Kaspersky Incident Response

Overview

It’s becoming increasingly difficult to prevent information security incidents. But, while it may not always be possible to halt an attack before it penetrates your security perimeter, it’s absolutely within our power to limit the resultant damage and to prevent the attack from spreading. The full weight of Kaspersky Lab’s global expertise can be brought to bear on the resolution of your security incident.

Incident Response

Covering the entire incident investigation cycle to completely eliminate the threat to your organization

Digital Forensics

Analysis of digital evidence related to a cybercrime, revealing a complete picture of an incident

Malware Analysis

Providing you with exhaustive information about the behavior and functionality of specific malware files

The importance of incident response

While your infosec team works hard to ensure that every network component is protected, a single vulnerability could open the door to intruders, giving them access to your information systems.

Anything can be targeted. If a system gets hacked, it is vital to establish how it was compromised in order to draw up an attack mitigation plan and prevent such attacks in the future. The incident response service achieves these goals.

How the service works

An incident constitutes a breach or the threat of a breach of computer security policies, acceptable use policies and / or standard security practices.

Incident response — obtains a detailed picture of the incident. The service covers the full incident investigation and response cycle: from early incident response and evidence collection to identifying additional traces of hacking and preparing an attack mitigation plan.

The Risk

While your specialists work hard to ensure the security of every network component, a single vulnerability can offer an open door to any cybercriminal intent on gaining control over your information systems. No one is immune: however effective your security controls, you can become a victim.

Lost business and opportunities

Negative publicity

Downtime expenses

Significant penalties and fines

Increased insurance premiums

Damage to credit ratings

Suitable for

This solution is particularly well suited to addressing the security requirements, concerns and constraints of these enterprise sectors.

Enterprise
Financial Services
Managed Security Service Providers
Critical Infrastructure

4 Stages of Incident Response

1. Request initialization

At this stage, our experts gather information from those who reported the incident and from IT and other personnel who may have useful knowledge of technical details and business processes to help understand the incident details.

In addition, the Kaspersky team analyzes information about the incident from network and security logs for evidence of the incident. After that, our experts provide short-term recommendations on what to do next.

2. Evidence collection

Depending on the specifics of the incident, the following approaches can be used:

Onsite
Kaspersky experts visit your organization and collect evidence related to the incident to aid the investigation
Remote
Kaspersky experts provide all necessary tools and guidance for your company’s IT employees to collect evidence themselves

Evidence may include: log files of operating systems, applications and network equipment, Internet access logs (for example, from proxy servers), network traffic dumps, hard drive images, memory dumps and any other types of information that may aid the investigation.

3. Evidence analysis

At this stage, our experts analyze all the available information (including malware, if necessary) to create a picture of the incident. Throughout the analysis and investigation, we promptly share newly discovered details so that timely action can be taken to prevent the attack from developing.

If new signs of compromise come to light during the analysis, we provide a tool to scan the company’s information resources to detect other compromised hosts and collect additional data.

4. Final report

Kaspersky provides you with a final report containing our findings and recommendations.

Kaspersky investigations are carried out by highly qualified cybersecurity analysts and experts. All our global expertise in digital forensics and malware analysis can be leveraged to resolve your information security incident. The service aims to:

Isolate the threat
Stop the attack spreading
Analyze malware used in the attack (if detected)
Analyze network and host activities
Search for and collect evidence
Eliminate the threat
Identify compromised resources
Analyze the evidence and reconstruct the incident chronology and logic
Develop guidelines for restoring a healthy IT infrastructure and preventing a recurrence of similar attacks

Use Cases

Get your systems and business operations back on track faster

Rapid, fully-informed response and remediation
Reduced recovery times and costs
Specialists with extensive practical experience

Obtain detailed information on the specific malware sample

A complete understanding of its behavior
Detailed reporting on sample properties and functionality
A clear and effective remediation plan

Understand the reasons, sources and impact of the incident

Analysis of the incident indicators
Identification of the related malicious files
Incident timeline and logic reconstruction

Documentation

Download the Kaspersky Incident Response Datasheet (PDF).

Call a Specialist Today! 844-356-5142

Kaspersky Incident Response
Managing the aftermath of a security breach