Incident Response Retainer

Lock in fast and comprehensive support and access a team of experts for a timely response to attacks.

How we can assist

  • The solution is about more than just technology. Our people are experts in their area of specialisation. Their deep engagement with your people and your organisation empowers them to have precision and agility when detecting unusual activities in your network.
  • We take an advisory role from the moment you contact us. As part of our onboarding process, we collect as much information as possible to ensure all bases are covered, whatever the scenario. Our advisory team is empowered to ensure you get the rapid and efficient action required as soon as the need arises.
  • Containment is key. Our team will ensure timely detection and response to security incidents specific to source, time of day, or attack vector.
  • Ability to respond to a wide range of attack types through forensic discovery, active containment, and rapid eradication of intruders from the network.

Secure your network with comprehensive incident response support

Guaranteed response time

Local support and advice, as well as guaranteed response time in the event of an attack.


Excellence in people and processes

Secure access to the right experts. Complete visibility and finely tuned processes.


Network assessments

Advance network assessments for attack scenarios.


Industry-leading technology

Supported by forensic and incident analysis technology.


Challenges We Address

Running an effective Security Operations Centre.

The complexity of running your own 24/7 SOC can be a distraction from your business’s core purpose. Avoid the hassle of coordinating IT resources, maintaining compliance and managing your security in a comprehensive, cost-effective way by partnering with us.


Managing your security program.

Being in control means having the right information at the right time. A good detection and response program will ensure you maintain the highest standards across your Governance, Risk and Compliance (GRC) activities. Our IT security experts offer decades of experience dealing with breaches of varying sizes and scales.

Detecting and responding to common threats and attacks.

The greatest challenge for businesses today is the rapid detection and response to threats. Malicious attacks, including malware, phishing, ransomware, DDoS and social engineering attacks can escalate quickly, becoming a major breach. The PR and regulatory implications can be devastating. We bring together the right people, processes and technology to protect your organisation.

Frequently asked questions about Incident Response

What is an Incident Response Retainer?

An Incident Response Retainer offers a process of forensic discovery, active containment, and rapid eradication of intruders from the network. Gain access to incident response experts and secure guaranteed SLAs.

What are the 4 steps in an Incident Response Plan?

  1. Analysis - our team of specialists applies forensic analyses to an incident to determine the source, how best to remediate it, and to confirm remediation steps are complete.
  2. Containment and eradication – critical data may be deleted, or assumptions made on the ‘eradication’ of a threat actor when they may still be active elsewhere or commonly, have placed back doors in your environment to regain access. We contain and eradicate major cyber security incidents to their entirety.
  3. Recovery – Tesserent supports organisations in recovery through post-incident reviews, recommendations for improvement to prevent the recurrence of incidents, and supporting documentation reviews.

Post Activity – Tesserent will carry out any further forensic activities as requested by the Customer, including providing reporting aligned with your governing body, or federal government guidelines. Tesserent has the capacity to speak in court if your incident becomes a legal matter.

What are the 7 phases of a cybersecurity incident response plan?

Tesserent follows the NIST 800-61 framework when dealing with major cyber security threats in our customers' environments.

The framework consists of the following steps:

Preparation – Tesserent’s proactive approach to incident response delivers your organisation an incident response plan, ensuring those responsible for participating understand their roles and responsibilities and that your organisation has a plan in place when the worst happens. Preparation is a proactive measure that has the biggest influence on reducing the impact of cyber incidents whilst assisting to prevent an incident in the first place.

Detection – Tesserent assists in ensuring that your organisation will not only have the appropriate security tools in place, such as SIEM and EDR but that the information being collected is relevant and in line with best practice, assuring protection of the data that matters to you and keeping your security solution cost-effective. In addition to providing skilled analysts and engineers, we also arm them with advanced threat detection tooling and techniques such as AI and automation.

Analysis – Tesserent analyses security alarms, events, and incidents to deliver end-to-end incident response for your organisation. Our team of specialists analyses an incident to determine the source, how best to remediate it, and to confirm remediation steps are complete using a combination of automated and manual techniques.

Containment and Eradication – Containment and Eradication without the appropriate skills can result in further organisational damage - critical data may be deleted, or assumptions made on the ‘eradication’ of a threat actor, when they may still be active elsewhere, or commonly, have placed back doors in your environment to regain access. Tesserent has the skills to contain and eradicate major cyber security incidents to their entirety. Tesserent can also conduct forensic analysis when required.

Recovery – Tesserent supports organisations in recovery through post-incident reviews, recommendations for improvement to prevent the recurrence of incidents, and supporting documentation reviews.

Post Activity – Tesserent will carry out any further forensic activities as requested by the Customer, including providing reporting aligned with your governing body or federal government guidelines. Tesserent has the capacity to speak in court if your incident becomes a legal matter.

Contact us

Speak with a Tesserent
Security Specialist

Tesserent is a full-service cybersecurity and secure cloud services provider, partnering with clients from all industries and all levels of government. Let’s talk.

Let's Talk
Tess head 9 min