Incident response

IN THE EVENT OF AN ATTACK, EVERY MINUTE COUNTS ...
THE BEST TOOLS AND EXPERTS AVAILABLE IMMEDIATELY

Expertise

With 10 years of CSIRT interventions in sensitive environments (banking, SCADA, defense, etc.) to their name, LEXSI has the experience necessary to set up the right team of experts for each incident response situation. This team takes action right away with tried and tested tools and methods, allowing production to return to normal.

Our core business is to completely profile an attack in order to limit its impact. The major steps of an emergency intervention are:

Evaluating the magnitude of the attack

Analysis of existing information and establishment of the technical diagnosis 

Implementation of blocking measures via the use of automated analysis tools and neutralization of malware on all systems

Limiting the infection

Drawing up an exit scenario and a technical and organizational action plan that will allow the recovery process to begin

Forensic analysis: search for trails on the hard drive and documents, chronological analysis of the attack, plan for adapted incident response

 
Eradicating the threat 

Emergency intervention : analysis of suspect devices and malware, reverse engineering and deciphering of all elements linked to the attack

Implementation of harmless deletion countermeasures for the information system: taking down phishing URLs, creating malware signatures

Restoration of deleted files, analysis of network traffic and even logs.

Benefits

Lexsi’s incident response center has an incredible operational capability that you can benefit from:

Formal and informal partnerships with important cybersecurity players

A database of over 550 million malware, supplied daily by many feeds (about 150,000 new malware a day)

Skills in forensic analysis (no tampering of proof, restoration of deleted clues, etc.) and integrated auditing (search for active malware on the information system)

About 40 threat intelligence experts and analysts performing more than 6,000 specific investigations a year

Accreditation and acknowledgement by the CERT/CC, FIRST, TF-CSIRT