Incident Response

Serious security incidents are complex, and may be something you have never encountered before. We have the capacity and competence to manage complex security breaches on-site 24/7.

Telephone: +47 2320 4741
Alternative: +47 2320 2825

Throughout the years of delivering Incident Response services we have investigated:

  • Industrial Espionage
    Where years of research and development in Intellectual Property (IP) has been stolen.
  • Insider Threats
    Where employees, board members and other insiders suspected of inappropriate or unlawful activity
  • Financial Crime
    We have done forensics and log analysis of payment fraud, including Banking trojans. 
  • Blackmailing
    Ranging from Ransomware to DDOS campaigns taking down major finance institutions.

Serious security incidents are complex, and may be something you have never encountered before. Whilst you are waiting for help, we recommend getting started with the following measures:

Initial activities:

  • Define an Incident Manager with overall responsibility.
  • If you have a plan for managing security incidents, initiate it now.
  • Delegate roles. Examples of key roles are: Information Manager, Troubleshooting Team Manager and Logkeeper.
  • Define responsibility and objectives.
  • Draw up a communications strategy for internal and external contacts.
  • Gather all the tools necessary for managing the incident.
  • Collect all information on the incident.
  • Report in accordance with internal and mandatory requirements.
  • Set up countermeasures for your network, systems and clients to limit damage. Examples include: isolation, segmentation or limitation within a firewall.
  • Consult legal advice or the police if relevant.

Initial data collection:

Find or produce an overview of network topology for relevant networks.
Collect and analyse relevant log information:

  • DNS and DHCP logs
  • Netflow data from routers and switches
  • Proxy and Firewall logs
  • Antivirus and IDS/IPS logs
  • Windows system logs
  • Syslog
  • Host-based IDS logs
  • Application logs
  • If possible: establish visibility (real-time information) from relevant systems
  • If you have the in-house competencies: collect evidence from relevant systems.

mnemonic meets the National Security Authority's (NSM) requirements for incident response quality. Read more here (Norwegian only). 

Need assistance now?