be_ixf;ym_202011 d_30; ct_50

Handle incident response with agility

Speed matters in an incident management program. Our cyberdefense consultants can help lead an investigation or supplement your internal cybersecurity team to help quickly respond to attacks and mitigate impact.

Benefits

What our Incident Response services can do for you

Data breach prevention

Proactive approach to data breach prevention. 

Minimize impacts of breach 

Well-established capability that helps minimize the impacts of a breach. 

Quick analysis and recovery 

Seasoned responders with repeatable and well-tested methods and procedures.  

Mitigate security risk 

Help mitigate security risk through comprehensive methodologies. 

Improves incident response

Improve response to cyber breach effectively for minimal damage and fast recovery.

All hands on deck approach 

Our “all hands on deck” approach includes in-depth digital forensic analysis, breach, support and compromise detection.  

Plans

Comprehensive incident response programs to respond to today’s complex threats

Incident Management Program

AT&T Incident Management Program service provides expert resources to assess and improve all stages of your incident management lifecycle helping to prevent or minimize operational losses due to undesired security events.



Contact us for pricing

Contact us

Incident Response and Forensics

AT&T has experts who can support or supplement your team when suspected unauthorized activities are detected with a full incident management program that includes: detection, triage, response, and containment and prevention planning.



Contact us for pricing

Contact us

Features and Highlights

Incident Response services that fit your business

Features Details
Incident Management program assessment  Our cyberdefense team will review relevant documentation using custom developed frameworks to perform gap analysis and propose remediation recommendations. 
Incident Management strategy and roadmap development  From the results of the gap assessment, we will develop a desirable future state for your incident management program with a roadmap that details relevant technology, process, and resources. 
Incident Response plan and playbook development  AT&T can develop a custom incident response plan for your organization based on the threat, regulatory, organizational, and cultural and technology realities. 
Incident Response and Forensics operations assessment  Upon an illegal activity identified within your systems, we provide a critical review of your current internal processes and procedures for handling incidents.  
Forensics and electronic discovery  This discovery offers a full spectrum of information system-focused investigative capabilities delivered by professionals experienced in commercial litigation matters and criminal investigative proceedings. 
Incidence Response retainer service  Our incidence response retainer allows you to establish the terms and conditions for providing services in the event of a security incident so you can have a trusted advisor on standby.  

Resources

Explore more about AT&T Incident Response Programs

Solution Brief

Learn about our broad range of Incident Management services to help prevent operational losses (PDF).

 
 

FAQ

What is Security Event Management?

AT&T Cybersecurity consulting provides Security Event Management—part of our Secure Infrastructure services—to help you identify and manage security incidents and events on your network.

Today’s enterprise networks feature multiple combinations of network devices, operating systems, databases, and appliances that require monitoring and managing. Our secure infrastructure services help consolidate and streamline the volume of data that your network devices generate so that you can efficiently identify and respond to security threats.

The key activities of the service include:

  • Log consolidation, alerting, and reporting
  • Intrusion detection and prevention
  • Network Access Connection (NAC) placement and tuning

These activities help to allow your organization to keep track of alerts to possible threats to your network.

What is Incident Response and Forensics?

The purpose of Incident Response and Forensics is to investigate security incidents.

AT&T Cybersecurity Consulting can provide pre-breach services including an incident response retainer. Alternatively, we can also provide post-breach services such as digital forensics.

In either case, during our investigation, we may work with various parts of your organization (including legal, IT, information security, compliance, business units, and risk managers) and offer insight into all affected parts of your business. In addition, we critically review your internal processes for handling events, incidents, and evidence. We present the results of our review in a gap analysis format that refers to industry best practices.

To address the security challenges and risks you may face either before or after an incident, we provide:

  • Incident response retainer services
  • Data breach simulations
  • Incident response and forensics program development
  • Forensics and electronic discovery
  • Breach investigation
  • PCI Qualified Incident Response Assessors (QIRA)

Incident response and forensics is designed to respond to incidents in a manner that helps to contains the damage and mitigate your future risk.

What is the definition of an event?

An event is a single piece of information describing one occurrence on the network among millions of others. One or more events may constitute an alert if certain conditions are met based on defined escalation and correlation rules. Events are derived from device logs.

What is the definition of an alert?

An alert is a notification that an event or series of events of interest has taken place. Alerts are presented and can be managed via the threat manager portal.

What is the definition of security incident?

Security incidents are defined as any adverse events that threaten the security of information resources. Security incidents can include, but are not limited to:

  • Unauthorized access
  • Denial of service
  • Malicious code and virus
  • Probes and scans
  • Device log feeds latency and/or failure

What is the incident severity level and declaration methodology adopted?

To clearly communicate an incident’s severity level and the impact to the customer’s environment, it is necessary for the threat manager Incident Response Process (IRP) to follow a standard clarification methodology. Threat Manager has adopted the US-CERT Incident Reporting Guidelines and assigned a “Severity” value to each of the categories.

What is the Incident Response Processes?

The IRP provides well defined processes that are repeatable and simple to follow by all participants. It describes the tools used for tracking and reporting security incidents and defines responsibilities for different phases of the plan.

What is the customer notification process?

The threat manager portal will follow the notification and escalation procedures as configured by the customer. The primary method of incident tracking is through the case in the threat manager portal. This includes documentation of verbal conversations. The customer can log on to the business direct portal and access the threat management system at any time to review the latest updates on active cases.

Request info

To get sales help from an AT&T Cybersecurity specialist, please complete this form.