Blue Team Alpha logo

Cybersecurity Incident Response

The first call to make when you suspect a breach.

Incident response is a strategic reaction to a network security breach, exploit, or cyberattack. Our expert team will quickly identify an attack, minimize its effects, contain the damage, and identify the origin of the incident to reduce the risk of future attacks. When security threats arise, an efficient and effective response is essential.

Blue Team Alpha delivers cybersecurity incident response services that will leave you confident your situation was handled properly. Incident response is not a one-size-fits-all service, which is why we have multiple options available, including emergency incident response, incident response retainer blocks, and our incident response subscription service, AlphaDefend™.

If you suspect an active attack, call us now.

612-399-9680

Possible indicators of a cybersecurity incident:

  • Suspicious/unexpected money transfer
  • Suspicious/unexpected vendor account change request
  • Multiple failed login attempts (brute force)
  • Abnormal remote login sessions
  • Unauthorized forwarding rules
  • Logins from an unfamiliar domain

When an incident arises and you need immediate response, Blue Team Alpha is ready to deploy! Our experts provide world-class response, support, and triage in the event of a suspected cyberattack.

Emergency Siren Icon

Levels of Cybersecurity Attack

Level 1
Low Risk

Typically a single-user incident affecting non-critical systems or information — not revenue or customer impacting.

Examples include:
Spyware
Spam influx
Unauthorized use of resources

Level 2
Elevated Risk

Incidents affecting non-critical systems or unregulated information, which is not revenue or customer impacting.

Examples include:
Unauthorized login attempts (brute force)
Policy violations
Social engineering
Unprivileged account compromise
Virus/malware outbreak

Level 3
Severe Risk

Incidents affecting critical systems or information with potential to be revenue or customer impacting.

Examples include:
System or privileged account compromise
Denial of service
Exploitation of known vulnerabilities
Unauthorized access to information
Unauthorized modification of information

AlphaDefend Shield IconAlphaDefend
Managed
Cybersecurity 
Triage & Response

Reduce cybersecurity breach response time from days to hours with AlphaDefend prepaid incident triage and response retainer blocks.

Evolve your incident response plan into a proactive cybersecurity program that improves incident response times, lowers costs, and implements a continuous improvement process to strengthen your overall security effectiveness.

AlphaDefend takes away the unknown of responding to a cyberattack and eliminates the "use it or lose it" aspect of traditional incident response retainer blocks. Your business will be equipped to handle the inevitable attacks on your network with a guaranteed return on your investment.

Learn More
AlphaDefend IR
Retainer Blocks Include:

Icon-style illustration of hard drive with magnifying glass overlaid.

Network Log Review

Icon-style illustration of hard drive with magnifying glass overlaid.

IR Policy Creation

Icon-style illustration of hard drive with magnifying glass overlaid.

Threat-Hunting Tool

Icon-style illustration of hard drive with magnifying glass overlaid.

Simulated Cyberattack

Icon-style illustration of hard drive with magnifying glass overlaid.

20 IR Triage Hours

Icon-style illustration of hard drive with magnifying glass overlaid.

Reduced Hourly Rate

Incident Response
Retainer Blocks

Reduce emergency incident response time from days to hours with prepaid incident response retainer blocks.

Evolve your incident response plan into a proactive cybersecurity program that improves incident response times, lowers costs, and implements a continuous improvement process to strengthen your overall security effectiveness.

# of Users Hours Required
0 - 100 20 hours
101 - 500 40 hours
500+ 80 hours

Unused retainer block hours may be applied towards tabletop exercises on a pro rata basis from a half-day to a full-day exercise. Restrictions apply.

All Incident Response
Retainer Blocks Include:

Icon-style illustration of hard drive with magnifying glass overlaid.

Network Log Review

Icon-style illustration of hard drive with magnifying glass overlaid.

Initial IR Policy Review

Icon-style illustration of hard drive with magnifying glass overlaid.

Reduced Hourly Rate

Cybersecurity is not just an IT concern — it is a business risk, first and foremost.

An estimated 50% of all small- and medium-sized enterprises are out of business within 6 months of a cyberattack.
Source: U.S. Securities and Exchange Commission

Example Incident Response
Case Study

Acme Co. receives an inquiry from one of their customers that they haven't received their order. Acme Co. has no record of the order, but the Customer provides proof of the order by providing the wire transfer receipt.Acme Co. identifies that the customer responded to a fraudulent solicitation from an employee of Acme Co. and wired the money to an offshore account.

Acme Co. called Blue Team Alpha to investigate and we found that user account information for Acme Co. Accounts Receivable personnel had been compromised by a nefarious group in Eastern Europe. The group used that account to send targeted messages to Acme Co.'s customers and then covered up their tracks to avoid raising suspicions. In all, four Acme Co. customers unknowingly sent money to accounts overseas, totaling $1.2M.

Blue Team Alpha was able to bring in the authorities to reverse the transactions, then investigated the cause of the initial breach that led to the compromise of the Accounts Receivable personnel account. The attackers had been lurking in Acme Co.'s data environment collecting information on the company for 283 days prior to anyone knowing that something was wrong.

Blue Team Alpha established several remediation solutions for Acme Co. and also recommended our Managed Security Operations Center services, which would be able to detect a breach immediately and take appropriate countermeasure actions in the future. We additionally recommended our Vulnerability Management services, as the original infiltration was due to a misconfiguration on Acme Co.'s network equipment that had left an out-of-date server exposed—a security hole that could have been patched before the problems began.

Based on our recommendation, Acme Co. then hired an independent third-party to perform a security assessment on their information systems. Once the assessment was completed, Blue Team Alpha worked with Acme Co. to remediate all of the deficiencies — administrative and technical — to help Acme Co. significantly improve the security posture of their information systems and the security maturity level.

Acme Co. received many operational benefits from Blue Team Alpha, including streamlined, automated, secure, and compliant business processes. The IT team at Acme Co. was able to focus on driving technical innovation, rather than focusing on monitoring their network for security threats and managing vulnerabilities in systems that they had already created. Acme Co. was able to meaningfully improve their processes and procedures without employing any additional employees, or the increased management and hidden costs of those resources.

Icon-style illustration of a target/bullseye.

Most business operators don't think they are a target.

77% of businesses experienced a cyberattack in 2017.
Source: Verizon Data Breach Investigation Report

Why are SMEs a target?

  • Money
  • Customer Data
  • Employee Data/PII
  • Vulnerability

Most cyberattacks are crimes of opportunity, randomly seeking to exploit weak IT environments.

Contact us today to learn more about our world-class incident response services and retainer blocks.

(612) 399-9680

[contact-form-7 title="" id="none"]