MANAGED SECURITY SERVICES
Co-Managed SIEM
Our experts will run, manage, and perfect your SIEM, while you retain total ownership.
Novacoast’s Incident Response Team is prepared to assess, investigate, contain, and educate in the event an incident, breach, or systemic threat occurs. The Novacoast IRU provides peace of mind knowing that systems and data are being protected by a team of cybersecurity response specialists.
What We Do
When an incident is suspected or is known to have occurred, the Novacoast IR team is notified by the customer or Novacoast SOC. Once an incident is identified and logged, the IR team assesses the severity and begins to resolve the issue. An issue report is created and is escalated to the Incident Response Leader for immediate response.
Novacoast offers three service levels: Basic, Gold, and Platinum. Each has a specific list of features, services, and responsiveness.
Depending on the service level, some or all of the following steps will occur when an incident is escalated:
- Establish on-site and remote coordination and direction of the open incident
- Coordinate sample collection, analysis, containment, remediation, and feedback efforts
- Develop, validate, and revise remediation processes for threat elimination
- Train customer personnel in the correct execution of remediation activities
- Provide oversight and guidance of remediation when the customer requests a transition to incident management
- Where possible and when requested, collect relevant data points in support of post-incident gap analysis and review
- Customer is assigned an Incident Response team lead to organize and lead the communication and investigation processes
- A final incident report and evidence is prepared and delivered to the customer
Post-response deliverables
Regardless the type of incident, Novacoast compiles documentation for the customer to outline what happened, why, and any necessary follow-up status reports.
Incident Declaration Report – This report states that there was an incident and identifies basic parameters such as times, affected assets, etc.
Initial Assessment of Incident – This report details initial findings about the nature of the incident, including targets, affected assets, methods of attack, and any known damage or data loss.
Daily or Weekly Status Reports of the Investigation – Forensic investigations take time. Remediation measures must be verified as implement and effective. Some damage can only be verified given some duration post-event. These reports will be delivered as necessary and with agreed-upon interval.
Incident Response service levels
Novacoast offers Incident Response as a retainer model, due to the on-call nature of the service. In an incident response situation, there’s little time to negotiate a contract. Knowing exactly what is provided ahead of time is critical.
We offer three Incident Response retainers, each with a different level of service to match the needs of customers. Service Levels Agreements can be viewed in greater detail our Incident Response Service Description document.
Option 1 – Basic Incident Response Retainer
Our Basic IR retainer provides the customer with the following:
- Toll-free number to initiate an incident response
- 3 hour response time from initial call to gathering details and attendance from IR team lead
- Block of hours for 2 security engineers, with option for additional hours
- Travel if required
Option 2 – Gold Incident Response Retainer
Our Gold IR retainer provides the customer with the following:
- Toll-free number to initiate an incident response
- 3 hour response time from initial call to gathering details and attendance from IR team lead
- Block of hours for 2 security engineers, with option for additional hours
- Travel if required
- 48 hours for IR table top exercise
Option 3 – Platinum Incident Response Retainer
Our Platinum IR retainer provides the customer with the following:
- Incident Response Process and Policy Review
- Toll-free number to initiate an incident response
- 3 hour response time from initial call to gathering details and attendance from IR team lead
- Block of hours for 2 security engineers, with option for additional hours
- Travel if required
- 40 hours for IR table top exercise
Comparison Table
Prepaid retained services | Yes* | Yes* | Yes* |
1-800 Emergency Number Access | Yes | Yes | Yes |
Team Lead | Yes | Yes | Yes |
IR Engineer(s) | Yes | Yes | Yes |
IR Table Top Exercise | No | Yes | Yes |
Proactive Security Planning | No | No | Yes |