CERT-FIR : React
Formind FIR (Fast Incident Response), the other pillar of the CERT (Computer Emergency Response team), is a team of experts who respond to incidents and can be mobilised if necessary. Their objective is to contain a cyber attack and limit its impact on your business.
As soon as a cybersecurity incident is suspected, the Fast Incident Response’s consultants get to work, from identifying the scope impacted to putting resolution solutions in place in order to limit its operational impact.
Over 45% of our interventions are cases of ransomware/malware, which can cause irreparable damage and impact your production and brand image.
Over and beyond technical analysis, Formind is able to take charge of crisis management, intervene in legal aspects and help you take the right posture in the event of a ransom demand.
- Limit business impact in the event of an attack : prepare for the worst!
- React quickly if compromised : have traces to enable investigation.
- Understand what happened and resolve it : start again from a healthy base.
A clear and tailored offer
3 SERVICES OFFERS
Illustrative use cases
Compromise of a sensitive mailbox leading to the sending of several thousand phishing emails.
- Intervention: Forensic investigation of the attack vector. Discovery of a malicious invoice for several hundred thousand Euros. Deployment of a Microsoft online protection mechanism.
- Result: Billing prevention, reinforcement of the Microsoft tenant security and detection capabilities.
Forensics on DDoS source IP
Understand why and where a denial of service comes from, which frequently shuts down the institutional site.
- Intervention: Forensics and threat intelligence (ROSO/OSINT)
- Result: Discovery and reporting of IPs belonging to a network of botnets, assistance with anti-DDoS/ logging facilities.
Internal threat: abnormal activity by an administrator.
Analysis of the employees’ activities to check that they are not abusing their administration rights
- Intervention: Data theft, email account espionage and use of IS resources for unauthorised purposes, etc.
- Result: a detailed report of the illegitimate actions with supporting evidence. Identification of the configuration faults which permit access and of a list of recommendations to strengthen the traceability and security of the IS.