Home >> Support >> Incident Response

 

Security Incident Response

Sales & Customer Service

If you need sales or account support please contact us at:

sales@securityondemand.com

Sales:  1-858-693-5655

 

Technical Support

If you need emergency technical support, please contact us at:

Toll Free:  1-888-722-6364

 

Introduction

Security On-Demand excels at assisting their clients with incident response planning, preparedness, and coordination of team response efforts.  As part of our client provisioning process, we will integrate our incident response process with your existing policy, standards, and processes.  This ensures coordination of response and attack mitigation efforts in the event of a security incident, forensics investigation, or regulatory compliance audit.

Incident response involves the following phases:

  • Preparation
  • Detection (Alert Triage)
  • Response (Containment and Eradication)
  • Recovery and Follow-up

The goal of a systematic approach to handle security incidents is to resume system and business operations as soon as possible while if possible preserving the incident’s forensics information for further analysis and security process enhancements.  Security On-Demand will work with your IT and security staff to coordinate with the Computer Incident Response Team (CIRT) and assist with investigation and recovery efforts.

Security Alert and Incident Triage

Events, alerts, and threats are identified through our risk based event correlation and data aggregation system that collects, aggregates, normalizes, and then correlates all data received. Events underlie alerts, which based on various algorithms and risk computations, comprise the severity level of an alert.

Alerts are scored as follows:

  • Severity 5 (Critical)
  • Severity 4 (Major)
  • Severity 3 (Minor)
  • Severity 2 (Low)
  • Severity 1 (FYI)

Each alert that is received above client defined thresholds is further analyzed by a trained security analyst that makes a further determination as to the severity level and conducts further research to validate, invalidate the alert. If the alert is validated, then the alert will be documented within the ticketing system and further analyzed according to the nature of the event and potential for impact.

The alert may be escalated, responded to according to incident response policy or the client may be contacted to discuss the traffic or event information being observed, etc. A formalized flow chart and process description is made available as part of the client's provisioning and on-boarding process.