网络事件反应

只要看一看新闻周期的变化,就会发现企业在网络攻击的反复无常面前是多么脆弱. 因此, 当今组织快速有效地响应计算机安全事件的能力从来没有像现在这样重要. A proper response to network and computer attacks can prevent unneeded expense, 过度消耗内部资源, and provide the essential information needed to make critical decisions on how to move forward.

事件响应

agapp事件响应方法利用NIST-800-61计算机安全事件处理指南来确定关键问题的答案, 如:

  • 事故是什么时候发生的? It is not uncommon to find that the intruders have been on networks for months before detected. 因此, 正确的分析是必要的,以找出事件最初发生的时间,这样你就可以确定曝光的时间框架.
  • 事故发生在哪里? 确定最初妥协的要点, 以及所有妥协的地点, is paramount to properly contain and eradicate the threat.
  • 有哪些风险? Data breaches are arguably one of the most feared events for an organization to endure. This is an area where a thorough forensic analysis is beneficial. Just because a system has been compromised does not always mean that sensitive data was obtained. Understanding the extent of the compromise is vital to determine next steps.
  • 这一事件是如何发生的? 了解事故的根本原因将为适当的补救提供必要的细节. agapp事件响应报告提供了即时和长期的补救步骤,以建立应对未来类似袭击的弹性.

agapp目标是利用我们广泛的安全和数字取证专业知识,帮助agapp客户应对计算机安全事故,同时努力尽可能减少整体影响. 能够在计算机安全事件期间回答这些问题在许多情况下是至关重要的.

事件响应计划

An incident response 计划 is a documented 计划/procedure for how the incident will be handled. While the contents may vary from organization to organization, 大多数由标准操作程序组成, 流程, 和沟通计划. [Link to blog titled “事件响应 Frequently Asked Questions”]

事件反应计划和培训

我们还与组织合作,将其事件响应计划提升为主动的事件响应 项目. 协助agapp客户完成这一转变, LBMC 信息安全 designs and delivers custom incident response tabletop exercises. 经验表明,这种在持续改进方面的小投资将以更快的响应时间获得回报, 更好的沟通, 当事故发生时,成本更低.

浏览服务传单(PDF)

数字法医分析

Today’s technology is embedded in almost every aspect of our business and personal lives. 对现代技术的依赖, 调查数字设备是必要的,以避免错过有关活动和通信的关键细节,否则可能是未知的.

LBMC信息安全公司投资了“最好的品种”的计算机取证软件平台和工具,以高效和有效地保存和分析计算机, 存储介质, and mobile devices of all types to recover artifacts that may otherwise have been unknown.

agapp认证法医分析师遵循严格的证据处理程序,并采用基于超过10年经验的法医分析方法来帮助您.

虽然agapp分析的细节通常是具体情况,这种方法的基础包括:

  • Developing detailed timelines of detailed computer activity
  • Identifying and recovering electronic communications outside of conventional email (webmail, 短信, 等.)
  • 分析网络活动
  • Determining and analyzing “cloud” storage usage (Google docs, Dropbox, 等.)
  • 调查社交媒体活动
  • 恢复和分析已删除信息
  • Understanding application histories regarding execution
  • 恢复和分析视频和图片
  • Detailing removable media usage (USB drives, printers, 等.)
  • 确定创建、打开、打印等文件.

Sample applications of our digital forensics services involve:

  • 员工盗窃
  • 就业纠纷
  • 商业纠纷
  • 欺诈
  • 国内事务
  • 内部威胁的活动
  • 互联网调查
  • 专利/版权侵权
  • 与数据泄露有关的事件响应

Our findings may require competent expert witness testimony. 您可以相信LBMC信息安全公司的法医分析人员在联邦和许多州法院拥有专家证词经验.

浏览服务传单(PDF)

诉讼支持与电子发现

Due to our extensive experience in both digital forensics and electronic discovery, LBMC信息安全的专家为律师事务所和公司法律团队提供全方位的诉讼支持服务. agapp电子发现服务方法是基于公认的电子发现参考模型(ERDM). Our litigation support services can provide value at each stage of the EDRM lifecycle.

