For over 15 years Sylint has developed and implemented highly effective incident responses to a broad range of cyber events.

We’ve devised and executed successful incident response plans for every type of incident from SQL injections and email viruses on local servers to corporate espionage and nation-state attacks on highly complex global networks. Our experienced and agile team of engineers, forensic analysts and investigators works in concert with our client’s IT professionals to quickly assess an often fluid situation and craft a tailored response strategy.

incident response
critical steps
faq

What is Incident Response?

Incident Response (or “IR”) is the process of responding to a known or suspect cyber-security incident. Sylint’s IR philosophy is to cooperate with internal teams where possible. This maximizes efficiencies and minimizes costs while determining what occurred. Generally working with small fire-teams of two to four experts, Sylint provides highly-skilled support during this stressful time.

It is important not to jump to conclusions, but instead carefully and methodically assess the situation and determine the best path forward. While the initial inclination may be to alternately ignore the problem or to “fix” things quickly, both of these tactics can cause further damage. Review the Critical Steps and Questions outlined here for more information.

CONTACT US

Critical Steps

Preserve the Evidence

Forensic analysis may be necessary to determine what happened, data attackers may have accessed and the scope and scale of the incident. Prior to ‘fixing’ identified issues, it is important to determine if preservation may be necessary. Additionally, today’s malware may reside only in memory (RAM), so forensic acquisition of RAM may be a critical component to an investigation.

Contact Legal Support

Security incidents may result in both civil litigation and criminal prosecution. Engaging legal assistance early helps to ensure that these legal considerations become part of the response process.

Notify Insurance

Many insurance policies include cyber-incident response coverage, but the insurance company may have their own preferred vendors for both legal and cyber-security teams. Additionally, insurance companies can often help with communication and coordination of the IR process.

CONTACT US

FAQ

1
What logs and tools are available for an investigation?
Knowing the available logs can help determine what historical data is available for an investigation. High priority logs include security event logs from domain controllers and outbound firewall logs.
2
How can the network be accessed remotely?
Remote access to the network is a frequent entry-point for attackers. Identifying remote access routes can assist with containment and scoping.
3
What data could the attackers be targeting?
Identifying the data that attackers could be after can provide some initial direction on scope, attack vectors and even techniques that attackers might use.
CONTACT US
  • 24/7 rapid response to limit damage, terminate access points and identify assailants
  • Address system analysis, malware collection and review, log analysis, traffic inspection and many other critical components
  • Work discretely with clients, law enforcement and numerous government agencies
  • Extensive knowledge of leading edge threats and incident/breach reporting requirements
Malware
Ransomware

RANSOMWARE

Don’t merely run AV and restore.

Most ransomware is intended to simply extort money, but in some cases it’s used to obfuscate more significant network intrusions and wide scale data breaches. Will you know the difference? Don’t merely run AV and restore. You could be destroying key evidence and ignoring critical vulnerabilities that could lead to repeated attacks. From negotiating payments to decrypting data, our experience analyzing millions of maliciously encrypted files gives us a unique advantage when dealing with these crippling attacks.

Ransomware

RANSOMWARE

Don’t merely run AV and restore.

Most ransomware is intended to simply extort money, but in some cases it’s used to obfuscate more significant network intrusions and wide scale data breaches. Will you know the difference? Don’t merely run AV and restore. You could be destroying key evidence and ignoring critical vulnerabilities that could lead to repeated attacks. From negotiating payments to decrypting data, our experience analyzing millions of maliciously encrypted files gives us a unique advantage when dealing with these crippling attacks.

Ransomware

RANSOMWARE

Don’t merely run AV and restore.

Most ransomware is intended to simply extort money, but in some cases it’s used to obfuscate more significant network intrusions and wide scale data breaches. Will you know the difference? Don’t merely run AV and restore. You could be destroying key evidence and ignoring critical vulnerabilities that could lead to repeated attacks. From negotiating payments to decrypting data, our experience analyzing millions of maliciously encrypted files gives us a unique advantage when dealing with these crippling attacks.

NETWORK BREACH

A well-devised incident response strategy and precise execution are critical.

Led by President and Founding Partner Serge Jorgensen, our IR team has proven experience addressing hundreds of network breaches. Whether crippling attacks coming from insiders with an intimate knowledge of the network or long-term compromises from foreign perpetrators with persistent exfiltration, our agile group is able to quickly assess each individual situation and craft an appropriate, effective response. 24x7x365 We can discretely respond immediately virtually anywhere in the world.

Network Breach