HG Remediation & Incident Response

The threat of cybercrime is the new reality for enterprises worldwide. It is not a matter of if you will be targeted, it is a matter of when. Unfortunately most organizations are not proactive in their approach to information security; until they have been breached.

Herjavec Group takes on the most complex of environments and supports four phases of security incident response activity:

post-incident

Scoping

Detection & analysis

recovery

Incident Response

Containment, evidence collection, eradication or remediation

response

Recovery

Support in return to normal operations

scoping

Post-Incident Review

Including controls reviews, actions for improvement

 Herjavec Group’s Security Incident Response and Remediation Services are modeled after NIST SP800-61r2 and ISO 27035. Service differentiators include:

  1. We respond with a customized response team. We work within customer tools and processes, offering state of the art networking and forensic tools only when needed. Our flexibility provides faster, more effective incident response.

  2. We are on site offering a high-touch cyber incident response plan. On site presence is critical to managing a security incident, interacting with management and ensuring the best outcome for our customers.

  3. We do not abandon the customer once the incident is closed. When a complex incident occurs, Herjavec Group follows through on recommendations that are made and supports our customers through the entire cycle of remediation as required.

Herjavec Group’s Security Incident Response & Remediation Team 3-Tiered Structure

1
Incident Commander

As the customer’s first contact with Herjavec Group’s Security Incident Response and Remediation Team, the Incident Commander works with the customer to understand the scale and scope of the incident to determine the size of the Incident Response and Remediation Team to deploy. The Incident Commander is in contact with the customer on a daily basis to monitor the incident status, or to determine if additional or alternative resources are needed.

2
Incident Controller

As the customer’s onsite contact with Herjavec Group, the Incident Controller becomes the single point of contact between management and people working on the remediation of the incident. The Incident Controller is responsible for tracking activities and providing daily reporting on the progress (remote activity) of the incident handling.

3
Incident Handlers

As the resources working on the cyber incident itself, Incident Handlers are specifically selected based on their skill and experience. The skills include incident detection and analysis, incident control and handling, containment, eradication and recovery, and forensic investigation and root cause analysis.

Herjavec Group offers three tiers of remediation and incident response packages ranging from a basic package with an hourly rate to packages with pre determined response time and committed hours of work.

We have supported successful remediation efforts across some of North America’s largest enterprise businesses.

Examples of the security support offered include:

  • Managed and monitored the customer’s incident bridge
  • Isolated the network from external threats
  • Disrupted communication channels used by threat actors
  • Architected security strategy involving Firewalls, IPS, SIEM, Anti-Virus, and APT appliances
  • Deployed all of the security technologies for remediation response
  • Developed custom reporting to highlight indicators of compromise
  • Provided technical consulting across multiple levels of the organization
  • Co-ordinated service restoration to key business functions
  • Guided the business on security incident response and remediation strategies

Add-On Services

Response Readiness

A two-day service to assist the customer in their Incident Response plans. Herjavec Group will be on site to review the current state of the Incident Response plans and make recommendations for improvements. When used bi-annually, Herjavec Group can assist the customer to create a proper Incident Response plan.

Post Incident Executive Briefing

A half day session with the Incident Commander, or a Herjavec Group Senior Vice President, to talk to the customer’s senior staff about the incident. In the Post Incident Executive Briefing, Herjavec Group will review the incident details, the incident handling process, and share recommendations for improvements to the customer process of incident handling.

Public Relations and Communications Support 

Communications support offered for internal and external facing releases relating to incident announcement, status updates and press release as required. Support in drafting content as well as quote from Herjavec Group leadership in terms of remediation efforts and operational re-alignment.