Respond rapidly to cyberattacks by using AI, data and statistics.
Clean-UpTM: Incident Response
Incident response and clean-up are on-site security services. A successful clean-up involves identifying the weakness that the hackers exploited during the intrusion, fixing those weakness, restoring clean operating systems to any affected machines, and restoring access to clean filesystems.
The first step to clean-up is to establish a safe, secure sub-network and a collection of safe workstations. The secure sub-network serves as a toe-hold to recover your entire network.
The second step is an audit of the method(s) of attack and the extent of damage. Data, statistics, and AI are used for the audit. A conservative approach to clean-up often means that most of the systems on your network will be examined. Critical updates to your infrastructure will be noted.
The third step is recovery. During this step computers are restored and patched. Affected storage media may also be cleaned. If the clean-up audit was well done, then this restoration step will only need to be done once. On the other hand, if the audit was done to quickly, then the intrusions will repeat and your organization will have to continue restoring newly hacked machines. The recovery step is complete when your network and workstations have been restored to normal function and safe operation.
The forth step is forensics. Please carefully consider whether extensive computer forensics will be necessary. It is sometimes a legal requirement to contact the FBI or law enforcement.
Contact Intrepid Net Computing for incident response, whether on-site or remote.
More ExplanationsWhat is Cybersecurity Incident Response?
Why Clean-Up Hacking?
Incident Response, Part 1: Planning