IR | INCIDENT RESPONSE AND FORENSICS

WHAT IS INCIDENT RESPONSE?

RedLegg’s Incident Response (IR) service utilizes subject matter experts to apply both highly advanced forensics tools and years of experience to the process of locating, preserving, authenticating, and producing electronic evidence.  Nearly every incident involving misconduct, diversion of intellectual assets, security breaches, or internal corporate compliance violations contains digital evidence that if uncovered, would prove invaluable in illuminating the event.  The digital tracks unknowingly created by wrong-doers can often be found only in electronic form.  Even the most sophisticated criminals leave behind digital fingerprints that reveal their actions when scrutinized by a talented computer forensics expert.

Incident Types

  • Actual or suspected data breach incidents
  • Ransomware attacks
  • Unauthorized use of trade secrets

RedLegg experts are experienced at preserving relevant digital information and analyzing that data to help you understand the key facts related to a case.  Whether investigating employee misconduct, regulatory issues, or employment / HR issues, chances are recovery and preservation of available digital evidence is important to the investigation. 

SIEM-Pillar-Banner

Pretty much everything you'd need to know about co-managed SIEM. 

LEARN MORE

CASE TYPES

RedLegg has extensive experience assisting attorneys and corporate officials with collecting and analyzing digital evidence relevant to a variety of matters. The most frequent inquiry types directed at the business environment include:

1

Employment matters such as misconduct, harassment, or policy violations

2

Non-compete agreement violations and former employees violating agreements

3

Unauthorized use of trade secrets by current or former employees

4

Regulatory compliance and legal response to regulatory inquiries

Discovery services are required for litigation purposes. Federal and other legal rules require organizations to be ready to prove preservation of data integrity during discovery. When a lawsuit is imminent or a litigation hold has been issued, the RedLegg team can assist with issues related to the collection, preservation, and processing of Electronically Stored Information (ESI). From mobile devices to enterprise servers, we can collect and preserve your data, from searching and culling processes to presentation and review.

WHAT YOU CAN EXPECT FROM REDLEGG

333
SPEED
EXPERTISE
HANDS-ON
PREEMPTIVE
ANALYTICAL
EFFECTIVE

SPEED

Rapid response to an incident.

EXPERTISE

Preservation of critical digital evidence.

HANDS-ON

Assistance with initial triage, incident assessment, and reaction plan development.

PREEMPTIVE

Early stage assessment of data exfiltration probability.

ANALYTICAL

Root cause analysis (RCA), including malware reverse-engineering, log file analysis, and forensic examination.

EFFECTIVE

Expert reporting and testimony when required.
  • SPEED

    • SPEED

    Rapid response to an incident.
  • EXPERTISE

    • EXPERTISE

    Preservation of critical digital evidence.
  • HANDS-ON

    • HANDS-ON

    Assistance with initial triage, incident assessment, and reaction plan development.
  • PREEMPTIVE

    • PREEMPTIVE

    Early stage assessment of data exfiltration probability.
  • ANALYTICAL

    • ANALYTICAL

    Root cause analysis (RCA), including malware reverse-engineering, log file analysis, and forensic examination.
  • EFFECTIVE

    • EFFECTIVE

    Expert reporting and testimony when required.

INCIDENT RESPONSE SCOPE

RedLegg’s Incident Response Retainer and Advisory Services Agreement allows you to establish an agreement for incident response and forensic services before an event happens. With the agreement in place, you have a trusted partner ready to assist with...

  • -Developing a defensible Incident Response (IR) plan
  • -Rapidly responding to incidents
  • -Supporting internal investigations through digital forensics services
  • -Consulting on issues related to digital forensics and information security

This proactive approach enables you to be prepared for an incident, significantly reduce response time, and minimize the impact of an event.

RedLegg offers three tiers of Incident Response Retainer and Advisory Services Agreements to support different needs and budgets:

  • TIER 1
  • TIER 2
  • TIER 3

TIER 1

No Cost Retainer

Tier 1 establishes terms and conditions between your organization and RedLegg for services, including digital forensic and incident response services.

  • The contract defines hourly rates for services and technology fees.
  • There is no financial commitment or annual cost.
  • You will be billed for time and materials at the rates specified in the Agreement.

TIER 2

INCIDENT RESPONSE AND FORENSICS RETAINER

In addition to establishing terms and conditions, Tier 2:

  • Adds a prepaid block of 50 hours at a discounted rate with a service level agreement (SLA).
  • Allows you to have upfront event preparedness services designed to enhance current incident response capabilities.
  • Can be used for incident response and forensic services.

TIER 3

Incident Response & Forensics Retainer with Training & Advisory Services

Tier 3 provides your organization a proactive approach to improving your cybersecurity, including:

  • Access to the best incident response rate by bundling proactive RedLegg services with a retainer.
  • 100 prepaid hours, allowing you to select from the full portfolio of services to focus on improving your security posture, including hours for:
    • Forensic and incident response services
    • Initial consultation, training, and advisory services
  • TIER 1

    • No Cost Retainer

    Tier 1 establishes terms and conditions between your organization and RedLegg for services, including digital forensic and incident response services.

    • The contract defines hourly rates for services and technology fees.
    • There is no financial commitment or annual cost.
    • You will be billed for time and materials at the rates specified in the Agreement.
  • TIER 2

    • INCIDENT RESPONSE AND FORENSICS RETAINER

    In addition to establishing terms and conditions, Tier 2:

    • Adds a prepaid block of 50 hours at a discounted rate with a service level agreement (SLA).
    • Allows you to have upfront event preparedness services designed to enhance current incident response capabilities.
    • Can be used for incident response and forensic services.
  • TIER 3

    • Incident Response & Forensics Retainer with Training & Advisory Services

    Tier 3 provides your organization a proactive approach to improving your cybersecurity, including:

    • Access to the best incident response rate by bundling proactive RedLegg services with a retainer.
    • 100 prepaid hours, allowing you to select from the full portfolio of services to focus on improving your security posture, including hours for:
      • Forensic and incident response services
      • Initial consultation, training, and advisory services

OUR APPROACH

RedLegg is an innovative, global security firm that delivers managed cybersecurity solutions and peace of mind to its clients.

RedLegg’s approach to information security protects the confidentiality, integrity, and availability of critical data based on a sound risk management framework. This approach allows organizations to engage business owners in defining acceptable levels of risk and to participate in the process for evaluating threats.

RedLegg’s ARMEE (Assess, Remediate, Monitor, Educate, Enforce) methodology institutes a lifecycle that allows for an ongoing process to continuously improve the security posture of the organization. This methodology is designed to be portable to all business, legal, regulatory, and security requirements of the organization. It is flexible enough to account for the constant flux in the market place, attack vectors, and protection mechanisms.

The final step in RedLegg’s ARMEE methodology is to implement solutions that enforce security measures needed to protect against threats that may affect an organization’s core business.

ARMEElogo-1

Resources

      
MSS-Monthly-Sample-Report

 

 MSS-Slick-3D

 

 Case Study_SIEM-International-Law-Firm-SOC-3D-1

 

 SIEM-Architecture-Review

 
MSS Monthly Report Sample Managed Security Info Sheet Managed Security Case Studies SIEM Architecture Review

 

BETTER YOUR RESPONSE.

Better defend your network.

REACH OUT