CLIRSec Cyber Security

INCIDENT RESPONSE and DFIR

Think of Incident Response and Digital Forensics & Incident Response (DFIR) as your cybersecurity ambulance and investigative team rolled into one.

Incident Response: The Immediate Action Team

Imagine if your house were on fire—you'd want firefighters to arrive ASAP to put out the blaze. That’s what Incident Response does for your business when there's a cyber-attack. This team rushes in to contain the damage, making sure that a small 'fire' doesn't spread and become a five-alarm disaster. They work quickly to identify the problem, isolate affected systems, and prevent further harm.

DFIR: The Cyber Detectives and Forensic Experts

After the immediate danger is over, you'd want to know what caused the fire in your house to prevent future incidents. DFIR acts in a similar way after a cyber event. These experts dig deep into the 'crime scene' to identify the root causes of the cyber-attack. They collect digital evidence, analyze how the breach happened, and offer you insights into how to bolster your security measures to prevent a recurrence.

Seamless Collaboration: Two Sides of the Same Coin

Incident Response and DFIR are not isolated; they work hand-in-hand. While Incident Response is busy containing the immediate threat, DFIR is already at work collecting data aboutthe attack as it unfolds. This real-time collaboration ensures a smoother transition from crisis management to post-incident investigation and recovery.

The Playbook: Predefined Action Plans

In emergency medical services, paramedics follow established protocols to provide the best care. Similarly, Incident Response and DFIR operate based on predefined plans tailored to yourbusiness. When a cyber incident occurs, there's no time to waste—having a playbook ensures that the right actions are taken quickly and efficiently.

Why Your Business Needs Incident Response and DFIR

Just as you wouldn’t want to face a medical emergency without 911, you shouldn’t navigate the risky landscape of the digital world without Incident Response and DFIR. These specialized services act as your immediate responders and forensic experts, helping you not only survive a cyber-attack but also learn from it to better guard against future threats. Make sure these crucial’first responders’ are a part of your cybersecurity strategy to ensure the safety and resilience of your business.

CLIRSec Cyber Security

About Our Incident Response / DFIR Team

LEARN MORE
Our team has over 45 years’ experience in dealing with IT Security, Incident Response, Ransomware, Phishing attacks, as well as Computer and/or Cell Phone Forensics. In the event you have Cyber Security Insurance, we work hand in hand with your insurer to get you safe and provide them with all of the necessary information regarding the breach.

Things that we can do

Incident Response

  • Telephone response within 2 hours
  • On-site response within 24 hours
  • Assist client with restoration of services
  • Forensic audit regarding data that may be compromised

Preparatory

  • Breach Readiness
  • PCI/DSS Readiness
  • PIPEDA/HIPPA Readiness
  • CMMC (Department of Defense) Readiness

Computer Forensics

  • Civil Litigation
  • Fraud Investigations
  • Electronic Discovery
  • Certified in the Courts as experts, including Ontario Court of Appeal
  • Proper chain of custody always maintained
  • Desktop, laptop, server, mobile devices, external media, cloud, social media

Investigation examples:

Incident Response

  • Equifax announced a data breach in September of 2017. Our staff were onsite at a large multinational company in the United States in the summer of 2017 prior to the Equifax announcement. Our staff were able to clearly identify Equifax as the source of the breach and had numerous conversations with Equifax, helping them identify the breach vectors that were employed.
  • A large credit collection company in Canada who is responsible for many of the major banks bad debt collections was breached. Sensitive data was released. We did an extensive forensic analysis of all available servers and desktops identifying how the breach occurred and what information was taken.
  • A large Canadian recruiter was hit with ransomware. With the assistance of Information systems, we successfully deployed end point security on all servers and desktops. We were then able to identify the attack vector used by the bad actors and identify exactly what data was exfiltrated, satisfying the insurer that no sensitive data had been lost.

White Collar Crime

  • A large corporation was using corporate credit cards for purchases under $10,000. An employee fraudulently obtained a credit card by forging his supervisor’s signature. Each month he would make personal purchases, create fake invoices and charge the purchased goods to existing jobs. The monthly statements would then again be fraudulently approved by a forged signature. We were called in to review all credit card statements, perform a forensic examinationof the computer, including corporate emails and value the total amount of goods that were stolen. In the end, over 500k of items were charged over a 4-year period.

Financial Fraud

  • A foundation of a well-known international financial company was breached by phishing two executives and their shared assistant. The bad actors created rules in Office 365 for the 3 people and crafted an email thread in order to issue faked/duplicate invoices and the payment would go into their account. The 3 users never saw the email thread and large sums were paid to the bad actors. Our team was able to pinpoint the phishing emails that compromised their accounts and the websites it would link to. On further analysis, there were other phishing emailsand we were able to identify the IP addresses that the phishing emails were sent from. Our team also identified the data that the bad actors potentially had access to. Our findings were turned over to local law enforcement for investigation of the crime.

Electronic Discovery

  • A municipality was ordered to produce documents related to a controversial decision which was being challenged in the courts. Our team imaged all of the electronic devices, including laptops, desktops and phones. After counsel agreed to a set of search terms, all documents were identified, de-duplicated and provided to both parties.

Suggestions for Incident Response

Develop a service package where we charge a monthly fee to be on standby.

Service Package 1

 

  • A lower monthly fee which cannot be used for service hours
  • A per hour billing for helping them achieve a greater security posture
  • A guaranteed billing rate should an incident occur
  • Guaranteed response times 4 hours business hour response, 48-hour business hour on site if necessary

Service Package 2

 

  • A higher monthly fee
  • 50% of unused fees can be used towards Cyber Security Services
  • A guaranteed billing rate should an incident occur (Better than service package 1)
  • Guaranteed response times (Better than service package 1)

Service Package 3

 

  • Highest monthly fee
  • 75% of unused fees can be used towards Cyber Security Services
  • A guaranteed billing rate should an incident occur (Better than service package 2)
  • Guaranteed response times (Better than service package 2)