With 10 years of CSIRT interventions in sensitive environments (banking, SCADA, defense, etc.) to their name, LEXSI has the experience necessary to set up the right team of experts for each incident response situation. This team takes action right away with tried and tested tools and methods, allowing production to return to normal.
Our core business is to completely profile an attack in order to limit its impact. The major steps of an emergency intervention are:
Analysis of existing information and establishment of the technical diagnosis
Implementation of blocking measures via the use of automated analysis tools and neutralization of malware on all systems
Drawing up an exit scenario and a technical and organizational action plan that will allow the recovery process to begin
Forensic analysis: search for trails on the hard drive and documents, chronological analysis of the attack, plan for adapted incident response
Emergency intervention : analysis of suspect devices and malware, reverse engineering and deciphering of all elements linked to the attack
Implementation of harmless deletion countermeasures for the information system: taking down phishing URLs, creating malware signatures
Restoration of deleted files, analysis of network traffic and even logs.
Lexsi’s incident response center has an incredible operational capability that you can benefit from:
Formal and informal partnerships with important cybersecurity players
A database of over 550 million malware, supplied daily by many feeds (about 150,000 new malware a day)
Skills in forensic analysis (no tampering of proof, restoration of deleted clues, etc.) and integrated auditing (search for active malware on the information system)
About 40 threat intelligence experts and analysts performing more than 6,000 specific investigations a year
Accreditation and acknowledgement by the CERT/CC, FIRST, TF-CSIRT