Security Incident Response (SOS Service)
In addition to permanent and preventive security services, OIXIO Cyber also offers a security incident response service (cyber incident SOS service) for those who have come under a cyber attack – the security incident response service will help in the event of an incident.
Who is it for?
Businesses of all sizes in the private and public sectors that have experienced or suspect a cyber incident and need operational assistance to deal with the situation.
How can we help in case of cyber incident?
In the event of a cyber incident, OIXIO Cyber will immediately activate an emergency incident response team, who will quickly go through a specific procedure on how to mitigate the impact as quickly as possible and provide a plan on how to recover and restore business continuity as quickly as possible.
- Identifying the impact, scope and root cause of the incident;
- restoring business continuity as quickly as possible;
- forensics and support in notifying authorities, escalation to CERT-EE;
- incident containment and eradication;
- suggesting improvements and supporting implementation.
What do we do if…
… there is a possible attack (suspected security incident).
We perform network scans, analyse network traffic, logs, search for IoC’s, perform internal investigations, etc.
… there is a real attack.
We stop the attack, identify the attack vector, investigate and, if necessary, restore systems as quickly as possible.
Collect evidence and forward it to CERT-EE and the PPA if necessary.
Examples of possible cases
We can be contacted for assistance in the event of any suspected or actual cyber incident. Here are some examples of what we can help with.
- The user opened a suspicious attachment, clicked on a phishing link.
- Suspicious files on systems.
- Abnormal behaviour of systems.
- Internal threat (a departed or malicious employee who, for example, stole the company’s intellectual property).
- Suspected data breach.
- Ransomware in network.
- The data has been leaked.
- Spam is sent on behalf of the company/employee.
Why OIXIO Cyber?
- Methodology – We use best practices, tools and workflows to carry out investigations, which in turn are based on known security standards.
- People – Investigations are carried out by highly experienced professionals who are both good theoreticians and good practitioners.
- Speed – In the event of a critical cyber incident, we’re ready to respond quickly – in most cases within 2 hours of initial notification.
- Capability – We have the capability to assess the situation, to conduct an investigation, stop the attack and also to deal with recovery operations.
Need help investigating a cyber incident?
Report the incident to cyber.IT@oixio.eu. We will respond within 2 working hours.