Watch More


KRYPTON's Experts are often guest speakers in IT Security conferences around the world. Watch some of these talks here.

Subscribe To Our Newsletter




 

Incident Handling & Forensics

Incident Handling & Forensics Investigations

Breaches of security can and do sometimes occur despite an organization’s best efforts.  Due to the rapidly shifting nature of malware, hack attacks, and insider threats, there exists a practical guarantee that all nearly IT infrastructures will be compromised at some point – The unfortunate question is not ‘if’, but ‘when’. Therefore, it is best to be prepared with the right processes and training.

  • The 2011 CyberSecurity Watch Survey shows that while outsiders cause 58% of attacks, 21% were internal attacks by employees or contractors, with nearly a quarter of those using rootkits or hacker tools in their attacks.
    Cybersecurity Survey 2011, CSO, Deloitte, the US Secret Service and CERT, January 2011

However, when a crisis does happen, a swift response is often needed to determine its severity and reach. The need for a quick and effective response can overwhelm existing staff and management, especially those encountering a problem for the first time.

There is an increased need for businesses to implement processes to deal with malware and other security incidents and to appropriately counter these threats with knowledge. No discussion about computer forensics is complete without mention of malware, which is one of the biggest challenges currently faced by any organization doing business today.

How It Works

After a security breach has occurred, forensic analysis (The gathering and analysis of facts and evidence after a security incident has occurred) is the key to unlocking the details behind the attack.

What data has been compromised? How and when did it happen? Who is behind the attack? The answers to these questions and the resultant analysis become critical not only to assess the impact and associated risk to the organization and prevent future occurrences, but also to potentially provide law enforcement with actionable information.

Whatever the crisis, the staff at KRYPTON Security is likely to have dealt with a similar incident, and will quickly leverage that experience to minimize the impact to the client.

Through a logical and well-planned response to a crisis, KRYPTON can help minimize losses and prevent serious damage that could extend beyond direct financial loss to harm hard-earned organizational reputation, which can take years to repair.

When a client experiences a security breach, KRYPTON will respond to the crisis with thorough care, concern, and skill. KRYPTON will conduct detailed analysis of any malware discovered to be involved in the incident, which may involve such activities as reverse engineering, behavioral analysis, static and dynamic code review, and the bypass of any potential defense mechanisms to prevent such analysis.

KRYPTON’s forensics experts will collaborate with the client’s technical team to carefully analyze the timeline, examine the data to determine Indicators of Compromise (IOC’s), and identify the attack vector(s) to accurately scope the incident, contain it, and provide solid recommendations to establish the correct security measures to prevent reoccurrence.

As is the standard with all of KRYPTON’s service offerings, the end-result will include a pragmatic report that details implementable solutions in a manner that is both useful to the organization’s technical department and clearly understandable to the management team.