Incident Response

Programs & Exercises

WHITE ROOK Cyber offers Assessments, Exercises & Uplift Programs to meet future capability

  • We work with your Incident Response, Information Technology and Senior Management Teams to provide advice on the planning & design, preparedness, testing and associated incident response processes.
  • This is designed to uplift understanding of the current and future capacity of your organisation to Prepare, Detect, Contain, Eradicate and Recover in the event of a cyber incident.
  • We’ll work with you to develop an ongoing Incident Response Program and establish appropriate training to uplift your current capacity designed to meet your targeted future state.

Our Incident Response services and programs can be viewed as:

  1. Resilience and Readiness
  2. Testing
  3. Cyber Breach Response and Forensics
  4. Industrial Incident Response and Readiness
  5. Managed Detection and Response Solution

We welcome the opportunity to discuss your specific requirements. Our most in-demand Incident Response services include:

Resilience and Readiness Offerings:

Testing Services & Exercises:

Cyber Breach Response and Forensics Offerings:

Industrial Incident Response and Readiness Services

Managed Detection and Response

  • Xxxxx links to relevant subsection below

Resilience and Readiness

Breach Readiness Assessment, aka Incident Response Readiness or Cyber Breach Preparedness

Currently, the majority of Australian organisations are only working to prevent breaches. Truly Cyber Resilient organisations assume an incident is inevitable and employ a proactive strategy to become Breach Ready and plan to minimise impacts of a future breach.

Our Breach Readiness Assessment is developed by our Digital Forensic and Incident Response (DFIR) experts.  Their experience, across thousands of incidents, shows that as many as 95% of client organisations lack the capabilities to effectively and efficiently remediate a security incident.  Planning for an inevitable breach will assist with a fast and appropriate response, an effective in-depth root-cause investigation and will reduce operational, financial and reputational impacts to your business.

Contact us for more information, or to discuss your Breach Readiness Assessment.

Threat Landscape Assessment – specific to your business

Do you know what the picture of your organisation looks through the lens of an attacker?

A Threat Landscape Assessment provides this insight using reconnaissance across thousands of data sources to identify previously unknown threats that could be used to attack your organisation.

A Threat Landscape Assessment will help you to answer the following critical questions for your organisation:

  • Who are my actual adversaries?
  • What are their tactics, techniques and procedures?
  • How do I defend against them?
  • Where do opportunities lie?
  • Does my security posture provide coverage against my threat profile?
  • What threats are of significance to my industry?

Our Threat Landscape Assessment is available as a one off ‘point in time’ assessment or a repeated program of active monitoring of your threat landscape.

A Threat Landscape Assessment provides value-add to a Cyber Security Risk Assessment, by reducing uncertainty and providing critical situational awareness of the shifting threat landscape, while aiding in identifying probable threats and opportunities to reduce the risk of a real attack.

Contact us for more information, or to discuss your Threat Landscape and Risk Assessment requirements

Incident Response Management Plan, Playbooks and Exercising

An Incident Response Management Plan documents critical steps to keep a minor incident from becoming a major catastrophe.

Without an Incident Response (IR) Plan most organisations cannot perform an effective response due to a lack of documented best practice next steps, poorly defined roles and practiced collaboration, leading to panic, bad decision making and increase of impact.

An IR Plan details high-level decision making that organisations need, including:

  • Classification and prioritisation of incidents
  • Formation of a Security Incident Response Team
  • Assessment and escalation
  • External and internal communications and public relations
  • Third party engagement
  • External regulatory notification

Incident Response Playbooks

Playbooks provide best practice step by step actions to be performed for the type of incident being faced.

We tailor playbooks to your organisation designed to your team through each phase of incident response: detection, analysis, containment, eradication, recovery and post incident handling.

Incident playbooks are available for almost all types of incidents, including:

  • Double extortion ransomware
  • Data breach
  • Unauthorised use
  • Business email compromise
  • Fraudulent website

If required we can recommend the most appropriate playbooks for your organisation, based on your most likely threats. We also offer IR workshops and table top exercises. Read more on our workshops here.

Contact us for more information, or to discuss your Incident Response Plan and Playbooks today.

Broader Company Incident Response Awareness Training

Include the theme of Incident Response into your broader company Security Awareness training.

Contact us for more information, or to discuss your Security Awareness training

Testing Services & Exercises

Incident Response Workshops – Table top testing and live-fire exercises

Your Incident Response Plan and playbooks will be tested, sooner or later, will this be during a real breach, or in a controlled test scenario?

True cyber resilience can only be achieved through ongoing testing of your capability to detect and respond to security incidents.

A comprehensive incident testing program can expose gaps in even the most seemingly robust of cyber incident response plans and provides valuable insight into whether your incident response plan will deliver when required for your organisation.

By running table top and live-fire workshops that replicate incidents, business leadership can be assured team members will have the required understanding and skill to execute the IR plan and playbooks in the event of a real incident.

Our Incident Response Workshops & Exercises are facilitated by experienced responders that have seen time and again how badly incidents can be handled before they’re called in.

Tabletop and live-fire workshops can be carried out separately, but have greater impact when performed together.

Contact us for more information, or to discuss your Incident Response Workshop today.

Incident Response Capability – Pentest Response

Unlike an attacker, a penetration tester isn’t trying to remain undetected. Their aim is to discover as many exploitable vulnerabilities as possible.

