When something happens, Hanco is Here! Our Hanco CyberShield™ Incident Response will allow you to remotely manage your environment and respond to attacks right from your own dashboard. We isolate the host, kill the processes, logoff and block users or IPs and much more.
You see an alert and confirm that a server has been compromised. You or the SOC team decide to isolate the host from the network and lock down the computer for forensic analysis. Time is key and this should be accomplished ASAP before the Cryptoware spreads through the network.
What is the first step?
It does happen, and Hanco is Here so you know what you first step will be.
An incident to your company could mean the end of certain business processes which could put risk to your entire infrastructure and workflow.
Think of the Maersk incident where the attackers did not mean to plant malicious malware into their systems, but it ended up there anyway.
We will help with responding to such threats quickly and affectively by isolating the host, killing the processes, logging off and blocking users or IPs and much more.
An incident is an event that could lead to loss of, or disruption to, an organisation’s operations, services or functions. Incident management is a term describing the activities of an organisation to identify, analyze, and correct hazards to prevent a future re-occurrence.
Some malware attacks do not attempt to single your company out, they can be ‘scattershot’ into the cyber space and your company can fall victim to this. Will our incident response you need not worry about such events.
The general flow of an incident response is as follows:
- Detection and Reporting,
- Triage and Analysis,
- Containment and Neutralisation,
- Post-Incident Activity.