In the last year, cybersecurity has moved to the forefront of IT concerns, led by disasters such as the SolarWinds hack, the Colonial Pipeline and Kaseya ransomware attacks, and now the Apache Log4j vulnerability that the world is scrambling to patch.
As we head into 2020, channel partners can be sure of one thing: The cybersecurity woes are not going to lessen anytime soon. In fact, they are probably going to get worse.
“Ransomware is not going anywhere in 2022, but we will see attackers evolve their strategies in light of heavy crackdowns and supply chain insecurities,” said Kevin Breen, director of cyber threat research at Immersive Labs. “The attackers will always have the first-move advantage, but that’s why it’s crucial that we exercise the wider organization’s cyber crisis response to ensure everyone is prepared when the worst-case scenario strikes.”
That means organizations had better be ready to respond – and their service providers had better be prepared to help. Fortunately, there are a number of incident response tools that MSPs and MSSPs can tap to deal with breaches and potential incursions.
See also: Best Incident Response Services for SMBs
Incident Response: Planning Matters
Incident response is the process of addressing a data breach or cyberattack with a view to minimizing the consequences of the incident. Organizations often develop an incident response plan as well as technology tools that define the roles and actions necessary as part of response.
There are various approaches to incident response. A popular template is the SANS Institute’s six-step plan, which includes the following steps:
- Lessons Learned
Well-prepared organizations suffer the least from attacks. Those taken wholly by surprise with no response plan in mind are often the worst casualties.
When an incident occurs, the most important points are spotting and containing it as early as possible. Only after that has been achieved, the team moves on to eradicating the full extent of the damage as well as the virus or other attack vector. Recovery is about returning to business as usual.
Incident Response Services
Managed service providers (MSPs) and managed security service providers (MSSPs) wishing to augment existing services with incident response services will be happy to know there are a great many vendors offering such tools. Some offer them as white-box services that can be rebranded by MSPs. Others provide services that MSPs can tap into for serious incidents.
Here are some of the best incident response vendors to partner with, in our analysis – 18 in all.
Jump ahead to:
- KnowBe4 PhishER
- Barracuda MSP
- BAE Systems
- Palo Alto
IBM Security X-Force is all about proactively managing and responding to security threats. It is a subscription-based service that provides access to a team of experts trained to respond to threats. This service can give greater visibility into threats, reduce response and recovery times, and reduce the impact of a breach. Security professionals will work to diagnose the incident within one hour, and following the diagnosis, experts will be dispatched and can be on site in 24–48 hours.
Sophos Rapid Response provides fast assistance, identifying and neutralizing active threats against organizations. Whether it is an infection, compromise, or unauthorized access attempting to circumvent security controls, this service offers 24/7 remote incident response, threat analysis, and threat hunting.
KnowBe4’s PhishER is an easy-to-use web-based platform that includes workstream functionality and serves as a phishing emergency room to identify and respond to user-reported messages. PhishER helps prioritize and analyze what messages are legitimate and what messages are not. With PhishER, teams can prioritize, analyze, and manage a large volume of email messages quickly. The goal is to help incident response teams prioritize as many messages as possible automatically.
Secureworks uses its threat prevention, detection, and response platform, Taegis XDR, as an incident response tool. Key features include a single pane of glass view for telemetry and logs from 50+ different types of event sources – this includes endpoint detection and response (EDR) agents for streaming as well as scan-based telemetry, cloud telemetry, endpoint events, and network devices. Broad and deep threat detection is powered by machine learning and security expertise, enabling the platform to detect threats and dynamically prioritize those with the greatest risk to the organization.
Barracuda MSP currently offers two incident response tools, Barracuda Forensics & Incident Response and Barracuda SKOUT Managed XDR. Barracuda Forensics & Incident Response for MSPs provides an automated process that empowers MSPs to more effectively detect, respond, and remediate email attacks targeting customers’ Microsoft 365 environments. With Barracuda SKOUT Managed XDR, MSPs can offer 24/7/365 monitoring and incident response to their clients without investing additional resources. Managed XDR is backed by AI-powered solutions with a fully staffed security operations center to make sure that not only the latest threats in the channel are taken care of, but that proactive steps are also taken to protect MSP partners and their customers from emerging threats.
Radware offers services such as Distributed Denial of Service (DDoS) protection for service providers across any infrastructure implementation. It secures the data center, private cloud, public cloud, and 5G infrastructure using a solution that is agnostic to the environment and designed to help service providers protect large-scale networks. Radware’s attack mitigation architecture is flexible and extensible. It can be tailored to customers such as telecom and cloud operators.
BAE Systems teams help those that have fallen victim to a targeted attack. Its technology can be rapidly deployed to give visibility to malicious behavior. If a breach has already made the headlines or attracted regulator attention, the team can help manage internal and external stakeholders as well as the press.
Kaspersky Lab’s global expertise can be brought to bear on the resolution of security incidents. It helps to limit the resultant damage and to prevent the attack from spreading. The full weight of Kaspersky services cover the entire incident investigation cycle to eliminate the threat.
Rapid7 Incident Response services give access to the experience and technical expertise needed to accelerate incident investigation, containment, and recovery. Its teams work closely with in-house and outsourced teams through every stage of incident response, from analysis to scoping through containment, remediation, and cleanup.
AT&T offers services for data breach prevention, mitigating security risk, minimizing the impacts of breaches, rapid analysis, and recovery. Seasoned responders use repeatable and well-tested methods and procedures.
BT is used by the U.K. government for cyber-resilience. Its cyberthreat management advisory services help companies determine how to effectively manage cyber threats and proactively minimize security risks. This includes protecting apps and data while retaining visibility and control.
Trustwave Digital Forensics and Incident Response (DFIR) consulting services allow organizations to determine the source, cause, and extent of a security breach quickly and to better prepare for incidents. The service offers access to the Trustwave SpiderLabs team, who have extensive experience with the tools and techniques used by advanced attackers.
Verizon boasts a worldwide presence of investigators, forensics lab technicians, intelligence analysts, and support personnel that conduct over 600 investigations per year, including some of the largest breaches on record. Its Rapid Response Retainer helps companies mitigate risk, augment cybersecurity personnel, and control costs.
Proofpoint Threat Response is a threat management platform to orchestrate and automate incident response. The platform surrounds security alerts with contextual data to help security teams prioritize response actions. It confirms system infections and enforces protections automatically. And by collecting and analyzing security event context, forensics and intelligence, it closes the gap between detection and response, multiplying the abilities of in-house incident response staff.
When files and applications are inaccessible due to a ransomware attack, Palo Alto Networks’ Unit 42 can step in to investigate and respond to restore operations quickly. This helps to contain the incident, assess the impact, and secure the cloud to eliminate exposure.
Cynet’s Incident Response service combines security analysis experience together with Cynet360 investigative and security technology to achieve fast, accurate results. Cynet’s 24/7 security team acts as an extended team, leading any required analysis, ensuring that nothing is overlooked.
Kroll experts address fraud, ransomware, data breaches, regulatory action, civil litigation, and reputational damage. It offers rapid response to more than 2,000 cyber incidents of all types. Its experts deliver endpoint security through a managed detection and response solution known as Kroll Responder.
The Cybereason Team conducts forensic analysis to identify root cause for rapid containment of ongoing attacks to prevent escalation. It remediates issues throughout the network and implements updates to configurations, architecture, and tooling. Cybereason conducts in-depth investigations including root cause analysis, malware reverse engineering, and comprehensive incident reporting.
Further reading: Top 15 Managed Security Service Providers (MSSPs) of 2022