About Sword & Shield
Since 1997 Sword & Shield has been the trusted information security partner for 3000 clients in 50 states and 27 countries around the globe.
Awards CertificationsRequest Consultation
Company News
-
800-810-1885
Your Partner for a Secure Future
- Home
- Services
- Industry Solutions
- Products
- About
- Contact
- Blog
Security Testing
Risk and Compliance
Forensics and eDiscovery
Security Products
© 1997-2010 Sword & Shield Enterprise Security, Inc.
Incident Response
NOTE: If you are currently experiencing a security breach, U.S. Toll-free: 800-810-1885 for immediate assistance.
Bill Dean #581
Pete Dedes #562
When it comes to information security-related matters, today’s IT staffs must deal with a variety of security incidents, such as security breaches from both external and internal sources, notifications when the protection of customer data has been compromised, forensic investigation of fraudulent activities, and sabotage by personnel in sensitive positions.
Having a plan of action before security incidents occur and having the right security partner to help when they do occur is critical. We are here to help you in both preparing and planning for handling security incidents as well as being there for you during those critical times to properly handle security issues. Through a comprehensive offering of incident handling and forensic services, we have experience in assisting customers of all sizes.
Our Incident Response Services
Preparation
Although the incident response consultants are not typically responsible for incident prevention, Sword & Shield provides incident response preparation services for our clients. For our clients who have purchased the Rapid Response Shield™ kit, we assist in their efforts to prepare for computer security incidents. This preparation also facilitates our ability to handle your incidents more efficiently.
Detection
For many organizations, the most challenging part of the incident response process is accurately detecting and assessing possible incidents—determining whether an incident has occurred and, if so, the type, extent, and magnitude of the problem. Sword & Shield leverages extensive security and forensic investigation experience to detect and confirm the computer security incident.
Analysis
Sword & Shield rapidly performs an initial analysis to determine the incident’s scope, such as which networks, systems, or applications are affected; who or what originated the incident; and how the incident is occurring (e.g., what tools or attack methods are being used, what vulnerabilities are being exploited). The initial analysis provides us with enough information to prioritize subsequent activities, such as containment of the incident and deeper analysis of the effects of the incident.
Containment
When an incident has been detected and analyzed, it is important to contain it before the spread of the incident overwhelms resources or the damage increases. Most incidents require containment, so it is important to consider it early in the course of handling each incident.
Eradication
After an incident has been contained, eradication may be necessary to eliminate components of the incident, such as deleting malicious code and disabling breached user accounts.
Reporting
One of the most important parts of incident response is also the most often omitted: learning and improving. In each incident that we handle, we provide expert reports answer the critical questions of the computer security incident: What happened? How did it happen? What data was accessed or compromised? How do we prevent similar computer security incidents from occurring in the future? Sword & Shield does not consider the handling of any computer security incident complete until we have answered the questions for our clients.
Rapid Response Shield™
When you retain Sword & Shield for incident response, our experts remain on call and are already familiar with your network environment and the location and nature of sensitive data. That means we respond faster and more accurately to security incidents—up to 30 percent faster when it comes to initial response efforts. And Sword & Shield’s computer security experts remain on call from the initial detection of a breach, to event analysis and post-incident activities.
Real Success Story
Analysts Recommend Simple IT Task to Secure Protected Health Information
A healthcare company contacted Sword & Shield’s Incident Response Team after discovering suspicious files that permitted access to patient information on one of their Internet servers. As part of the Incident Response Service, our analysts detect and assess possible incidents to determine whether an event has occurred, the magnitude of the event; how to contain and eradicate this incident and how to respond in the future to prevent similar events.
In this case, Sword & Shield analysts performed a full forensic analysis of the healthcare company’s server and determined that the server had been compromised with malicious software that allowed unauthorized access from the Internet. The malicious software had gone undetected by anti-virus programs for more than three weeks as intruders were accessing the system and patient information – an incident that could result in penalties should it be determined that the company failed to secure protected health information (PHI).
Analysts further determined that a simple misconfiguration of the Internet server software had permitted the uploading of the malicious software and they informed the healthcare company’s IT professional that a reconfiguration was necessary to prevent further problems of this nature.
Find Out More
Sword & Shield has been outsmarting cyber-criminals and improving security for enterprises around the world since 1997. Fill out our Consultation Request form or contact us by phone so we can begin securing your future.
U.S. Toll-free: 800-810-1885
International: 865-244-3500
Request a Consultation