Trustwave Incident Response - Forensics
Trustwave SpiderLabs is the foremost resource for security incidents and breaches
A quick and efficient response to an attack on your network can save an untold amount of time, money and staff hours. Determine the source, cause and extent of a computer security breach quickly with Trustwave incident response services. Or learn how to recognize the indicators of a compromise and respond appropriately on your own with our incident readiness services.
Having responded to more than 2,000 data security incidents, performed thousands of network penetration tests and carried-out hundreds of application security tests, Trustwave SpiderLabs, and by extension its clients, stays apprised of the latest threats and methods of data compromise.
We've worked cases involving the theft of Payment Card Industry (PCI) data, electronic protected health information (ePHI), personally identifiable information (PII), industry trade secrets, sensitive corporate information, classified data and other types of protected assets.
Organizations large and small select Trustwave SpiderLabs to augment their team through our incident response and readiness expertise. This includes:
- Free consultation to assess your business environment, risk and needs
- Integrated security technologies through a single source
- 24x7x365 support and dedicated security and compliance analysts
- Access to our cloud-based management portal
- "Follow the Threat" global Security Operations Centers
- $100,000 Breach Protection Program
Forensic Data Acquisition
We identify accessible, recoverable and relevant data to locate and index all computer- and user-generated evidence up to and including the recovery of content from non-functioning storage devices. Forensic data can be gathered from physical devices, logical volumes, memory, volatile data and network traffic. Trustwave SpiderLabs handles all data in accordance with proper digital evidence handling procedures to ensure evidence admissibility in court.
PCI Forensic Investigations
Trustwave SpiderLabs is a certified PCI Forensic Investigator and has more than seven years of experience investigating security breaches at physical locations, e-commerce sites, payment processors and payment gateways.
The experts at SpiderLabs have responded to incidents including direct hacks, denial-of-service attacks and social engineering and phishing schemes. As a result of our response services, we attempt to identify the source of the incident, isolate the affected systems, minimize the repercussions through containment and, finally, establish a removal and remediation strategy. In addition to our technical analysis, we provide insightful guidance on managing an incident in terms of media relations, corporate communications and working with law enforcement agencies.
Incident Readiness Services
We’ve developed repeatable response methodologies that deliver consistent results. We can teach you to recognize the indicators of compromise and how to respond most efficiently and effectively to limit the impact of a breach while preserving the evidence and its chain of custody. Simulated exercises will help you develop or tweak your response strategy and prepare staff to respond appropriately to a real-world scenario. Deliverables include a documented and tested Computer Security Incident Response (CSIRP) plan, development and training for a Computer Incident Response Team (CIRT), forensic analysis training and personal training exercises scored using a customized rubric.
Computer and Network Forensic Analysis
Through our Sniper Forensics methodology, developed by our own experts, we perform a comprehensive analysis within a wide variety of scenarios and on a wide range of devices. Having worked some of the largest security breaches in the world, we’re intimately familiar with the system- and network-based indicators of compromise (IOCs) left behind by attackers or malware. With the evidence we collect, we can tell a complete story about what happened.
Mobile Device Forensic Analysis
By performing a forensic analysis of tablets, smartphones and other mobile devices, we can create a forensic image of that device, build a geographical and/or chronological profile and recover lost, deleted or corrupted data.
Malware Reverse Engineering and Containment
The experts at SpiderLabs can quickly identify and extract malware for detailed analysis in a laboratory environment. By dissecting malware at the lowest level, we work to determine its purpose, propagation method, and functional components. Using what we learn, we can minimize the malware’s propagation, eradicate it and prevent future outbreaks.
Understand the Full Story of a Breach
No matter the complexity of your operations, whether they be a single site or a network of national franchises, Trustwave SpiderLabs will work to determine the cause of a security breach, identify the targeted data and tell a complete story of the intrusion.
Develop Your Own Response Team – or Retain Ours
In our investigations of data compromise last year, we found that the median number of days a business took to detect a breach was 87. The longer an intrusion goes unidentified, the more time its perpetrators have to wreak havoc. With the same training Trustwave SpiderLabs provides to law enforcement organizations around the world, you can build your own expert response team to recognize indicators of compromise (IOCs) before the damage is done.
Understand Exactly What’s Required of You
Having investigated and guided clients through hundreds of data compromises, Trustwave SpiderLabs will serve as your advocate in informing third parties and law enforcement, and in handling public relations.
Limit Exposure with a Quick Response
A Trustwave SpiderLabs expert can remotely and immediately provide guidance and, if necessary, arrive on site in just days to limit the impact of an attack on your network and preserve the integrity of any associated hardware, data or other digital evidence.
Litigate with Confidence
Trustwave SpiderLabs has expertise in digital evidence handling, which ensures the protection of chain-of-custody for the evidence of a digital crime.
How It Works:
With more than seven years of service, Trustwave SpiderLabs is uniquely positioned help you to prepare for and respond to a variety of security incidents. Our team members are devoted, passionate and proven security professionals, with career experience ranging from corporate information security and security research to the U.S. military and federal and local law enforcement.
Our team has established a global presence and investigated breaches in all of the world’s major economies. We facilitate global investigations through our forensic labs in the United States, the United Kingdom, Australia and Colombia using local staff wherever possible. We offer availability 24 hours-a-day, seven days-a-week. SpiderLabs collectively has worked more than 2,000 investigations, including cases involving a single piece of digital evidence all the way to international breaches involving hundreds of systems spanning multiple continents.
Our tested, repeatable, industry-recognized methodology focuses on the components of the “Breach Quadrilateral”: infiltration, propagation, aggregation and exfiltration.
Infiltration involves the points of origination and causes of a data breach, propagation explains how an attacker moves from the initial point of entry to the target systems, aggregation determines how the breach occurred and what data was harvested by the attackers and exfiltration uncovers how data was transferred to the attackers’ systems.
Download the Trustwave Data Forensics and Incident Response Services Data Sheet (PDF).
Download the Trustwave Incident Readiness Program Data Sheet (PDF).