fbpx

Digital Forensics and Incident Response

Digital Forensics and Incident Response (DFIR) is an evolving challenge that requires precision, competency and experience to execute successfully and attain both useful and actionable results.  Pondurance is committed to maintaining the most qualified DFIR workforce in addition to rapidly responding when your IT assets are under attack.  When every minute counts, our experts will guide you and your organization every step of the way from scoping and containing the incident, determining exposure through forensic analysis, and recovering your environment back to normal operations.

Our team has refined and optimized relevant methods and technologies that deliver results.  Having worked with varying industries and law enforcement on a national scale, and over the course of hundreds of incident response engagements, we are the right choice to help you through a cyber crisis. The activities that typically comprise the scope of DFIR engagements include:

  • Incident Response and event containment
  • Crisis Management and incident handling
  • Forensic analysis and investigation of attack vectors
  • Manual or automated digital forensics techniques
  • Breach response assistance
  • Coordination through attorney/client privelege
  • Report of findings and recommendations

“ ... THEY IMMEDIATELY PROVED THEIR VALUE AND EARNED OUR TRUST DUE TO THEIR IMMENSE EXPERTISE AND GUIDANCE THROUGHOUT THE ENTIRE PROCESS ...”

STEVE LONG, CEO OF HANCOCK HEALTH

Market-specific Value Proposition

Our DFIR solutions have been proven across different markets and varying organizations. Whether you are in healthcare, manufacturing, technology, education or retail, Pondurance has ushered hundreds of companies, from Fortune 500 enterprises to small independent service firms, through adverse cyber events.  Our impeccable record and reputation has garnered praise from, and referrals to:

  • Attorneys / In-house Counsel – Pondurance partners with several national law firms that specialize in cyber security and privacy matters on behalf of their clients.  Whether your firm advises or provides direct in-house counsel, we have the experience you need. We prefer to operate under attorney/client privilege to provide the highest level of confidence and operational security regarding all matters.

Law firms we have worked with: 

  • Quarles & Brady LLP

  • Hall, Render, Killian, Heath & Lyman, P.C.

  • Woods & Woods LLP

  • Mullen Coughlin LLC

  • Riley Bennett and Egloff, LLP

  • Ice Miller LLP

  • Clark Hill PLC

  • MaguireWoods LLP

  • Insurance Providers – Whether you are a broker or a major carrier, Pondurance has established a level of reliability and competence that has seen us named as panel members for companies, or even directly written into cyber risk policies as a go-to provider of DFIR engagements.  We specialize in building pre-incident relationships with providers in order to facilitate the most rapid on-target response required during adverse events.  We want to partner with you.

  • Executive Management – If you are a company manager looking for the right partner, or facing a current cyber incident, contact us immediately for a quick response in learning how we get started.  We can provide you with relevant case studies and references from peers in your industry.

We Bring the R in MDR

Our DFIR Teams are the special forces of the cyber security world, able to quickly develop any situation and neutralize threats to stop in-progress attacks. On the prevent side, they are also the most experienced threat hunters as part of our MDR solution and work to spot and thwart latent or undercurrent threats before they can develop. Pondurance maintains an extremely deep and diverse team with specializations that differentiate us from most other IR providers.  Our teams include the following competencies.

  • Incident Responders – The incident responders engage rapidly when called in, with the primary objectives to scope the incident, then contain it.  Containment of any incident is essential above all else in order to stop the spread of infection, eliminate any possibility for recurrence, and facilitate recovery of the operation.  The responders that are part of Pondurance’s DFIR teams are experienced and know exactly how to engage with immediate results. 
  • Incident Handlers – Every crisis situation, including a cyber security incident, needs a cool and dispassionate head to seamlessly orchestrate activities toward the proper end state goal.  The Incident Handlers of Pondurance are trained to provide effective situational management through coordination and tracking of all activities, along with direct interactions with company management to provide status and next steps.  For heavily regulated industries, our Incident Handlers also have a deep level of governance and compliance expertise that can directly influence the situation to generate positive outcomes.
  • Forensic & Malware Specialists – The specialist with deep technical forensic skillsets is one of the most important, yet one of scarcest resources in all of IT.  The perishable skill of forensics requires a constant stream of activity to foster the appropriate experience.  It is at this level that in which the success or failure of an incident response engagement is determined.  The Pondurance team of specialists are constantly engaged in both real life and training scenarios that hone those skills, including: advanced event triage and forensics; malware reverse engineering; exploit kit inoculations; anti-forensics mitigation; disk and file level forensics; and data extraction and recovery.

DFIR teams

DFIR process

Identification

Establish monitoring to recognize, identify, & detect an incident as soon as possible

Containment

Establish programmatic methods to stop the incident from propagating or extending its impact

Eradication

Establish procedures, tools and know-how to eliminate the source and prevent recurrence

Recovery

Establish communications with stakeholders and procedures to continue normal operations, conduct post breach investigation

Seamless Transition from DFIR to MDR

Our numerous successes in DFIR have resulted in a majority of those clients wishing to continue a relationship with Pondurance.  Many have transitioned from incident response mode to full time clients within our Managed Detection and Response (MDR) service.  Our MDR solution provides an always-on, 24/7 approach to operational security monitoring, with proactive threat hunting, to find and stop security incidents before they impact your assets and operations. The big “R” in MDR is RESPONSE, which means that we enable a Closed-Loop Incident Response process that allows us to transition seamlessly, efficiently and effectively from hunting to incident handling at the moment it is needed.  Learn more about becoming an MDR services client here, and get in front of incidents before they can bring harm to your assets and operations.

Certifications

Certification denotes a discipline and commitment to continuing education. In the fast-evolving world of information technology and cyber security, Pondurance is committed to keeping our teams at the knowledge forefront, and become knowledge capitalists that provide insight and cutting edge demonstration of Threat Hunting + Response. Some of the relevant certifications our DFIR team members hold include:

  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Systems Security Manager (CISM)
  • Certified Business Continuity Professional (CBCP)
  • Certified Information Systems Auditor (CISA)
  • Certified Computer Forensics Examiner (CCFE)
  • Certified Ethical Hacker (CEH)
  • Information Systems Security Architecture Professional (ISSAP)

  • Certified in Risk and Information Systems Control (CRISC)
  • GIAC Certified Incident Handler (GCIH)
  • Certified CSF Practitioner (CCSFP)
  • CompTIA Security+ certification
  • Offensive Security Certified Professional (OSCP)
  • GIAC Certified Forensics Analyst (GCFA)
  • Lean Six Sigma Black Belt, and National
  • Incident Management Systems (NIMS)
  • PCI DSS Qualified Security Assessor (QSA)

Call Us Today

Pondurance’s DFIR services can be activated at www.pondurance.com or by calling us at 317-663-8694 and pressing “1”. The DFIR Hotline is answered 24 hours a day, 365 days a year by a Pondurance security analyst or security engineer. That person will work with you to determine the proper response and will engage other Pondurance resources as required. The incident response services will primarily be performed remotely in order to expedite the engagement. Pondurance personnel may be dispatched to client location(s) upon request and authorization by client.

Pre-Paid DFIR Option

Why would an organization pre-pay for DFIR services? Many insurance carriers recommend and even require that you have a contractual arrangement in place with a competent provider of DFIR services if they are providing cybersecurity insurance coverage for your company. And it can fulfill several regulatory compliance standards that require that an organization have an IR plan and methodology in place. Pondurance offers this option to fulfill those recommendation and requirements. The Pondurance pre-paid option also includes a discounted hourly rate and priority service.