If you suspect an active attack on your buisness, call our emergency hotline at: 612-399-9680
If you suspect an active attack on your business, call our emergency hotline at: 612-399-9680
Blue Team Alpha - Alpha Proactive Logo

Cybersecurity Incident Response

AlphaProactive is our Incident Response Retainer for organizations that want peace of mind, knowing they have a plan in place should a cyber attack occur. 

You can have a dedicated, experienced, professional team on your side, a team that is already completely familiar with your network, to reduce your chances of being attacked—and to spring into action if you are. 

Hands on keyboard with cyber graphics

Learn More about AlphaProactive

Benefits of an Incident Response Retainer

An incident response retainer reduces the time and costs associated with responding to a cyber attack.  

Blue Team Alpha VCISO

AlphaProactive Provides

  • Logging-level review
  • SLA – 3 hours to respond
  • Prepaid discounted incident response hours (can be used up to 90 days after the year of purchase for other services)
  • Additional Triage and incident response hours at a discount

If you are the victim of an attack, our elite cybersecurity team will:

  • Identify the attack
  • Minimize its effect
  • Contain the damage
  • Identify the origin of the attack
  • Make recommendations to reduce the risk of future attacks
Learn More about AlphaProactive

Blue Team Alpha follows a rigorous incident response methodology that includes:

number 1

Situation Evaluation​

  • Assist and support development of action plan-based business environment, business operations, business needs, resource availability, and current state of environment
  • Preliminary analysis of email service
  • Preliminary analysis of all hardware devices
  • Determine the logs available for harvesting, retention, and review
  • Determine the size and date range of logs to audit
  • Conduct preliminary analysis of logs
  • Determine adversary lateral movement vectors within the environment
  • Monitor Incident Response tooling to identify currently unknown adversary implants and persistence capabilities
  • Assist in harvesting and preservation of logs
  • Provide technical advice
number 2

Identification and Analysis of Cyber Attack​

  • Perform analysis on email service configurations and logs
  • Perform analysis on hardware configurations and logs
  • Perform custom queries on all endpoints to identify any malicious behaviors
  • Perform analysis on suspicious behaviors identified using industry-vetted watchlists and threat profiles
  • Review current configurations for network architecture device(s) such as switches, routers, firewalls, and other identified hardware
  • Provide technical advice
number 3

Containment of Cyber Attack​

  • Monitor tooling for malicious code and suspicious behavior
  • Monitor email service for attempted rouge logins
  • Implement white-list(s) and black-list(s) to limit or prevent adversary activity
  • Execute (with client authorization) necessitated password resets for network and application(s)
  • Maintain accurate count of hosts with threat-hunting tooling installed and compare to validated assets lists to prevent gaps
  • Execute approved configuration changes
number 4

Eradication of Threat Actor​

  • Manage coverage of Incident Response tooling and implement policies to prevent malicious binary from executing
  • Remediation of malicious binaries
number 5

Recovery of Machines and Network​

  • Assist/support rebuilding, re-imaging, bringing machines back online and connected to the network
number 6

Post Incident Debrief​

  • Create final report
  • Gather all relevant data, findings, and information related to the incident
  • Present to client and any other appropriate parties

Blue Team Alpha is a one-stop shop for all of your incident response needs. In addition to the above services, we can also assist with:

  • Ransomware negotiation
  • Bitcoin acquisition
  • Forensic investigation
Contact us today to prepare for an attack

Indicators of a Cybersecurity Incident

  • Suspicious/unexpected money transfer
  • Suspicious/unexpected vendor account change request
  • Multiple failed login attempts (brute force)
  • Abnormal remote login sessions
  • Unauthorized email forwarding rules
  • Logins from an unfamiliar domain
  • Unopenable files
  • Abnormal information system behavior
  • Increased quantity and quality of phishing attempts
  • Duplicate Invoice complaints from multiple customers