Prepare for attacks. Get immediate help.

 

WithSecure™ Digital Forensics and Incident Readiness and Response

 

Get Emergency Assistance now!
WS_three_employees_london_hero

With the right partner and preparation, every organization can prevent incidents from becoming crises

Get a risk-based view of your whole attack surface before it is exploited.

Co-secure with us: Together we can build a confident cyber security digital forensics and incident response (DFIR) team trained and equipped to respond. 

Data breaches in 2022 cost an average of $4.35m per incident. Average saving for organizations with an IR team that tested their response: $2.66m.1

Our promise

We guarantee expert support through every stage of an incident to minimize impact and help you recover.  We will develop your incident response maturity so you can respond effectively to future incidents.

Talk to us
WithSecure Co-Security

What our experts deliver

Increase resilience

Maintain operations while under attack, minimise disruption

Reduce risk

Empower your response team, minimize response costs

Maintain customer trust

Comply with regulations and customer requirements, demonstrate duty of care

Tales from the Incident Response Frontline

In this series, we sit down with the members of our Incident Response team and ask them to tell us about their most memorable experience in the job.

Episode 1 - Rob Anderson

WithSecure's Rob Anderson, our Principal Incident Response Investigator, tells us about a particularly memorable incident he helped to resolve.

Episode 2 - Catarina de Faria Cristas

Catarina, our Incident Response Consultant, takes us back to a particularly memorable incident and explains how she managed to calm the situation.

Our services

Incident Readiness


Exercise and improve your incident response capability without interruption to your business

Find out more

Emergency Incident Response Support

Under attack?  We’ll step in to help

 

Get emergency assistance

Incident Response Retainer

Provides priority access to incident response experts—with special focus on the first 72 hours following an incident

Find out more

Take a deep dive into WithSecure™ cyber Incident readiness and response services

Brochures
Incident Response Brochure
incident_readiness_brochure
pdf
2 MB
Incident Response data sheet
incident_readiness_data
pdf
1 MB
Emergency Incident Response Support datasheet
emergency_response
pdf
2 MB
Case Studies

IT estate: 200 servers, one 30 terabyte database

Visibility: Antivirus, no EDR, SIEM with inconsistent log coverage

Timeline:

  • Day 0: Investigated suspicious activity, identified several encrypted hosts, cut internet access, supported startup of DR environment
  • Day 1: Identified BlackCat ransomware sold as a service on Russian dark web forums
  • Day 1-6: verified that backups were not compromised before uploading them to DR environment
  • Day 4: Performed Attack Surface Mapping to spot and minimize potential vulnerabilities which would enable a DOS attack. Four DOS vulnerabilities, one Remote Code Execution vulnerability plus a DOS protection workaround discovered.  Co-working with the client remediated all issues within hours.
  • Day 10: Countercept XDR deployed as IT environment restored to production.

Total: 250 hours of Incident Management, forensic support and threat hunting.

Outcome:

  • No ransom paid
  • IT domain hardened and capability improved
  • Client was assured that no sensitive data was exfiltrated
  • Root cause of the incident identified 
Free tooling

Chainsaw

The tool we are releasing today – Chainsaw – provides blue teams with a powerful first-response capability to quickly identify threats within event logs.

Read more

Unleashing the Power of Shimcache with Chainsaw: Novel Analysis Methods for Shimcache

Read more

Cat-Scale Linux Incident Response Collection

On 30 September 2019, Joani Green and John Rogers gave a talk titled "Performing Linux Investigations at Scale" at the SANS DFIR Summit in Prague.

Read more
How to buy

  • You can contact us below or get in touch with your current partner to discuss other services we're offering
  • If you would like to change your current partner, you can contact us below  to discuss possibilities with us or locate other potential partners from our partner locator

Visit our partner offering section and contact us to become a partner.

WithSecure Incident Response now available on AWS Marketplace.

If you are an AWS customer, you have an additional channel to purchase WithSecure Incident Response directly from the AWS Marketplace or through a partner with AWS Marketplace access.

Get a risk-based view of your entire attack surface before it is exploited with WithSecure Incident Response!

Discover more

How do I get started?

1

Book a call

Book a meeting with one of our security experts to see WithSecure Incident Readiness and Response service in action.

2

Get pricing information

Get no-obligation pricing information for the WithSecure Incident Readiness and Response service, customized to your needs.

3

Find a dedicated partner

We’ll help you find the perfect partner to get the best out of our solution.

Want to talk in more detail?

Complete the form, and we'll be in touch as soon as possible.

I would like to receive emails and equivalent communications from WithSecure, including newsletters, event invitations, offers and product-related information. We process the personal data you share with us in accordance with our Corporate Business Privacy Policy.

Related Resources

Blog posts

Ransomware - Effective Prevention Strategies

Recently the WithSecure Incident Response team has identified an increase on the Approach to estimating organizations' readiness in defending against ransomware campaigns and attacks using Attack Path Workflow Analysis.

Read more

Business Email Compromise (BEC) Attacks and Countermeasures

Recently the WithSecure Incident Response team has identified an increase on the number of cases related with Business email compromise (BEC),  this type of attack the threat actor uses social engineering techniques, such as phishing emails, to trick users into compromising their accounts and leveraging that to compromise high-value assets, or even impersonating the user and uses that to request fraudulent changes on bank details. In most cases, the threat targets specific individuals within organizations and shares personalized emails with the intended victim. 

Read more

Incident to containment - and beyond to productivity

Automating security responses often gets a great response time – right down to milliseconds in some cases. Doing this creates all kinds of new problems and a fast response is not always the best way to dislodge a sophisticated attacker. 

Read more
Threat research

WithSecure constantly conducts investigations and research to develop techniques, tools and practices to help with incident response and help organizations improve their readiness. It also has a dedicated Threat Intelligence practice to keep track of attackers’ behaviors, developments and tooling.

 

Threat research

 

 

Find out more

Our accreditations and certificates