Defense contractor Thales UK has launched a new cyber incident response service designed to offer attack victims an extensive range of capabilities – from an initial consultation to malware analysis, remediation and reporting.
Critical 48, as the name suggests, is about helping out organizations in the two-day period after a breach has been discovered.
During this time, Thales UK will provide an initial consultation to assess the nature of the incident, the level of infection and extent of data loss. It will also analyze any malware or other evidence discovered and remediate where possible.
The firm’s team of cybersecurity consultants will also offer recommendations on how to prevent a similar attack occurring in the future, or if an incident can’t be resolved in 48 hours, what needs to be done next, it said.
The customer can then use this intelligence to handle the incident themselves or continue to work with Thales to remediate the problem fully.
The defense contractor made a point of stressing its 40 years' experience in the information assurance space, and extensive range of additional cybersecurity services, including security audit and testing, which it might hope to sell on the back of Critical 48.
The announcement was made with APT-prevention specialist FireEye and digital forensics firm Guidance Software, which underpin part of the service’s technology platform.
In the event FireEye detects a suspicious event it will contact Guidance’s Encase Cyber product to take a snapshot of the potentially compromised system and alert a Thales analyst, explained director of cybersecurity, Peter Armstrong.
“Cyber-attack groups have an interest in compromising all sizes of companies in all sectors of business, whether it to be to steal intellectual property, use that network to attack others or for more strategic reasons,” he told Infosecurity.
“Effectively every organization should consider what to do in the event of a successful cyber-attack and take preparatory measures to limit the impact in order that they can return to business as usual in a timely fashion should they be attacked.”
With the advent of sophisticated targeted attacks more and more security experts are urging CSOs to accept that they may already have been breached without their knowledge.
These new threats are typically designed to infiltrate an organization under the radar of traditional defenses and sit tight for months or even years, stealing sensitive data.
With big names like Google, RSA Security and Adobe all suffering such attacks, it’s no surprise that security vendors are gearing up their marketing efforts to provide a way of minimizing risk for organizations.