Cyber Incident Response Support Service
“911 Cyber Incident Response Support Service“ is where our security professionals perform investigations, analyses, analytical research, and also support in restoration, in case you encounter a situation such as an actual or possible attack (including a targeted email attacks), or unauthorized access into your computer, website and or network.
In case a security incident occurs, you will need to find out exactly what the situation of the incident is: when and where the attack came from, which and how much information was stolen, and at times, who the attacker is. Because initial response affects the subsequent recovery tasks and is crucial in protecting the corporate image, we closely support your incident response with our top-notch cyber security incident responders who have skills in professional computer forensics, network assessments, data salvage, and binary and malware analysis. We are here to support you.
Recommended Users
Corporates and organizations that were targeted for website manipulation and web application attacks by way of methods such as SQL injection and cross-site scripting.
Pricing information
Please ask for cost information.
Response time
24 hours, 7 days a week.
Cyber incident occurrence – we support your incident response
There is no guarantee that your IT network, website, PCs, and information asset are all secure and sound. Your business is globally connected (yes, it’s “World Wide Web”), your closed networks are hardly patched and updated.
Available IT security products and services are geared toward preventing attacks and accidents. However, when actual attacks and damage occur, they do not offer much help. Intentional attacks made by humans, can only be removed and recovered by humans, not software and appliances.
The following are examples of detection and revelation.
- YOU find that someone defaced your website.
- CLIENTS call and complain that personal information (such as credit card information and list of contacts) have been leaked
- LAW ENFORCEMENT visit and tell you that your sever is taken over, and you are believed to be the assailant.
- SOMEONE calls and tells you that they are initiating a DDoS attack and say “otherwise, transfer money. ”
- A SUSPICIOUS FILE appeared in your server
Emergency response advice following the incident for the next 24 hours
At cyber incident occurrence, or even if there’s any doubt, please call or e-mail us at Cyber Defense Institute. We will grasp the situation quickly, and immediately provide essential emergency advice i.e. to secure logs, as well as to shut down the network. Our agent will then visit you for on-site investigation immediately if the site is in the metropolitan area. (or within 24 hours if the site is elsewhere in Japan).
At the site, the very first task is to sign a confidentiality pledge on the incident. Then, interviews and log analyses follow. Because online crimes are becoming increasingly sophisticated every day, it is difficult for the site administrators to fully grasp the situation right away. Questions you may want to ask: Was it actually an attack? Or merely an error? Is personal information accessible? Is any of the information assets stolen? As a first step, it is very important to accurately understand what is happening to properly handle the emergency situation.
As soon as assessment is done, necessary measures are taken, such as partial shutdown of services.
Lastly, we advise a correspondence plan for the future. This enables you to disclose the situation, as well as to set up an adequate improvement program.
Then we will be proposing to you the best options that fit your situation.
One thing you should definitely avoid is disclosing the incident without fully grasping the picture, or releasing non-accurate information repeatedly.
Services offered by our top-notch security engineers.
At Cyber Defense Institute, we have been performing many security assessments and penetration tests, to examine vulnerabilities of web and smartphone applications, networks, and embedded devices. Our services span across various areas, including large-scale portal sites, SNS, and online trading systems, electric utility companies, railroad companies, etc..
Our Engineers of Cyber Incident Response Support Services
Our cyber security engineers on incident response support are world famous professionals specialized in cyber security technology. In addition to penetration tests or malware analysis, our performance record to detect security vulnerability exceeds over 500.
Emergency minimal response Manual
Here we listed some points you can consider while you wait until our professionals arrive at the site. Please note that cases may vary and so may the best response for each situation. Use this only as a reference.
Proactive measures on a day-to-day basis
Performing the following daily tasks will help us solve issues whenever incidents occur.
1) Save logs
Whether we can properly analyze the situation at the time of the incident depends on the existence of logs. From day to day, try saving as many types of logs as possible.
2) Data backup
Backup data in a secure place, so that you can always restore the system to the state before the attack.
From incident occurrence to arrival of the Cyber Defense team
If an unexpected incident occurs, perform the following emergency measures.
1) Unplug network cables to prevent further spreading of damage
Services may stop, but it is often a wise move to unplug the network cables to prevent further damage.
2) Leave the power on to save evidence
Otherwise, evidence data left on the memory may be lost. It’s best not to shut down the computers and servers.
3) Change the log overwrite setting
If the machine is set to overwrite logs periodically, you may want to change the setting. To help investigate the cause and to solve problems, save all logs possible.
4) Saving the current condition
In order to properly figure out the situation, try saving whatever there is to be saved. Do not delete or modify suspicious data. Save it, and leave it to the hands
of the professionals.
5) Clarify who’s in charge
When an incident occurs, have the person in charge of the site at the site, over the phone, or in a place they can be immediately reached. We would also need to know
your company’s final decision maker.
How we came to develop this service
Internet is one of the major infrastructures of our society. With high sense of moral and mission, we regard this service as a social contribution. We also offer security support as part of our activities under CDI-CERT, an incident response team within Cyber Defense Institute. CDI-CERT is affiliated with Nippon CSIRT Association, as well as FIRST, an international organization.
