Incident Response Retainer and Advisory Services

Prepare for and resolve security incidents quickly and effectively to minimize your business impact

Any organization using information technology is a target for data theft, ransomware, denial of service attacks, and other nefarious attacks – no one is immune. For companies holding customer-sensitive information, federally or state-protected personal information, personal health information, or even trade secret information, developing an effective incident response plan is crucial.

Coalfire partners with Arete Advisors to provide an elite set of incident response advisory and retainer services. We can help you plan for security incidents before they happen and provide the expertise you need when they do occur.

Experience addressing cyberattacks

Coalfire and Arete have more than 20 years of experience analyzing multiple types of cyberattacks, including:

  • Insider threats: The activities of former and current employees, contractors, or business associates who have inside information on the organization
  • Financial crime: Securities, credit card, and banking fraud at stock markets, payment organizations, and financial institutions
  • State-sponsored attacks: The crimes of trade secrets and other sensitive data across a wide range of industries
  • Destructive attacks: Attacks intended to cause the victim organization pain by making information or systems unrecoverable
  • Protected Health Information (PHI): Exposure of protected health care information
  • Personally Identifiable Information (PII): Exposure of information used to uniquely identify individuals

Our Offerings

Our team provides a broad set of Incident Response Services:

our tailored approach helps clients respond to and recover from an incident, while managing regulatory requirements and reputational damage

 

Specific Preparation Services include:

  • On-site or remote requirements analysis: Interview key stakeholders to assess the operational environment and determine any special requirements
  • Incident response plan development: Prepare for and respond to cybersecurity attacks more efficiently with a proven response plan
  • Annual or semi-annual status review and refresh: Review and identify any changes needing modification with the in-place incident response plan
  • Tabletop exercise: Hold a two-hour roleplaying session of likely attack scenarios and discuss the actions to be taken as part of the response plan

Incident Response Support includes:

  • Incident response hotline access: Access incident support related to a breach, available remotely (within one to four hours) or onsite (within 12 to 24 hours)
  • Incident triage: Organization and planning for cyber incident response activities, including assistance in identifying potentially compromised hosts
  • Incident investigation / forensics: Root cause identification of the cyber incident including memory and disk image forensic review
  • IR containment services: Identification and deployment of compromised host containment activities, including potential removal or segregation of compromised hosts from the environment
  • Eradication services: Removal of the malicious or unauthorized infections
  • Post-Incident Support includes: Remediation and Engineering Support: Guidance on best practice activities and technologies to reduce the likelihood of another cyber incident

Which incident response service offering is right for you?

Our services are offered a-la carte and through our Incident Response Retainer (IRR)

Our IRR allows organizations to establish terms and conditions for incident response services before a cyber security incident occurs.  With a retainer in place, you have experts partnering with you to proactively prepare for an incident and a trusted partner on standby. This proactive approach can significantly reduce response time, thereby reducing the impact of a breach.

We offer two retainer options:

Service Description Standard
Retainer
Enhanced
Retainer
On-site or remote requirements analysis Our team members deploy on-site for a one-day requirements analysis to interview key client stakeholders in order to assess your operational environment and determine any special requirements X X
Incident response plan development

Coalfire/Arete team develops a basic Incident Response Plan consisting of:

  • Incident Response Process Overview
  • Incident Response Team Organization Chart (tailored to client organization)
  • Incident Response Roles and Responsibilities (tailored to client organization)
  • Contact Lists
  • Incident Classification and Categorization Scheme
  • Incident Report Form Template
X X
Incident response playbooks Up to four customized playbooks containing procedures and flow charts to respond to specific incidents the client is most likely to experience   X
Status reviews and refresh Our team will conduct a review of in-place materials to determine the best method to update the content X
(Annual)
X
(Semi-annual)
Tabletop exercise A session where the Incident Response Team is assembled, given one or two distinct scenarios, and discuss actions to be taken as part of the incident response   X
Incident response hotline access Experts on standby 24x7 X X
Post incident support Prepaid hours included with retainer subscription 25 hours 45 hours
Preferred retainer rate Discounted hourly rate for additional incident support related to a breach – with deeper discount associated with the Enhanced Retainer X X

 

Our unique value proposition

World-class expertise
  • Experience working hundreds of incident response cases, including some of the world’s largest and most complex
  • Our elite team of experts have worked on some of the most significant data breaches in US history, including malware reverse engineering to help resolve an incident, return to normal operations, and prevent recurring incidents
Proven
  • The trusted advisor to many law firms, federal government agencies, and public and private organizations
Faster, high-value results
  • Development and improvement of your program at every stage in the incident response lifecycle
  • Quick incident resolution, which lowers costs significantly and empowers executives to make the right business decisions
  • Technology-agnostic – leveraging your current technology investments to provide quick, effective support
One stop shop: preparation, incident response, remediation
  • Coordination, communication, and reporting on every aspect of incident response activity
  • Efficient support provided because we learn your environment during the preparation phase
  • A comprehensive report of the investigation with recommendations, including executive and board-level summaries of our findings
Reliable operations
  • Customer contact within 1 to 4 hours for remote assistance, and in as little as 12 to 24 hours for onsite assistance
  • Experts on standby 24x7 to help when you need it the most