信息治理(准备)

agapp诉讼支持专家将协助对未来的eDiscovery请求进行准备评估. This assessment will review existing electronically stored information (ESI) data maps, 会提供数据保留建议吗, 并能设计诉讼响应程序.

识别

Our experts will assist you in both identifying and locating potentially-relevant ESI sources.

保存/托收

我们将确保以具有成本效益和司法合理性的方式收集相关ESI. We will also maintain proper chain of custody to ensure admissibility to the courts. 我们将进一步确保ESI得到适当保护,防止不适当的更改或破坏.

处理

我们使用适当的工具和方法.g., removing system files, keyword searching, de-duplication, designated timeframes, 等.)减少ESI的体积并将其转换, 如果有必要的话, to prepare for the legal review and presentation phases.

评估/分析/生产

在必要的时候, we will provide the needed platforms for an effective review of the ESI for relevance, 特权, 等. 我们也会提供所需的生产格式. 这种技术将通过成本效益来提供, 基于云的解决方案, 以及所需的培训.

LBMC信息安全的诉讼支持专家与agapp客户密切合作,以确保您的需求以高效和经济的方式得到处理.

恶意软件妥协评估

agapp恶意软件危害评估是基于这样一个前提设计的:大多数组织都采用被动的方法来保护恶意软件. 比尔ions of dollars are spent annually on products designed to detect an attacker, yet massive data breaches happen on a near-weekly basis.

Recent studies have determined that the time between compromise and detection, 这被称为“妥协检测缺口”,平均五到八个月. 在超过三分之二的情况下, the compromised organization is first notified of the breach by a third party, 例如执法.

我们使用“聚合安全”方法,收集和分析网络信息和端点信息,并将捕获的数据与威胁情报相关联.

可溶解剂节省时间和金钱

在过去, 彻底的威胁查找服务需要在每台计算机上安装完整的端点代理,然后再卸载. Our malware compromise assessment does not require the installation of a full client agent. 它在Windows和Linux终端上使用一种创新的“可溶解”代理来收集这些信息. This shortens the project timeline to a few weeks as opposed to many months.

威胁情报和恶意软件分析

LBMC 信息安全’s threat intelligence uses a large catalog of data, including open-source threat intelligence from multiple sources, 最新的数据 CyberMaxx,以及多个商业威胁提要. For artifacts that cannot be identified as either benign or malicious through threat intelligence, we perform network traffic heuristics and manual malware analysis.

桌面演习

开发事故响应计划的最关键步骤是在真正的事故发生之前对计划进行压力测试. 问问你自己:

  • Does your 计划 include everything needed to successfully address an incident?
  • Are the contacts 和沟通计划 accurate to your organization?
  • 它需要修订或更新吗?
  • Does it add any value outside of a checkbox for compliance?
  • How do you know if it actually provides the intended value?

 

我们可以帮助设计和促进一个事件响应桌面会话,以帮助您改进您的事件响应程序. Our team will provide consulting services to help you design, 计划, 并执行桌面练习来练习您的信息安全事件响应(IR)计划, help personnel understand their obligations and duties in the event of a security incident, and evaluate the IR 计划’s robustness concerning communication, 责任, 和治理. 测试还包括结果文档和测试后的回顾,以评估测试过程, 特定的反应, 成功, 失败, 和经验教训.

而不是做假设,只是把您的事件响应文档放在架子上,并希望它是准确的, 最好是通过桌面练习来测试,以便在下一次事件发生之前,在事件响应程序中建立持续改进. 正确的设计, tabletop exercises can help you determine how well your people, 流程, 技术已经准备好应对突发事件. More importantly, these exercises allow you to improve that preparation over time.

管理团队

链接到比尔事件响应

比尔 迪安

股东,信息安全

手机图标 电子邮件图标 诺克斯维尔
手机图标 电子邮件图标 诺克斯维尔