Kaspersky Incident Response
Managing the aftermath of a security breach
Kaspersky Incident Response
Get a Quote!
It’s becoming increasingly difficult to prevent information security incidents. But, while it may not always be possible to halt an attack before it penetrates your security perimeter, it’s absolutely within our power to limit the resultant damage and to prevent the attack from spreading. The full weight of Kaspersky Lab’s global expertise can be brought to bear on the resolution of your security incident.
Covering the entire incident investigation cycle to completely eliminate the threat to your organization
Analysis of digital evidence related to a cybercrime, revealing a complete picture of an incident
Providing you with exhaustive information about the behavior and functionality of specific malware files
The importance of incident response
While your infosec team works hard to ensure that every network component is protected, a single vulnerability could open the door to intruders, giving them access to your information systems.
Anything can be targeted. If a system gets hacked, it is vital to establish how it was compromised in order to draw up an attack mitigation plan and prevent such attacks in the future. The incident response service achieves these goals.
How the service works
An incident constitutes a breach or the threat of a breach of computer security policies, acceptable use policies and / or standard security practices.
Incident response — obtains a detailed picture of the incident. The service covers the full incident investigation and response cycle: from early incident response and evidence collection to identifying additional traces of hacking and preparing an attack mitigation plan.
While your specialists work hard to ensure the security of every network component, a single vulnerability can offer an open door to any cybercriminal intent on gaining control over your information systems. No one is immune: however effective your security controls, you can become a victim.
4 Stages of Incident Response
1. Request initialization
At this stage, our experts gather information from those who reported the incident and from IT and other personnel who may have useful knowledge of technical details and business processes to help understand the incident details.
In addition, the Kaspersky team analyzes information about the incident from network and security logs for evidence of the incident. After that, our experts provide short-term recommendations on what to do next.
2. Evidence collection
Depending on the specifics of the incident, the following approaches can be used:
Kaspersky experts visit your organization and collect evidence related to the incident to aid the investigation
Kaspersky experts provide all necessary tools and guidance for your company’s IT employees to collect evidence themselves
Evidence may include: log files of operating systems, applications and network equipment, Internet access logs (for example, from proxy servers), network traffic dumps, hard drive images, memory dumps and any other types of information that may aid the investigation.
3. Evidence analysis
At this stage, our experts analyze all the available information (including malware, if necessary) to create a picture of the incident. Throughout the analysis and investigation, we promptly share newly discovered details so that timely action can be taken to prevent the attack from developing.
If new signs of compromise come to light during the analysis, we provide a tool to scan the company’s information resources to detect other compromised hosts and collect additional data.
4. Final report
Kaspersky provides you with a final report containing our findings and recommendations.
Kaspersky investigations are carried out by highly qualified cybersecurity analysts and experts. All our global expertise in digital forensics and malware analysis can be leveraged to resolve your information security incident. The service aims to:
- Isolate the threat
- Stop the attack spreading
- Analyze malware used in the attack (if detected)
- Analyze network and host activities
- Search for and collect evidence
- Eliminate the threat
- Identify compromised resources
- Analyze the evidence and reconstruct the incident chronology and logic
- Develop guidelines for restoring a healthy IT infrastructure and preventing a recurrence of similar attacks
Get your systems and business operations back on track faster
- Rapid, fully-informed response and remediation
- Reduced recovery times and costs
- Specialists with extensive practical experience
Obtain detailed information on the specific malware sample
- A complete understanding of its behavior
- Detailed reporting on sample properties and functionality
- A clear and effective remediation plan
Download the Kaspersky Incident Response Datasheet (PDF).
- Pricing and product availability subject to change without notice.