The Praetorian Approach

Incident response is a distinctly unsatisfying activity for most organizations. Adversaries, usually foreign, are rarely prosecuted or deterred. Ad hoc remediation is trial and error, devolving into a game of attacker whack-a-mole that drags on for months. Mid six figure response bills are common. Praetorian offers a pragmatic, goal based approach to incident response. Our goal is to identify the extent of the breach, clean up it as quickly as possible, and prevent re-entry by the attacker.

While prevention efforts should not be ignored, a true measure of an organization's resilience is found in its ability to quickly detect security intrusions, thoroughly uncover the extent and impact of those intrusions, and recover.

Security Gap

Incident Response (IR) teams detect, investigate and, when necessary, perform remediation.

Our investigative teams are led by security engineers who perform several activities to determine the scope and type of your suspected incident. Technical investigative steps may include:

  Remote Network Monitoring

Praetorian will ship you a network monitoring device which is remotely administer to capture and analyze network traffic. The device is configured based on your incident type to optimize results. Praetorian security engineers conduct daily data analysis to identify suspicious activity and determine Indicators of Compromises (IOCs), such as command and control (C2) channels used by attackers to access compromised systems.

  Server/Host Data Analysis

Following initial network monitoring Praetorian engineers will gather data from key systems that appear to be affected. Live data is collected to retrieve and analyze relevant memory and filesystem attributes, logs, and artifacts. When necessary, forensic duplication can be conducted to retrieve and preserve a complete computer image. Log data is collected and analyzed from relevant network devices such as IDS, IPS, log servers, or similar.

  Malware Analysis

Praetorian engineers will investigate discovered malware to determine impact, functionality, attribution, and/or specific Indicators of Compromise (IOCs). Our process includes both static and dynamic analysis. Static analysis will identify file type, strings, debugger unpacking, and checksum comparisons. Dynamic analysis is performed in a sandboxed testing environment to monitor process, memory, and filesystem activity.

  Remediation Planning & Assistance

Using the results of investigative phases, Praetorian engineers will design a coordinated remediation plan specific to your incident. Configuration recommendations and assistance are provided for host and network based security countermeasures. Assistance coordinating the remediation event ensures actions are taken to simultaneously remove the attacker and prevent re-entry, while accounting for IT dependencies and operations.

Ready to get started?

Contact us at 1 (800) 675-5152 to get started with your Incident Response needs, or request a callback by submitting the form below.