网络事故应变

Our incident response methodology leverages the NIST-800-61 Computer Security Incident Handling Guide to determine answers to critical questions, 如:

• 事件是什么时候发生的? It is not uncommon to find that the intruders have been on networks for months before detected. 因此, proper analysis is imperative to find out when the incident initially occurred so you can determine the timeframe of exposure.
• 事故发生在哪里? 确定最初的妥协点, 以及所有的妥协地点, 最重要的是适当地控制和根除威胁吗.
• 有什么风险?? Data breaches are arguably one of the most feared events for an organization to endure. 在这个领域，彻底的法医分析是有益的. Just because a system has been compromised does not always mean that sensitive data was obtained. 了解妥协的程度对决定下一步行动至关重要.
• 事件是如何发生的? Understanding the root cause of the incident will provide the needed details for proper remediation. Our incident response reports provide immediate and long-term remediation steps to build resiliency against similar attacks moving forward.

明升体育app下载目标是利用我们广泛的安保力量 数字取证 expertise to assist our clients through computer security incidents while working to reduce the overall impact as much as possible. Being able to answer these questions during a computer security incident is paramount in numerous situations.

事件应变计划

An incident response 计划 is a documented 计划/procedure for how the incident will be handled. 虽然内容可能因组织而异, 大多数由标准操作程序组成, 流程, 沟通计划. [连结至题为“意外应变及常见问题”的博客]

事件响应计划和培训

We also work with organizations to elevate their incident response 计划s into proactive incident response 项目. 帮助明升体育app下载客户完成这一过渡, LBMC 网络安全 designs and delivers custom incident response tabletop exercises. Experience has demonstrated that this small investment in continuous improvement will pay dividends with faster response times, 更好的沟通, 当事故发生时，成本也会降低.

Our 恶意软件危害评估 was designed on the premise that most organizations have a passive approach to malware protection. 比尔ions of dollars are spent annually on products designed to detect an attacker, 然而，几乎每周都会发生大规模的数据泄露事件.

Recent studies have determined that the time between compromise and detection, 被称为“威胁检测缺口”,平均5到8个月. 在超过三分之二的情况下, the compromised organization is first notified of the breach by a third party, 比如执法部门.

We use a “converged security” approach that gathers and analyzes both network information and endpoint information and correlates the captured data with threat intelligence.

可溶解剂节省时间和金钱

在过去, thorough threat hunting services required full endpoint agents to be installed and later uninstalled on each computer. Our malware compromise assessment does not require the installation of a full client agent. It gathers this information using an innovative “dissolvable” agent on Windows and Linux endpoints. 这将项目时间缩短到几周，而不是几个月.

威胁情报和恶意软件分析

LBMC网络安全的威胁情报使用了大量的数据目录, 包括来自多个来源的公开威胁情报, 最新数据来自 CyberMaxx，以及多个商业威胁源. For artifacts that cannot be identified as either benign or malicious through threat intelligence, 我们执行网络流量启发式和手动恶意软件分析.

The most crucial step in developing an incident response 计划 is to stress test the 计划 before a real incident occurs. 问问你自己:

• Does your 计划 include everything needed to successfully address an incident?
• 联络和沟通计划对你的组织是准确的吗?
• 它需要修改或更新吗?
• 它是否在遵从性复选框之外增加了任何价值?
• 您如何知道它是否确实提供了预期值?

We can help design and facilitate an incident response tabletop session to help you improve your incident response program. 明升体育app下载团队将提供咨询服务，帮助您进行设计, 计划, and execute table top exercises to practice your incident response (IR) 计划, help personnel understand their obligations and duties in the event of a security incident, 并评估IR计划在沟通方面的稳健性, 责任, 和治理. The test will also include documentation of results and an after-test review to evaluate the test process, 特定的反应, 成功, 失败, 吸取教训.

Instead of making assumptions and simply placing your incident response documentation on a shelf and hoping it is accurate, it’s better to test it with tabletop exercises designed to build continuous improvement into your incident response program before your next incident occurs. 正确的设计, 桌面练习可以帮助你确定你的员工有多好, 流程, 技术是为突发事件做好准备的. More importantly, these exercises allow you to improve that preparation over time.