Our MSSP customers already benefit from our Security Incident Response service. However, this service is also offered to our non-MSSP customers. If you have either suffered from an incident or want to be prepared for one, this service may be what you are looking for. The service includes

• 24 x 7 Security Incident Response team ready with the tools to help you in a time of stress
• Our service will help to contain and recover from the incident, aiming to eradicate the threat. This includes identification and removal of unauthorized resources and configuration including external and persistent access.
• Security Forensics to identify the root cause of the incident, whether that is through a misconfiguration, a software vulnerability, compromised credentials, third party access or even insider threat.
• A report of the incident, the outcome, the remediation steps, the root cause and the recommendations to reduce the risk of future compromise.
• If required, liasion with the AWS Critical Incident Response Team (CIRT) through the AWS Security Incident Response service. RedBear are also a launch partner for this new service, announced at AWS re:Invent 2024.

RedBear’s security incident response service is available as a one off activity or under an ongoing arrangement.

Incident Response preparation

In addition, we can work with you to help develop an internal security incident response process and take your key teams through incident response workshops to be prepared should the worst happen. In performing incident responses on behalf of customers, we have learnt what does and doesn’t work and what traps to avoid.

• Develop an incident response plan with your teams to clearly define the process, roles and responsibilities.
• Table top road test the response plan to train your teams and refine the process.
• Identify any gaps in log and visibility coverage that will be crucial in any incident response.
• Ensure you have the access and tools ready to go. Time is of the essence in any cybersecurity incident response.
• If you don’t know where to start, we can run a Threat Modelling workshop to get you all thinking like a hacker. Where are the potential weaknesses in your security controls?
• It’s a blend of team, tools and experience.

Our CTO, Jem Richards, was recently on the AWS Security Live show discussing Security Incident Response. Check it out on Twitch!