Formind FIR

CERT-FIR : React

Formind FIR (Fast Incident Response), the other pillar of the CERT (Computer Emergency Response team), is a team of experts who respond to incidents and can be mobilised if necessary. Their objective is to contain a cyber attack and limit its impact on your business.

As soon as a cybersecurity incident is suspected, the Fast Incident Response’s consultants get to work, from identifying the scope impacted to putting resolution solutions in place in order to limit its operational impact.

Over 45% of our interventions are cases of ransomware/malware, which can cause irreparable damage and impact your production and brand image.

Over and beyond technical analysis, Formind is able to take charge of crisis management, intervene in legal aspects and help you take the right posture in the event of a ransom demand.

Your challenges

  • Limit business impact in the event of an attack : prepare for the worst!
  • React quickly if compromised : have traces to enable investigation.
  • Understand what happened and resolve it : start again from a healthy base.

Your benefits

Pictogramme flamme pour la force d'intervention rapide

A wide range of feedback

The Formind FIR is, and has been, confronted with a host of attack scenarios (ransomware, phishing, virus spread, CEO fraud, etc.), over fifty in 2022, in both simple (information system with few assets) and complex (decentralised information systems, few traces, etc.) environments. This wide range of feedback enables us to:

  • Be more effective : incident processing time halved.
  • Acquire the reflexes that enable an adapted response : reassure operational teams, switch to crisis mode when necessary.

A multi-skilled team 24/7

Formind’s experts (incident managers, analysts, legal experts and crisis management, personal data protection – GDPR – and communication consultants) are able to combine their skills to provide you with the best response depending on when an incident occurs.

Our 24/7 intervention capability is based around our wide range of locations which is able us to cover a “Follow The Sun” approach and provide a weekend on-call service.

Pictogramme loupe

On-demand monitoring

A well-equipped monitoring system must be put in place to make sure that the attacker is not still present within the IS.

It also enables the FIR to speed up its investigations and strengthen the level of protection.

Formind can deploy an EDR/NDR platform in under 3 days, monitored by its SOC for 1 to 2 months and can guarantee that the threat is not persistent.

pictogramme check

Crisis management

Crisis management enables the evolution of an attack to be controlled by :

  • Limiting the impacts of the incident on the organisation.
  • Organising activity restart under the most optimum conditions.
  • Supporting you with your legal and administrative procedures.

A clear and tailored offer


Illustrative use cases

Phishing: Investigation and prevention of a fake international bank transfer

Compromise of a sensitive mailbox leading to the sending of several thousand phishing emails.

  • Intervention: Forensic investigation of the attack vector. Discovery of a malicious invoice for several hundred thousand Euros. Deployment of a Microsoft online protection mechanism.
  • Result: Billing prevention, reinforcement of the Microsoft tenant security and detection capabilities.

Forensics on DDoS source IP

Understand why and where a denial of service comes from, which frequently shuts down the institutional site.

  • Intervention: Forensics and threat intelligence (ROSO/OSINT)
  • Result: Discovery and reporting of IPs belonging to a network of botnets, assistance with anti-DDoS/ logging facilities.

Internal threat: abnormal activity by an administrator.

Analysis of the employees’ activities to check that they are not abusing their administration rights

  • Intervention: Data theft, email account espionage and use of IS resources for unauthorised purposes, etc.
  • Result: a detailed report of the illegitimate actions with supporting evidence. Identification of the configuration faults which permit access and of a list of recommendations to strengthen the traceability and security of the IS.

What they say about us!

Anonymous - Industrial sector
    Anonymous – Industrial sector

    Following a ransomware attack which completely shut down my production and management system, I activated the Formind FIR as part of my subscription. Straight away they advised me the first emergency actions I needed to put in place and set to work to contain the attack and rebuild the IS. 2 weeks later I was able to start my activities again.

    Anonymous - Industrial sector
      Anonymous – Industrial sector

      We were hit with a ransomware attack which targeted over thirty servers. The business risk was pretty critical. The Formind FIR came in and set up targeted monitoring and helped us rebuild. This enabled us to find where exactly we were vulnerable and to strengthen our security and our detection capabilities.

      In the event of a security incident : / +33 (0)1 81 89 30 02