Crisis Management & Incident Response
When you suspect your servers have been breached, you must respond immediately in order to minimize damages and prevent additional losses. Security breaches can cripple a business beyond repair, but only when improperly handled. Whether you have experienced a hacking attempt, employee data theft, corporate espionage, or anything else that threatens the security of your systems it is important to contain the threat and take steps to prevent and potentially reverse damages.
We always strive for the smallest possible RTO (when applicable), however many modern day attacks don't result in any substantial downtime and are executed in silence. If an attack is found to have occurred, there are many possible courses of action, in many cases a small amount of downtime (usually well under your MTD) is a good thing, It allows us to quickly patch holes and stop any active attacks without risk of secondary attacks or further damage to servers caused by RCEs or complete compromise of user or root accounts. It is not always possible to take down a service, especially in the realm of critical infrastructure. In cases where there is no maximum tolerable downtime, we have procedures in place to quickly and effectively stop and prevent the attacks.
For a Free Assessment
The most common cyber-threats we deal with
- Mitigation and prevention of data breaches & consultation on how to handle an attack
- Active DDOS and DOS attacks, Along with DDOS threats
- Targeted server/data compromise by a single attacker or group of attackers
- Cyber extortion that is executed using threats of DDOS, information leaks, or data destruction
- Web service defacing, persistent XSS attacks used to damage users, and data destruction by an attacker
- Corporate data theft damage control and attacker identification via data-trails
damage mitigation and data-breach prevention
When your data or systems have been compromised, it has the potential to completely bankrupt your organization if the incident is improperly handled. We do not give guidance on any legal, financial or PR matters. We are here to identify the source of an attack, quickly and effectively secure a system or set of systems and report all effected data.
The common chain of events that should follow an attack
- Identification of the attack vector used to breach your security (While live or suspended).
- System snapshots are taken where integrity is critical and where data may be needed for legal purposes
- Quickly and effectively patch the attack vectors used by an attacker
- System wide real-time SIEM monitoring is put in place to avoid additional loss
- Indexing and reporting phase begins when a system is cleared as secure.
- Full data impact reporting and loss recovery procedures are put in place within your pre-defined WTO
All attacks must be handled in way that best fits the victimized companies requirements. It is unfortunate that a company's requirements can not always be met, but we will always give a clear and accurate work estimate that will hopefully fall within your RTO and MTD without any surprises. Most of our work can be done on location and with minimal resources in order to keep costs manageable without sacrificing quality of service. We have a few different incident response procedures that we follow when applicable, but these are commonly adapted in order to meet the specific needs of each client.
If your company is actively experiencing a digital emergency, don’t waste time with robots or call centers, call our emergency line at any time to speak with an expert immediately (after hours rates MAY apply)
DDoS Attack management
A DDOS attack is one of the most common attacks a company will experience. DDoS stands for Distributed Denial of Service, which is when an attacker leverages the power of multiple systems or networks to overload and cripple your server(s) in a multitude of ways. These attacks are so common in recent years because of the increasing availability and decreased cost of distributed platforms for launching bot attacks. It is always much better to prevent a DDoS attack rather than stop one, days of downtime are common during long-term DDoS attacks if not properly managed. In the small business and crypto-coin/financial world there have been ddos attacks that have lasted months at a time. These attacks are usually done for financial gain of the attacker via extortion, Financial gain of a competing company by decreasing their competitor's availability, political or religious motives, or just for fun by some kids that recently discovered they can purchase very cheap bot-hours online.
The most damaging DDoS attacks are usually the ones launched by a competitor, closely followed by extortion attacks. The organized attacks launched by legitimate corporations are usually more sophisticated and harder to stop. Many of these attackers are using layer 7 attacks that may require re-development of the underlying software, or they may have access to advanced OCR or fingerprint based captcha circumvention. The more sophisticated an attack, the more downtime there will be. The good news is that we have experience with most types of DoS/DDoS attacks and we have procedures in place to quickly get your service(s) back up and running quickly. Please note that your MTD may not always be met depending on how persistent the attackers are. Most attacks are trivial to stop(permanently) and result in little downtime.
Common DDoS Mitigation strategies
- 3rd party Intercepting proxy implementation to screen and filter traffic for a short term solution
- Application layer adjustments to quickly render an active attack ineffective
- Temporary or permanent server re-configuration to stop SYN floods, HTTP floods, UDP floods, etc...
- Implementation of in house captcha and packet authentication or filtering systems
- Long term implementation of load balancing methods to prevent future attacks
- Education of your existing IT teams to make successful recurring attacks are less likely
The most common DDOS attacks are easy to stop, but in many cases after one method is stopped the attacker has another dozen methods ready on standby. We can never guarantee a recovery time when it comes to DDOS attacks, but in many cases an attack is not detrimental or anything more than a moderate annoyance when handled properly.
If you are actively experiencing a DOS attack, please call our emergency line at any time to speak with an expert (after hours rates MAY apply if an emergency line is used for non-emergency support)