Incident Response Execution

The DeepSeas IR Forward-Deployed Resource ("IR Execute") is a dedicated incident response (IR) subject matter expert responsible for coordinating remediation activities, performing reverse engineering, conducting custom threat research and/or improving Client IR processes across multiple systems or in response to historic embedded attack(s). 

The objective of this service is to provide Client with dedicated incident response subject matter expertise to assist Client with, among other things, i) detecting, containing, analyzing and eradicating threats; ii) implementing structure and process within Client's incident response program; and iii) coordinating incident response efforts among internal Client teams.  

The IR Execute methodology will align work to a standard incident response (IR) lifecycle which typically consists of the following:

1. PREPARE – Review and document existing incident response capabilities, roles and processes across business groups to identify potential gaps, run mock cyber incidents to test and practice, and evaluate Client's overall ability to detect and respond to a breach.

2. DETECT – Identify and deploy incident responders to deliver tactical and strategic expertise in areas such as digital forensics analysis, network analysis, malware analysis and advanced persistent threat (APT) hunting. 

3. RESPOND – IR FDL(s), in close coordination with Client’s security team and affected business units, will work to remove the malicious activity and threat actors from the environment. Digital evidence will be collected and managed for investigative purposes while maintaining chain of custody. 

4. RECOVER – IR FDL(s) will work to restore normal business operations and recover/restore any lost data and systems, in close coordination with Client’s security and information technology teams.

The Forward-Deployed Resource(s) shall be dedicated to Client and will perform in-scope functions as-requested. Deliverables, such as program metrics, threat reports and presentations may be produced; additionally, the IR Forward-Deployed Resource(s) may be asked to perform in-scope tasks such as threat investigations and malware reverse engineering, that may include deliverables and/or verified outcomes.