About service
A network breach by an unauthorized user is always bad news—but the silver lining is that forensic analysis can help you to minimize your exposure and prevent other breaches in the future.
Positive Technologies provides deep, expert analysis of intrusion incidents. Our experts examine your current organizational and technical environments, determine the root cause of the breach, identify who or what is responsible, and provide recommendations for improvement.
Our forensic investigations generally include:
- Gathering information about the incident from servers, workstations, transferable media, and network equipment
- Collecting data from service providers (via law enforcement requests)
- Creating an expert, reliable, and factual account of the incident on the basis of the information collected
- Forming conclusions about the cause of the incident and (when possible) the persons responsible
- Recommending preventative measures to avoid future incidents
Results
The key deliverable from our testing is a report detailing:
- Test methodology
- Conclusions about the facts of the incident
- Analysis of the causes of the incident (with evidence)
- Recommendations for preventing future incidents
Retrospective event analysis
About service
In business and government spheres, cybersecurity risks took center stage in the last few years. Large-scale DDoS attacks, espionage by foreign intelligence agencies, money theft, ransom demand, and attacks against critical infrastructures—all that became an everyday reality of the modern interconnected world. Today the question is not whether you will be hacked, but when. Our analysis often reveals that criminals can stay unnoticed in infrastructure for years.
Retrospective event analysis is aimed at detecting attacks and compromise of infrastructure and critical components both currently and retrospectively. This service generally includes:
- Processing of security events to detect potential security incidents
- Determining the correlation between significant security events and events from other sources
- Conducting expert analysis of findings
- Preparing the full list of detected attacks, attempts, and compromise incidents, providing qualitative evaluation of incident severity and its influence on information systems
- Developing recommendations on urgent measures to mitigate the damage and to prevent such incidents in the future and improve the protection level
Results
- List of detected attacks, attempts, and compromise incidents
- Qualitative evaluation of incident severity and its influence on the infrastructure
- Procedures of urgent measures to mitigate the damage
- List of recommendations for improvement of security measures
