Intrusion Response - Polar Cove

Knowledge, vigilance, and preparation are the keys to effective security. Yet, many enterprises do not think about how to respond to computer security incidents until they have been hit. Often, the victims say and believe that they are “secure,” yet have no formal incident detection and response mechanisms or policies in place. All too often, the violated enterprise is unaware, finding out about intrusions only when an outside party discovers, and maybe even becomes the collateral victim of, the situation.

Whether our clients need to prepare to meet intrusions or are in the midst of a violation and need immediate assistance, Polar Cove can help.

Security policies developed with Polar Cove’s assistance help clients define all of the steps and components for protecting valuable information-based resources before an attack occurs. Possible threats are determined, and the necessary actions are described. A documented plan and set of procedures are established in order to mount a coordinated response.

When a client needs help in responding to an actual incident, Polar Cove assists in containing the attack. Working onsite, analysts quickly and reliably identify the events that threaten security posture. Impact, scope, severity, and containment options are then determined. Countermeasures are developed to contain and then to halt the intrusion while minimizing as much as possible the impact on core functions. When legal verification of an intrusion is required, Polar cove works with clients to gather and prepare the evidence.

Establishing management-level guidelines and rules for responding to intrusions.

Reviewing procedures and policies to help ensure that they are legally defensible and conform to each client’s policies as well as to the client industry’s best practices.

Documenting the response procedures.

Assist in a legal review of developed intrusion policies and procedures, ensuring that they are legally defensible, and conform to company policies and industry best practices, demonstrating due care.

Configuring response tools and processes.

Training designated staff.

Prepare staff and configure tools for response procedures.

Analyze all available information. Characterize and understand the intrusion.

Consult with all parties—operations, management, legal, public relations—that need to be aware of the intrusion and progress.

Employ computer forensic techniques to contain, collect, and protect information associated with the intrusion.

Maintain chain of custody protocols and procedures to be followed for all data collection.

Contain the intrusion, minimize the negative impact, and then eliminate means of access.

Polar Cove’s detailed reports document the preventative or responsive activities that have been taken, along with supporting incident analysis and documentation. Specific policies, and the steps for implementing them, are provided.