Incident Response Protocol

If you are victimized by a cyber attack, how you respond is critical. Enlisting the help of Nerds on Site is your best first step.

We begin by determining the extent of the damage. Then we help you determine which authorities need to be alerted and help you work with them in whatever capacity necessary. Most importantly, we minimize and mitigate the damage of a cyber attack with our methodical 3 Phase Incident Response Protocol designed to get your business back online quickly while avoiding putting you systems back at risk.

Phase One: Isolate

Isolation is achieved by first disconnecting devices from all networks. Disconnecting all site-to-site VPNs removes the ability for one device to communicate with other devices at other sites, seriously mitigating the ability of the attack to spread. Immediately disconnecting from the Internet prevents command-and-control (C2) communications from doing further damage.

Phase Two: Remediate

Once everything has been properly isolated, we then remediate the threat. Remediation involves scanning, cleaning and threat analysis, identifying what the threat was that has been removed. What makes our remediation process unique and more effective than others is the special capabilities provided exclusively by adam:ONE software. During the remediation process adam:ONE puts all of an organization’s devices in a secure holding tank and inserts a lifeline that allows limited internet access so they can still reach out and get Windows updates and necessary patches, rather than putting them in complete quarantine with no access at all.

During the remediation process you systems go “radio silent” meaning any connection between your systems and the attackers— including command and control servers the cyber criminals need to infiltrate your systems— is cut off. This denies the bad guys the ability to continue their attack or launch a new one, adam:ONE also ensures bulletproof egress control. Besides cutting the connection to outside servers, this ensures that, if the attackers have penetrated you systems, they are trapped there and will be unable to leave with you data or cause any other harm . All of this helps get your critical systems back online as quickly as possible with the least amount of damage inflicted.

Phase Three: Fortify + Maintain

This is when we get you up and running again. But there is no use getting you systems back online if the same threat of attack remains. With adam:ONE’s unique and cutting-edge capabilities, we reconfigure your networks starting form a ZeroTrust standpoint, utilizing Adaptive Whitelisting technologies powered by Artificial Intelligence. Here’s where we change the game in terms of cybersecurity: instead of starting by giving access to anyone not on a blacklist, we start by giving no-one access to our systems. With a clean – and secure – slate, we begin adding devices, sites and networks only once they have been verified as trusted an safe. We continue to work with you in a maintenance capacity to help add to and update the whitelist as the need arises.

To see our 3 Phase Incident Response Protocol in action, check out this case study.

Stopping cyber attacks before they start is the best way to ensure the security of your systems and networks. And Nerds On Site can help you do that. But if you do fall victim to a cyber attack, the Nerds On Site 3 Phase Incident Response Protocol is the best way to get your critical systems back online quickly, with the least amount of damage, and in a way that effectively protects you from future attack.