INCIDENT FORENSIC ANALYSIS
INCIDENT EVALUATION, SEARCH, FORENSIC ANALYSIS
What can we do if
we have a serious suspicion about a security incident or if we are already
seeing signs of it?
For example, if information has appeared in press reports
that we have not yet published, or if our competitors are constantly one step
ahead, or even our monitoring systems indicate abnormal operation and behavior.
4iG's SOC
Forensic
service provides a solution for this, with which we perform:
- Identification of security incidents
- Searching for sources, initializing vectors
- Recommendation of mitigation and/or isolation points.
The knowledge of our experts extends to a wide variety of areas of the IT security sphere, so in addition to offensive solutions, they also cover forensic and incident tracing and evaluation, which are considered the most important in SOC. Finding and evaluating incidents is perhaps the most important task in the life of an SOC, for which, in addition to the availability of the appropriate toolkit, outstanding expert knowledge is essential.
This can even
find traces of methods used by hackers, such as viruses and spyware that have
been sent to the network by deceiving the user. The most important thing for
such cases is the application of policy designed for the client's environment.
One example is
the separation of infected machines and further forensic examination of the
information obtained on those machines. This, of course, also requires active
protection solutions and automatic response actions, which we can complement by
honeypot environments and agent solutions.
With our service,
we get a clearer picture of the exact course of the event that occurred, the
causes thereof, thus clarifying the points where protection needs to be
strengthened.