Incident Response Retainer

An Incident Response Retainer offers a process of forensic discovery, active containment, and rapid eradication of intruders from the network. Gain access to incident response experts and secure guaranteed SLAs.

1. Analysis - our team of specialists applies forensic analyses to an incident to determine the source, how best to remediate it, and to confirm remediation steps are complete.
2. Containment and eradication – critical data may be deleted, or assumptions made on the ‘eradication’ of a threat actor when they may still be active elsewhere or commonly, have placed back doors in your environment to regain access. We contain and eradicate major cyber security incidents to their entirety.
3. Recovery – Tesserent supports organisations in recovery through post-incident reviews, recommendations for improvement to prevent the recurrence of incidents, and supporting documentation reviews.

Post Activity – Tesserent will carry out any further forensic activities as requested by the Customer, including providing reporting aligned with your governing body, or federal government guidelines. Tesserent has the capacity to speak in court if your incident becomes a legal matter.

Tesserent follows the NIST 800-61 framework when dealing with major cyber security threats in our customers' environments.

The framework consists of the following steps:

Preparation – Tesserent’s proactive approach to incident response delivers your organisation an incident response plan, ensuring those responsible for participating understand their roles and responsibilities and that your organisation has a plan in place when the worst happens. Preparation is a proactive measure that has the biggest influence on reducing the impact of cyber incidents whilst assisting to prevent an incident in the first place.

Detection – Tesserent assists in ensuring that your organisation will not only have the appropriate security tools in place, such as SIEM and EDR but that the information being collected is relevant and in line with best practice, assuring protection of the data that matters to you and keeping your security solution cost-effective. In addition to providing skilled analysts and engineers, we also arm them with advanced threat detection tooling and techniques such as AI and automation.

Analysis – Tesserent analyses security alarms, events, and incidents to deliver end-to-end incident response for your organisation. Our team of specialists analyses an incident to determine the source, how best to remediate it, and to confirm remediation steps are complete using a combination of automated and manual techniques.

Containment and Eradication – Containment and Eradication without the appropriate skills can result in further organisational damage - critical data may be deleted, or assumptions made on the ‘eradication’ of a threat actor, when they may still be active elsewhere, or commonly, have placed back doors in your environment to regain access. Tesserent has the skills to contain and eradicate major cyber security incidents to their entirety. Tesserent can also conduct forensic analysis when required.

Recovery – Tesserent supports organisations in recovery through post-incident reviews, recommendations for improvement to prevent the recurrence of incidents, and supporting documentation reviews.

Post Activity – Tesserent will carry out any further forensic activities as requested by the Customer, including providing reporting aligned with your governing body or federal government guidelines. Tesserent has the capacity to speak in court if your incident becomes a legal matter.