查询参考模式为基础的。. Our litigation support services can provide value at each stage of the EDRM lifecycle.

Information Governance (Readiness)

HB火博体育app官网的诉讼支持专家将帮助开发准备评估未来的eDiscovery请求. This assessment will review existing electronically stored information (ESI) data maps, will provide data retention suggestions, and can design litigation response procedures.

识别

Our experts will assist you in both identifying and locating potentially-relevant ESI sources.

Preservation/Collection

HB火博体育app官网将确保以符合成本效益和符合法律要求的方式收集相关ESI. We will also maintain proper chain of custody to ensure admissibility to the courts. HB火博体育app官网将进一步确保ESI得到适当保护,防止不适当的更改或破坏.

处理

We use the proper tools and methods (e.g., removing system files, keyword searching, de-duplication, designated timeframes, 等.) to reduce the volume of ESI and convert it, 如果有必要的话, to prepare for the legal review and presentation phases.

Review/Analysis/Production

在必要的时候, we will provide the needed platforms for an effective review of the ESI for relevance, 特权, 等. We will also provide the required production formats. This technology will be provided via a cost-effective, cloud-based solution, along with the needed training.

LBMC信息安全的诉讼支持专家与HB火博体育app官网的客户密切合作,以确保您的需求以高效和具有成本效益的方式得到处理.

Malware Compromise Assessment

HB火博体育app官网的恶意软件妥协评估是在大多数组织都有一个被动的恶意软件保护的前提下设计的. 比尔ions of dollars are spent annually on products designed to detect an attacker, yet massive data breaches happen on a near-weekly basis.

Recent studies have determined that the time between compromise and detection, known as the “compromise detection gap,” averages five to eight months. In more than two-thirds of cases, the compromised organization is first notified of the breach by a third party, such as law enforcement.

HB火博体育app官网使用“聚合安全”方法收集和分析网络信息和端点信息,并将捕获的数据与威胁情报关联起来.

Dissolvable Agents 保存 Time and Money

在过去, 彻底的威胁搜索服务需要在每台计算机上安装完整的端点代理,然后再卸载. Our malware compromise assessment does not require the installation of a full client agent. 它在Windows和Linux端点上使用一个创新的“可分解”代理来收集这些信息. This shortens the project timeline to a few weeks as opposed to many months.

Threat Intelligence and Malware Analysis

LBMC Information Security’s threat intelligence uses a large catalog of data, including open-source threat intelligence from multiple sources, up-to-the-minute data from CyberMaxx, and multiple commercial threat feeds. 对于通过威胁情报无法识别为良性或恶性的工件, we perform network traffic heuristics and manual malware analysis.

桌面演习

制定事件响应计划的最关键步骤是在真正的事件发生之前对计划进行压力测试. 问问你自己:

  • Does your 计划 include everything needed to successfully address an incident?
  • Are the contacts and communication 计划s accurate to your organization?
  • Does it need revisions or updates?
  • Does it add any value outside of a checkbox for compliance?
  • How do you know if it actually provides the intended value?

 

HB火博体育app官网可以帮助设计和促进事件响应桌面会话,以帮助您改进事件响应程序. Our team will provide consulting services to help you design, 计划, 并执行桌面练习来实践您的信息安全事件响应(IR)计划, help personnel understand their obligations and duties in the event of a security incident, and evaluate the IR 计划’s robustness concerning communication, 责任, 和治理. 测试还包括记录测试结果和测试后审查,以评估测试过程, 特定的反应, 成功, 失败, and lessons learned.

而不是做假设,简单地把事件响应文档放在架子上,希望它是准确的, 最好是用桌面练习来测试它,这样可以在下一次事件发生之前对事件响应程序进行持续改进. 正确的设计, tabletop exercises can help you determine how well your people, 流程, and technologies are prepared for an incident. More importantly, these exercises allow you to improve that preparation over time.

管理团队

Link to 比尔 事件响应

比尔 迪安

Shareholder, Information Security

手机图标 电子邮件图标 诺克斯维尔
手机图标 电子邮件图标 诺克斯维尔