By treating a penetration test as if it were an actual attack, we can determine the effectiveness of your current incident response capabilities and whether you could remediate and investigate any damage caused.

Discover the blind spots that are hindering the detection of malicious activity in your environment and whether you possess the capabilities to respond to it.

Contact us for more information, or to discuss your Pentest Response requirement.

Adversary Emulation

Implementing controls isn’t enough – you must also test that they work, otherwise you’ve wasted a large amount of time and money on a solution and are still at risk!

By emulating the techniques that threats utilise against known frameworks and methodologies, we can confirm or deny if your current technical controls can protect against or detect intrusion attempts.

Test the efficacy of your controls against threats that you are likely to face.

We also evaluate the coverage of vendors – contact us to find out more.

Contact us for more information, or to discuss your Adversary Emulation.

Cyber Breach Response and Forensics Offerings

Emergency Incident Responsepowered by

Contact us immediately for swift and decisive action. Together with our Incident Response specialists we provide holistic incident response across all types of security incidents using the following process:

Engage – We will engage with you to quickly perform an initial assessment, gap discovery, and put together an action plan. Our Incident Response specialist can assist with corporate crisis response and data breach advisory.

Investigate – Our expert and experienced Incident Responders will conduct a thorough investigation of the compromise to understand the scope, impact, and cause of the incident and provide direction to assist in mitigating risk, while performing data preservation and maintaining Chain of Custody where necessary.

Contain and Eradicate – We will determine the scope of the incident and advise you on how best to contain the compromise and eradicate the attacker to prevent further damage. Our Incident Response specialists can adapt by utilising in house security and IT solutions or deploy specialist Incident Response or Forensic hardware and software solutions where required.

Recover – We will work with you to recover systems and return them to Business As Usual.

Investigate In-depth – Forensic experts will determine the breadth of actions performed by the attacker including any data breached or exfiltrated, and vulnerabilities or backdoors introduced.

Harden and Reduce Attack surface – our Incident Response specialists will advise the best course of actions to ensure that the organisation is hardened against further attacks.

Debrief – Once you have returned to Business As Usual we will perform a full debrief to identify how to uplift your incident response for future compromises.

Recommend and Report – Ongoing Executive and Technical reporting and immediate, incidental and post incident long term recommendations.

Post-incident Inspection – to check for any remaining attacker activity that may be present in the environment.

Digital Forensic Investigation

Do you suspect the presence of a Malicious Insider or an employee of malfeasance/unauthorised use/IP theft?

Already remediated a compromise but need to investigate in depth what actions an adversary took? What data did they access? Did they leave any backdoors?

Our Incident Response specialists are not only experts working against cyber criminals but also against malicious insiders – Insider Threats. Investigators are experienced at ensuring the preservation and integrity of evidence, maintenance of Chain of Custody, performing thorough examination and providing detailed Expert Witness reporting for both non-technical and technical audiences.

Where an attack is discovered or believed to still be underway, our Incident Response specialists will advise and provide Emergency Incident Response and Investigation

Engage experts as soon as possible to ensure you’re not accidentally tampering with evidence – causing it to become inadmissible or highly contestable.

Contact us to discuss your Digital Forensic Investigation.

Compromise Assessment

Would you know if your systems have been compromised?

The Compromise Assessment service understands that 100% detection of threats is never guaranteed, so it’s vital to spot a malicious intrusion as quickly as possible. Through our Compromise Assessments, we analyse your organisation for signs of malicious activity and provide assurance you have not fallen victim to attack.

Using our expert knowledge of attacker tactics, techniques and procedures a Compromise Assessment will assess your environment through the eyes of an attacker to look for known signs of malicious activity. In the event there is evidence of a compromise, our Incident Response specialists will provide Incident Response and assist in the response effort.

Contact us for more information, or to discuss your Compromise Assessment.

Incident Response and Forensic Investigation Retainer

Contact us for more information, or to discuss your IR and Forensic Retainer requirements today.

Advisory Services and Education – associated with IR

  • Do you need advice on your organisation’s security strategy?
  • Are you experiencing issues with your current security posture?
  • Is educating upper management on the current risks and mitigations critical to success?
  • Do you need an expert to present to the board?

WHITE ROOK Cyber can assist. Contact us for more information, or to discuss your Advisory and Education requirements.

Industrial Incident Response and Readiness

Industrial Incident Response

We understand the fundamentals of OT, how adversaries attack OT and what needs to be done to enable successful detection, containment and eradication. Our remediation plans are made for ICS and do not require deploying agents to devices.

If you’re experiencing an incident or suspect that you’ve been compromised, delaying Incident Response increases impact and allows adversaries more time to achieve their aims.

Our Incident Response specialist’s Lead Responder is certified GIAC Response and Industrial Defence.

Contact us for more information, or to discuss your Industrial Incident Response requirements.

Prepare your OT for Incident Response

Enterprise best-practices and solutions do not translate well into ICS environments – this is equally true for Incident Response, Investigation and Readiness.

Compared with Enterprise IT, Incident Response within ICS environments requires:

  • comprehensive in-depth analysis of your environment,
  • enablement of detection and response mechanisms,
  • planning and testing, with very little room for error.

Contact us to discuss preparing your OT for IR.