Our Hunt & Hackett CERT (H2-CERT) helps organizations to deal with and recover from security incidents, breaches, and cyber threats.
Based on years of experience we gain an understanding of what’s going on, stabilize the situation, resolve immediate issues, support stakeholder communications and introduce long term solutions to ensure intrusions such as ransomware attack or economic espionage won’t happen again.
Why it matters
A prompt response reduces the impact of the incident
Strengthen cyber defenses
- 1What's happening? Why?
- 2What do we tell our stakeholders? And the media?
- 3How do we get back to business as soon as possible?
- 4How do we ensure this never happens again?
Cybercrime might be new to you, it isn’t for us: our experts have collectively experienced 100+ cyber attacks in the past 10 years, from the smallest data breach to huge intellectual property thefts. Together we’ll solve any incident. We’ll find the root cause, help you to restart your operations as soon as possible and by improving your digital immune system, to avoid cybercrime from happening again.
How we work
Steps to regain control
Below you find an overview of which steps you can expect during the Incident Response process. Do note that the preparation, identification, recovery and post-incident activity phases are iterative phases and not sequential chronological phases per se.
A Hunt & Hackett Incident Response (IR) expert picks up the phone, does a short first triage and generally plans a meeting together with you and additional IR colleagues.
- First triage meeting via a conference call.
- Draft budget
- Share Mutual Non Disclosure Agreement and Letter of Engagement
- Formal sign off
Hunt & Hackett:
A kick-off meeting is planned in which the IR and crisis management process is explained to initial stakeholder. An overview is provided with initial data that needs to be collected. Tools are handed over to you to be deployed in the network for investigation and actor monitoring. A secure deployable IR environment is spun up.
Upon request from Hunt & Hackett, you provides name of internal stakeholders. Initial collected data is delivered via Hunt & Hackett secure dropzone. Investigation tools are deployed by you.
Hunt & Hackett:
- Hunts are being executed in the network
- Collected data sources are being investigated
- If required additional data sources are being requested
- The attack path of the actor is being mapped out
- Periodic status reports are shared with the customer
- Periodic meetings are planned with customer
Upon request additional data sources are being collected
Hunt & Hackett:
We finish the investigation and share an overview of the compromised systems and hosts with you. Then we draft & plan a recovery plan with you, including containment and eradication. We help you by supporting the execution of the recovery plan. During the execution of the recovery plan, the network and systems are being monitored for impact and effects, to see if the actor is eradicated.
Provide input to recovery plan and make the resources for containment execution available. You execute the recovery plan and will be supported by Hunt & Hackett.
Post-incident activity & follow-up
Hunt & Hackett keeps on monitoring for suspicious traffic and work with you to develop a more elaborate long-term cyber security strategy, for example a strategy based on Managed Detection & Response (MDR).
You continue to harden your systems and deploy a new ‘clean’ network in the short term.
Have a look at our public incident response report for the Municipality of Buren (NL) to see a real-world example of how we handle a large-scale incident.
Why Hunt & Hackett?
Your trusted ally in cybersecurity
Skills & Expertise
The Hunt & Hackett team has unrivalled expertise and skills, having recruited the top experts from within the world of cybersecurity, incident response, forensics and operations to operate a SOC.
Hunt & Hackett combines both expert analysis of historical forensic evidence and real-time threat detection and hunting, allowing the team to detect attacker activity.
Technology & Tools
The platform allows immediate, real-time visibility into your IT environment, identifying potential compromises and allowing quick action to make sure incidents don’t escalate.