If you suspect an active attack on your business, call our emergency hotline at: 612-399-9680
If you suspect an active attack on your business, call our emergency hotline at: 612-399-9680
Blue Team Alpha - Alpha Response logo

Cybersecurity Incident Response

Home » Incident Response » Alpha Response

Learn More About AlphaResponse

Blue Team Alpha follows a rigorous incident response methodology that includes:

number 1

Situation Evaluation​

  • Assist and support development of action plan-based business environment, business operations, business needs, resource availability, and current state of environment
  • Preliminary analysis of email service
  • Preliminary analysis of all hardware devices
  • Determine the logs available for harvesting, retention, and review
  • Determine the size and date range of logs to audit
  • Conduct preliminary analysis of logs
  • Determine adversary lateral movement vectors within the environment
  • Monitor Incident Response tooling to identify currently unknown adversary implants and persistence capabilities
  • Assist in harvesting and preservation of logs
  • Provide technical advice
number 2

Identification and Analysis of Cyber Attack​

  • Perform analysis on email service configurations and logs
  • Perform analysis on hardware configurations and logs
  • Perform custom queries on all endpoints to identify any malicious behaviors
  • Perform analysis on suspicious behaviors identified using industry-vetted watchlists and threat profiles
  • Review current configurations for network architecture device(s) such as switches, routers, firewalls, and other identified hardware
  • Provide technical advice
number 3

Containment of Cyber Attack​

  • Monitor tooling for malicious code and suspicious behavior
  • Monitor email service for attempted rouge logins
  • Implement white-list(s) and black-list(s) to limit or prevent adversary activity
  • Execute (with client authorization) necessitated password resets for network and application(s)
  • Maintain accurate count of hosts with threat-hunting tooling installed and compare to validated assets lists to prevent gaps
  • Execute approved configuration changes
number 4

Eradication of Threat Actor​

  • Manage coverage of Incident Response tooling and implement policies to prevent malicious binary from executing
  • Remediation of malicious binaries
number 5

Recovery of Machines and Network​

  • Assist/support rebuilding, re-imaging, bringing machines back online and connected to the network
number 6

Post Incident Debrief​

  • Create final report
  • Gather all relevant data, findings, and information related to the incident
  • Present to client and any other appropriate parties

Blue Team Alpha is a one-stop shop for all of your incident response needs. In addition to the above services, we can also assist with:

  • Ransomware negotiation
  • Bitcoin acquisition
  • Forensic investigation
If you think you're under attack, call us now

Indicators of a Cybersecurity Incident

  • Suspicious/unexpected money transfer
  • Suspicious/unexpected vendor account change request
  • Multiple failed login attempts (brute force)
  • Abnormal remote login sessions
  • Unauthorized email forwarding rules
  • Logins from an unfamiliar domain
  • Unopenable files
  • Abnormal information system behavior
  • Increased quantity and quality of phishing attempts
  • Duplicate Invoice complaints from multiple customers