Menu
If you suspect an active attack on your business, call our emergency hotline at: 612-399-9680
If you suspect an active attack on your business, call our emergency hotline at: 612-399-9680
Cybersecurity Incident Response
Learn More About AlphaResponse
Blue Team Alpha follows a rigorous incident response methodology that includes:
Situation Evaluation
- Assist and support development of action plan-based business environment, business operations, business needs, resource availability, and current state of environment
- Preliminary analysis of email service
- Preliminary analysis of all hardware devices
- Determine the logs available for harvesting, retention, and review
- Determine the size and date range of logs to audit
- Conduct preliminary analysis of logs
- Determine adversary lateral movement vectors within the environment
- Monitor Incident Response tooling to identify currently unknown adversary implants and persistence capabilities
- Assist in harvesting and preservation of logs
- Provide technical advice
Identification and Analysis of Cyber Attack
- Perform analysis on email service configurations and logs
- Perform analysis on hardware configurations and logs
- Perform custom queries on all endpoints to identify any malicious behaviors
- Perform analysis on suspicious behaviors identified using industry-vetted watchlists and threat profiles
- Review current configurations for network architecture device(s) such as switches, routers, firewalls, and other identified hardware
- Provide technical advice
Containment of Cyber Attack
- Monitor tooling for malicious code and suspicious behavior
- Monitor email service for attempted rouge logins
- Implement white-list(s) and black-list(s) to limit or prevent adversary activity
- Execute (with client authorization) necessitated password resets for network and application(s)
- Maintain accurate count of hosts with threat-hunting tooling installed and compare to validated assets lists to prevent gaps
- Execute approved configuration changes
Eradication of Threat Actor
- Manage coverage of Incident Response tooling and implement policies to prevent malicious binary from executing
- Remediation of malicious binaries
Recovery of Machines and Network
- Assist/support rebuilding, re-imaging, bringing machines back online and connected to the network
Post Incident Debrief
- Create final report
- Gather all relevant data, findings, and information related to the incident
- Present to client and any other appropriate parties
Blue Team Alpha is a one-stop shop for all of your incident response needs. In addition to the above services, we can also assist with:
- Ransomware negotiation
- Bitcoin acquisition
- Forensic investigation
Indicators of a Cybersecurity Incident
- Suspicious/unexpected money transfer
- Suspicious/unexpected vendor account change request
- Multiple failed login attempts (brute force)
- Abnormal remote login sessions
- Unauthorized email forwarding rules
- Logins from an unfamiliar domain
- Unopenable files
- Abnormal information system behavior
- Increased quantity and quality of phishing attempts
- Duplicate Invoice complaints from multiple customers
